From 9fa5ab951cb3595051075ff2d45ad042be4be22e Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Fri, 20 Dec 2024 18:12:25 +0000 Subject: [PATCH] mime_types: Move INLINE_MIME_TYPES to prevent future import loops. --- zerver/actions/realm_emoji.py | 2 +- zerver/data_import/import_util.py | 3 +-- zerver/lib/mime_types.py | 23 +++++++++++++++++++++++ zerver/lib/thumbnail.py | 1 + zerver/lib/upload/__init__.py | 4 ++-- zerver/lib/upload/base.py | 22 ---------------------- zerver/lib/upload/s3.py | 3 ++- zerver/views/tusd.py | 3 +-- zerver/views/upload.py | 3 +-- 9 files changed, 32 insertions(+), 32 deletions(-) diff --git a/zerver/actions/realm_emoji.py b/zerver/actions/realm_emoji.py index f165d37383..33f7aa0876 100644 --- a/zerver/actions/realm_emoji.py +++ b/zerver/actions/realm_emoji.py @@ -8,9 +8,9 @@ from django.utils.translation import gettext as _ from zerver.lib.emoji import get_emoji_file_name from zerver.lib.exceptions import JsonableError +from zerver.lib.mime_types import INLINE_MIME_TYPES from zerver.lib.thumbnail import THUMBNAIL_ACCEPT_IMAGE_TYPES, BadImageError from zerver.lib.upload import upload_emoji_image -from zerver.lib.upload.base import INLINE_MIME_TYPES from zerver.models import Realm, RealmAuditLog, RealmEmoji, UserProfile from zerver.models.realm_audit_logs import AuditLogEventType from zerver.models.realm_emoji import EmojiInfo, get_all_custom_emoji_for_realm diff --git a/zerver/data_import/import_util.py b/zerver/data_import/import_util.py index 62c3061d26..3a37fce01e 100644 --- a/zerver/data_import/import_util.py +++ b/zerver/data_import/import_util.py @@ -18,11 +18,10 @@ from django.utils.timezone import now as timezone_now from zerver.data_import.sequencer import NEXT_ID from zerver.lib.avatar_hash import user_avatar_base_path_from_ids from zerver.lib.message import normalize_body_for_import -from zerver.lib.mime_types import guess_extension +from zerver.lib.mime_types import INLINE_MIME_TYPES, guess_extension from zerver.lib.partial import partial from zerver.lib.stream_color import STREAM_ASSIGNMENT_COLORS as STREAM_COLORS from zerver.lib.thumbnail import THUMBNAIL_ACCEPT_IMAGE_TYPES, BadImageError -from zerver.lib.upload.base import INLINE_MIME_TYPES from zerver.models import ( Attachment, DirectMessageGroup, diff --git a/zerver/lib/mime_types.py b/zerver/lib/mime_types.py index 65d5e4f35a..f835d2ed42 100644 --- a/zerver/lib/mime_types.py +++ b/zerver/lib/mime_types.py @@ -20,3 +20,26 @@ if sys.version_info < (3, 11): # nocoverage for mime_type, extension in EXTRA_MIME_TYPES: add_type(mime_type, extension) + + +INLINE_MIME_TYPES = [ + "application/pdf", + "audio/aac", + "audio/flac", + "audio/mp4", + "audio/mpeg", + "audio/wav", + "audio/webm", + "image/apng", + "image/avif", + "image/gif", + "image/jpeg", + "image/png", + "image/webp", + "text/plain", + "video/mp4", + "video/webm", + # To avoid cross-site scripting attacks, DO NOT add types such + # as application/xhtml+xml, application/x-shockwave-flash, + # image/svg+xml, text/html, or text/xml. +] diff --git a/zerver/lib/thumbnail.py b/zerver/lib/thumbnail.py index d681124597..cfc6fb5295 100644 --- a/zerver/lib/thumbnail.py +++ b/zerver/lib/thumbnail.py @@ -13,6 +13,7 @@ from django.utils.translation import gettext as _ from typing_extensions import override from zerver.lib.exceptions import ErrorCode, JsonableError +from zerver.lib.mime_types import INLINE_MIME_TYPES from zerver.lib.queue import queue_event_on_commit from zerver.models import ImageAttachment diff --git a/zerver/lib/upload/__init__.py b/zerver/lib/upload/__init__.py index 84a61897a9..0108a29265 100644 --- a/zerver/lib/upload/__init__.py +++ b/zerver/lib/upload/__init__.py @@ -16,7 +16,7 @@ from django.utils.translation import gettext as _ from zerver.lib.avatar_hash import user_avatar_base_path_from_ids, user_avatar_path from zerver.lib.exceptions import ErrorCode, JsonableError -from zerver.lib.mime_types import guess_type +from zerver.lib.mime_types import INLINE_MIME_TYPES, guess_type from zerver.lib.outgoing_http import OutgoingSession from zerver.lib.thumbnail import ( MAX_EMOJI_GIF_FILE_SIZE_BYTES, @@ -27,7 +27,7 @@ from zerver.lib.thumbnail import ( resize_avatar, resize_emoji, ) -from zerver.lib.upload.base import INLINE_MIME_TYPES, StreamingSourceWithSize, ZulipUploadBackend +from zerver.lib.upload.base import StreamingSourceWithSize, ZulipUploadBackend from zerver.models import Attachment, Message, Realm, RealmEmoji, ScheduledMessage, UserProfile from zerver.models.users import is_cross_realm_bot_email diff --git a/zerver/lib/upload/base.py b/zerver/lib/upload/base.py index 05abde01bf..b7fcee488d 100644 --- a/zerver/lib/upload/base.py +++ b/zerver/lib/upload/base.py @@ -8,28 +8,6 @@ import pyvips from zerver.models import Realm, UserProfile -INLINE_MIME_TYPES = [ - "application/pdf", - "audio/aac", - "audio/flac", - "audio/mp4", - "audio/mpeg", - "audio/wav", - "audio/webm", - "image/apng", - "image/avif", - "image/gif", - "image/jpeg", - "image/png", - "image/webp", - "text/plain", - "video/mp4", - "video/webm", - # To avoid cross-site scripting attacks, DO NOT add types such - # as application/xhtml+xml, application/x-shockwave-flash, - # image/svg+xml, text/html, or text/xml. -] - @dataclass class StreamingSourceWithSize: diff --git a/zerver/lib/upload/s3.py b/zerver/lib/upload/s3.py index 6248cbe841..e97f515132 100644 --- a/zerver/lib/upload/s3.py +++ b/zerver/lib/upload/s3.py @@ -14,9 +14,10 @@ from django.conf import settings from django.utils.http import content_disposition_header from typing_extensions import override +from zerver.lib.mime_types import INLINE_MIME_TYPES from zerver.lib.partial import partial from zerver.lib.thumbnail import resize_logo, resize_realm_icon -from zerver.lib.upload.base import INLINE_MIME_TYPES, StreamingSourceWithSize, ZulipUploadBackend +from zerver.lib.upload.base import StreamingSourceWithSize, ZulipUploadBackend from zerver.models import Realm, RealmEmoji, UserProfile if TYPE_CHECKING: diff --git a/zerver/views/tusd.py b/zerver/views/tusd.py index bdba92f1ca..a77488ea7f 100644 --- a/zerver/views/tusd.py +++ b/zerver/views/tusd.py @@ -14,7 +14,7 @@ from pydantic.alias_generators import to_pascal from confirmation.models import Confirmation, ConfirmationKeyError, get_object_from_key from zerver.decorator import get_basic_credentials, validate_api_key from zerver.lib.exceptions import AccessDeniedError, JsonableError -from zerver.lib.mime_types import guess_type +from zerver.lib.mime_types import INLINE_MIME_TYPES, guess_type from zerver.lib.rate_limiter import is_local_addr from zerver.lib.typed_endpoint import JsonBodyPayload, typed_endpoint from zerver.lib.upload import ( @@ -26,7 +26,6 @@ from zerver.lib.upload import ( sanitize_name, upload_backend, ) -from zerver.lib.upload.base import INLINE_MIME_TYPES from zerver.models import PreregistrationRealm, Realm, UserProfile diff --git a/zerver/views/upload.py b/zerver/views/upload.py index 196e586f02..ea4088e49b 100644 --- a/zerver/views/upload.py +++ b/zerver/views/upload.py @@ -28,7 +28,7 @@ from zerver.context_processors import get_valid_realm_from_request from zerver.decorator import zulip_redirect_to_login from zerver.lib.attachments import validate_attachment_request from zerver.lib.exceptions import JsonableError -from zerver.lib.mime_types import guess_type +from zerver.lib.mime_types import INLINE_MIME_TYPES, guess_type from zerver.lib.response import json_success from zerver.lib.storage import static_path from zerver.lib.thumbnail import ( @@ -42,7 +42,6 @@ from zerver.lib.upload import ( get_public_upload_root_url, upload_message_attachment_from_request, ) -from zerver.lib.upload.base import INLINE_MIME_TYPES from zerver.lib.upload.local import assert_is_local_storage_path from zerver.lib.upload.s3 import get_signed_upload_url from zerver.models import Attachment, ImageAttachment, Realm, UserProfile