diff options
| author | Claire <claire.github-309c@sitedethib.com> | 2021-09-29 23:52:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-29 23:52:36 +0200 |
| commit | fc3ae1343df5adb83a3733958a4436981feb380f (patch) | |
| tree | f320fbf9dbe402b668d12815a6e20070813c6b30 /app/models/concerns | |
| parent | 0e4a4db141550843c4996880c7f6c00e54808d78 (diff) | |
Switch from unmaintained paperclip to kt-paperclip (#16724)
* Switch from unmaintained paperclip to kt-paperclip * Drop some compatibility monkey-patches not required by kt-paperclip * Drop media spoof check monkey-patching It's broken with kt-paperclip and hopefully it won't be needed anymore * Fix regression introduced by paperclip 6.1.0 * Do not rely on pathname to call FastImage * Add test for ogg vorbis file with cover art * Add audio/vorbis to the accepted content-types This seems erroneous as this would be the content-type for a vorbis stream without an ogg container, but that's what the `marcel` gem outputs, so… * Restore missing for_as_default method * Refactor Attachmentable concern and delay Paperclip's content-type spoof check Check for content-type spoofing *after* setting the extension ourselves, this fixes a regression with kt-paperclip's validations being more strict than paperclip 6.0.0 and rejecting some Pleroma uploads because of unknown extensions. * Please CodeClimate * Add audio/vorbis to the unreliable set It doesn't correspond to a file format and thus has no extension associated.
Diffstat (limited to 'app/models/concerns')
| -rw-r--r-- | app/models/concerns/attachmentable.rb | 61 |
1 files changed, 27 insertions, 34 deletions
diff --git a/app/models/concerns/attachmentable.rb b/app/models/concerns/attachmentable.rb index c5febb828..01fae4236 100644 --- a/app/models/concerns/attachmentable.rb +++ b/app/models/concerns/attachmentable.rb @@ -15,50 +15,47 @@ module Attachmentable # those files, it is necessary to use the output of the # `file` utility instead INCORRECT_CONTENT_TYPES = %w( + audio/vorbis video/ogg video/webm ).freeze included do - before_post_process :obfuscate_file_name - before_post_process :set_file_extensions - before_post_process :check_image_dimensions - before_post_process :set_file_content_type + def self.has_attached_file(name, options = {}) # rubocop:disable Naming/PredicateName + options = { validate_media_type: false }.merge(options) + super(name, options) + send(:"before_#{name}_post_process") do + attachment = send(name) + check_image_dimension(attachment) + set_file_content_type(attachment) + obfuscate_file_name(attachment) + set_file_extension(attachment) + Paperclip::Validators::MediaTypeSpoofDetectionValidator.new(attributes: [name]).validate(self) + end + end end private - def set_file_content_type - self.class.attachment_definitions.each_key do |attachment_name| - attachment = send(attachment_name) - - next if attachment.blank? || attachment.queued_for_write[:original].blank? || !INCORRECT_CONTENT_TYPES.include?(attachment.instance_read(:content_type)) + def set_file_content_type(attachment) # rubocop:disable Naming/AccessorMethodName + return if attachment.blank? || attachment.queued_for_write[:original].blank? || !INCORRECT_CONTENT_TYPES.include?(attachment.instance_read(:content_type)) - attachment.instance_write :content_type, calculated_content_type(attachment) - end + attachment.instance_write :content_type, calculated_content_type(attachment) end - def set_file_extensions - self.class.attachment_definitions.each_key do |attachment_name| - attachment = send(attachment_name) + def set_file_extension(attachment) # rubocop:disable Naming/AccessorMethodName + return if attachment.blank? - next if attachment.blank? - - attachment.instance_write :file_name, [Paperclip::Interpolations.basename(attachment, :original), appropriate_extension(attachment)].delete_if(&:blank?).join('.') - end + attachment.instance_write :file_name, [Paperclip::Interpolations.basename(attachment, :original), appropriate_extension(attachment)].delete_if(&:blank?).join('.') end - def check_image_dimensions - self.class.attachment_definitions.each_key do |attachment_name| - attachment = send(attachment_name) + def check_image_dimension(attachment) + return if attachment.blank? || !/image.*/.match?(attachment.content_type) || attachment.queued_for_write[:original].blank? - next if attachment.blank? || !/image.*/.match?(attachment.content_type) || attachment.queued_for_write[:original].blank? + width, height = FastImage.size(attachment.queued_for_write[:original].path) + matrix_limit = attachment.content_type == 'image/gif' ? GIF_MATRIX_LIMIT : MAX_MATRIX_LIMIT - width, height = FastImage.size(attachment.queued_for_write[:original].path) - matrix_limit = attachment.content_type == 'image/gif' ? GIF_MATRIX_LIMIT : MAX_MATRIX_LIMIT - - raise Mastodon::DimensionsValidationError, "#{width}x#{height} images are not supported" if width.present? && height.present? && (width * height > matrix_limit) - end + raise Mastodon::DimensionsValidationError, "#{width}x#{height} images are not supported" if width.present? && height.present? && (width * height > matrix_limit) end def appropriate_extension(attachment) @@ -79,13 +76,9 @@ module Attachmentable '' end - def obfuscate_file_name - self.class.attachment_definitions.each_key do |attachment_name| - attachment = send(attachment_name) + def obfuscate_file_name(attachment) + return if attachment.blank? || attachment.queued_for_write[:original].blank? || attachment.options[:preserve_files] - next if attachment.blank? || attachment.queued_for_write[:original].blank? || attachment.options[:preserve_files] - - attachment.instance_write :file_name, SecureRandom.hex(8) + File.extname(attachment.instance_read(:file_name)) - end + attachment.instance_write :file_name, SecureRandom.hex(8) + File.extname(attachment.instance_read(:file_name)) end end |