eightball/PluralKit
1
0
Fork 0
mirror of https://github.com/PluralKit/PluralKit.git synced 2026-02-17 03:00:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: include query params when validating discord media URLs

Browse source
This commit is contained in:
Jake Fulmine 2024-02-07 16:30:55 +01:00
parent 823db4cd24
commit a6a7961358
No known key found for this signature in database
GPG key ID: 177E8DB7BF4C60B2
7 changed files with 25 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

10
PluralKit.Bot/CommandSystem/Context/ContextAvatarExt.cs
View file

@ -33,11 +33,14 @@ public static class ContextAvatarExt
// If we have an attachment, use that
if (ctx.Message.Attachments.FirstOrDefault() is { } attachment)
{
// XXX: strip query params from attachment URLs because of new Discord CDN shenanigans
// XXX: discord attachment URLs are unable to be validated without their query params
// keep both the URL with query (for validation) and the clean URL (for storage) around
var uriBuilder = new UriBuilder(attachment.ProxyUrl);
uriBuilder.Query = "";
return new ParsedImage { Url = uriBuilder.Uri.AbsoluteUri, Source = AvatarSource.Attachment };
ParsedImage img = new ParsedImage { Url = uriBuilder.Uri.AbsoluteUri, Source = AvatarSource.Attachment };
uriBuilder.Query = "";
img.CleanUrl = uriBuilder.Uri.AbsoluteUri;
return img;
}
// We should only get here if there are no arguments (which would get parsed as URL + throw if error)
@ -49,6 +52,7 @@ public static class ContextAvatarExt
public struct ParsedImage
{
public string Url;
public string CleanUrl;
public AvatarSource Source;
public User? SourceUser;
}

4
PluralKit.Bot/Commands/Groups.cs
View file

@ -263,7 +263,7 @@ public class Groups
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url);
await ctx.Repository.UpdateGroup(target.Id, new GroupPatch { Icon = img.Url });
await ctx.Repository.UpdateGroup(target.Id, new GroupPatch { Icon = img.CleanUrl });
var msg = img.Source switch
{
@ -328,7 +328,7 @@ public class Groups
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url, true);
await ctx.Repository.UpdateGroup(target.Id, new GroupPatch { BannerImage = img.Url });
await ctx.Repository.UpdateGroup(target.Id, new GroupPatch { BannerImage = img.CleanUrl });
var msg = img.Source switch
{

14
PluralKit.Bot/Commands/Member.cs
View file

@ -70,14 +70,18 @@ public class Member
if (avatarArg != null)
try
{
// XXX: strip query params from attachment URLs because of new Discord CDN shenanigans
var uriBuilder = new UriBuilder(avatarArg.Url);
// XXX: discord attachment URLs are unable to be validated without their query params
// keep both the URL with query (for validation) and the clean URL (for storage) around
var uriBuilder = new UriBuilder(avatarArg.ProxyUrl);
ParsedImage img = new ParsedImage { Url = uriBuilder.Uri.AbsoluteUri, Source = AvatarSource.Attachment };
uriBuilder.Query = "";
img.CleanUrl = uriBuilder.Uri.AbsoluteUri;
await AvatarUtils.VerifyAvatarOrThrow(_client, uriBuilder.Uri.AbsoluteUri);
await ctx.Repository.UpdateMember(member.Id, new MemberPatch { AvatarUrl = uriBuilder.Uri.AbsoluteUri }, conn);
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url);
await ctx.Repository.UpdateMember(member.Id, new MemberPatch { AvatarUrl = img.CleanUrl }, conn);
dispatchData.Add("avatar_url", avatarArg.Url);
dispatchData.Add("avatar_url", img.CleanUrl);
}
catch (Exception e)
{

3
PluralKit.Bot/Commands/MemberAvatar.cs
View file

@ -3,6 +3,7 @@ using Myriad.Builders;
using Myriad.Types;
using PluralKit.Core;
using Serilog;
namespace PluralKit.Bot;
@ -139,7 +140,7 @@ public class MemberAvatar
ctx.CheckSystem().CheckOwnMember(target);
await AvatarUtils.VerifyAvatarOrThrow(_client, avatarArg.Value.Url);
await UpdateAvatar(location, ctx, target, avatarArg.Value.Url);
await UpdateAvatar(location, ctx, target, avatarArg.Value.CleanUrl);
await PrintResponse(location, ctx, target, avatarArg.Value, guildData);
}

2
PluralKit.Bot/Commands/MemberEdit.cs
View file

@ -182,7 +182,7 @@ public class MemberEdit
{
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url, true);
await ctx.Repository.UpdateMember(target.Id, new MemberPatch { BannerImage = img.Url });
await ctx.Repository.UpdateMember(target.Id, new MemberPatch { BannerImage = img.CleanUrl });
var msg = img.Source switch
{

6
PluralKit.Bot/Commands/SystemEdit.cs
View file

@ -475,7 +475,7 @@ public class SystemEdit
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url);
await ctx.Repository.UpdateSystem(target.Id, new SystemPatch { AvatarUrl = img.Url });
await ctx.Repository.UpdateSystem(target.Id, new SystemPatch { AvatarUrl = img.CleanUrl });
var msg = img.Source switch
{
@ -543,7 +543,7 @@ public class SystemEdit
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url);
await ctx.Repository.UpdateSystemGuild(target.Id, ctx.Guild.Id, new SystemGuildPatch { AvatarUrl = img.Url });
await ctx.Repository.UpdateSystemGuild(target.Id, ctx.Guild.Id, new SystemGuildPatch { AvatarUrl = img.CleanUrl });
var msg = img.Source switch
{
@ -640,7 +640,7 @@ public class SystemEdit
{
await AvatarUtils.VerifyAvatarOrThrow(_client, img.Url, true);
await ctx.Repository.UpdateSystem(target.Id, new SystemPatch { BannerImage = img.Url });
await ctx.Repository.UpdateSystem(target.Id, new SystemPatch { BannerImage = img.CleanUrl });
var msg = img.Source switch
{

2
PluralKit.Bot/Utils/AvatarUtils.cs
View file

@ -66,7 +66,7 @@ public static class AvatarUtils
new(@"^https?://(?:cdn\.discordapp\.com|media\.discordapp\.net)/attachments/(\d{17,19})/(\d{17,19})/([^/\\&\?]+)\.(png|jpg|jpeg|webp)(\?.*)?$");
private static readonly string DiscordMediaUrlReplacement =
"https://media.discordapp.net/attachments/$1/$2/$3.$4?width=256&height=256";
"https://media.discordapp.net/attachments/$1/$2/$3.$4$5width=256&height=256";
public static string? TryRewriteCdnUrl(string? url) =>
url == null ? null : DiscordCdnUrl.Replace(url, DiscordMediaUrlReplacement);