Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: restrict thumbnail generation to images in the attachment library #7079

Merged
merged 1 commit into from
Nov 26, 2024
Merged

fix: restrict thumbnail generation to images in the attachment library #7079

merged 1 commit into from
Nov 26, 2024

Conversation

guqing
Copy link
Member

@guqing guqing commented Nov 25, 2024
edited
Loading

What type of PR is this?

/kind improvement
/area core
/milestone 2.20.x

What this PR does / why we need it:

限制缩略图生成仅针对附件库中的图片,防止任意 URI 的生成行为带来的潜在攻击风险

先 merge #7077 后才能合并此 PR

Does this PR introduce a user-facing change?

限制缩略图生成仅针对附件库中的图片,防止任意 URI 的生成行为带来的潜在攻击风险

@f2c-ci-robot f2c-ci-robot bot added kind/improvement Categorizes issue or PR as related to a improvement. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Nov 25, 2024
@f2c-ci-robot f2c-ci-robot bot added this to the 2.20.x milestone Nov 25, 2024
@f2c-ci-robot f2c-ci-robot bot added the area/core Issues or PRs related to the Halo Core label Nov 25, 2024
@f2c-ci-robot f2c-ci-robot bot requested review from ruibaby and wan92hen November 25, 2024 09:26
@guqing guqing force-pushed the refactor/thumbnail-by-uri branch from 4d4ca57 to bfd2294 Compare November 25, 2024 09:42
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 25, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov Codecov
Copy link

codecov bot commented Nov 25, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 33.33333% with 4 lines in your changes missing coverage. Please review.

Project coverage is 57.25%. Comparing base (eff73dc) to head (bfd2294).
Report is 65 commits behind head on main.

Files with missing lines Patch % Lines
...app/core/attachment/impl/ThumbnailServiceImpl.java 0.00% 3 Missing ⚠️
.../halo/app/content/HtmlThumbnailSrcsetInjector.java 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #7079      +/-   ##
============================================
+ Coverage     56.99%   57.25%   +0.25%     
- Complexity     3999     4010      +11     
============================================
  Files           714      712       -2     
  Lines         24110    24157      +47     
  Branches       1585     1592       +7     
============================================
+ Hits          13742    13830      +88     
+ Misses         9756     9713      -43     
- Partials        612      614       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

JohnNiang
JohnNiang approved these changes Nov 26, 2024
View reviewed changes
Copy link
Member

@JohnNiang JohnNiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@f2c-ci-robot f2c-ci-robot bot added the lgtm Indicates that a PR is ready to be merged. label Nov 26, 2024
@f2c-ci-robot f2c-ci-robot
Copy link

f2c-ci-robot bot commented Nov 26, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JohnNiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@f2c-ci-robot f2c-ci-robot bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 26, 2024
@f2c-ci-robot f2c-ci-robot bot merged commit 5cefefe into halo-dev:main Nov 26, 2024
8 checks passed
@guqing guqing deleted the refactor/thumbnail-by-uri branch November 26, 2024 03:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JohnNiang JohnNiang JohnNiang approved these changes

@ruibaby ruibaby Awaiting requested review from ruibaby

@wan92hen wan92hen Awaiting requested review from wan92hen

Assignees

@JohnNiang JohnNiang

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/core Issues or PRs related to the Halo Core kind/improvement Categorizes issue or PR as related to a improvement. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
2.20.x
Development

Successfully merging this pull request may close these issues.
2 participants
@guqing @JohnNiang