From 7c6f3ca8b4b9b69f77d9479bec8cd075298fcb48 Mon Sep 17 00:00:00 2001
From: f <f@sutty.nl>
Date: Thu, 20 Apr 2023 18:30:10 -0300
Subject: [PATCH] fix: solo validar el host de archivo subido si estamos
 validando hosts #13181

---
 app/models/metadata_content.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/models/metadata_content.rb b/app/models/metadata_content.rb
index 761518e8..30b0bb82 100644
--- a/app/models/metadata_content.rb
+++ b/app/models/metadata_content.rb
@@ -56,8 +56,13 @@ class MetadataContent < MetadataTemplate
 
         uri = URI element['src']
 
-        # No permitimos recursos externos
-        raise URI::Error unless Rails.application.config.hosts.include?(uri.hostname)
+        # No permitimos recursos externos, solo si sabemos cuales son
+        # los recursos locales
+        if Rails.application.config.hosts.present?
+          unless Rails.application.config.hosts.include?(uri.hostname)
+            raise URI::Error
+          end
+        end
 
         element['src'] = convert_src_to_internal_path uri