Improve performance by fetching 'fqdn' Setting in HTML sanitization only once instead for each link found (issue #2374).

This commit is contained in:
Thorsten Eckel 2018-11-26 15:57:40 +01:00
parent 4e024291a4
commit af1781ff2a

View file

@ -10,6 +10,7 @@ satinize html string based on whiltelist
=end =end
def self.strict(string, external = false) def self.strict(string, external = false)
@fqdn = Setting.get('fqdn')
# config # config
tags_remove_content = Rails.configuration.html_sanitizer_tags_remove_content tags_remove_content = Rails.configuration.html_sanitizer_tags_remove_content
@ -396,9 +397,10 @@ cleanup html string:
end end
def self.sanitize_attachment_disposition(url) def self.sanitize_attachment_disposition(url)
@fqdn ||= Setting.get('fqdn')
uri = URI(url) uri = URI(url)
if uri.host == Setting.get('fqdn') && uri.query.present? if uri.host == @fqdn && uri.query.present?
params = CGI.parse(uri.query || '') params = CGI.parse(uri.query || '')
.tap { |p| p.merge!('disposition' => 'attachment') if p.include?('disposition') } .tap { |p| p.merge!('disposition' => 'attachment') if p.include?('disposition') }
uri.query = URI.encode_www_form(params) uri.query = URI.encode_www_form(params)
@ -432,6 +434,7 @@ reolace inline images with cid images
=end =end
def self.replace_inline_images(string, prefix = rand(999_999_999)) def self.replace_inline_images(string, prefix = rand(999_999_999))
fqdn = Setting.get('fqdn')
attachments_inline = [] attachments_inline = []
filename_counter = 0 filename_counter = 0
scrubber = Loofah::Scrubber.new do |node| scrubber = Loofah::Scrubber.new do |node|
@ -439,7 +442,7 @@ reolace inline images with cid images
if node['src'] && node['src'] =~ %r{^(data:image/(jpeg|png);base64,.+?)$}i if node['src'] && node['src'] =~ %r{^(data:image/(jpeg|png);base64,.+?)$}i
filename_counter += 1 filename_counter += 1
file_attributes = StaticAssets.data_url_attributes($1) file_attributes = StaticAssets.data_url_attributes($1)
cid = "#{prefix}.#{rand(999_999_999)}@#{Setting.get('fqdn')}" cid = "#{prefix}.#{rand(999_999_999)}@#{fqdn}"
filename = cid filename = cid
if file_attributes[:file_extention].present? if file_attributes[:file_extention].present?
filename = "image#{filename_counter}.#{file_attributes[:file_extention]}" filename = "image#{filename_counter}.#{file_attributes[:file_extention]}"