active_storage_validations 1.3.3 → 1.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of active_storage_validations might be problematic. Click here for more details.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0539919d5597eda332d4c989c432986009f1944e0ab62251882cc250fa6f021a'
|
|
4
|
+
data.tar.gz: 8d7566007ede3adf24a60297c20d7a39b28e211bc00f5158148f3c2cdf0a82e5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 364050c102e1fa3feac404972479edf30eb25d7df969e7593afae838ffe556bb0cb69693c94ad8ced10b056b0d8b5c232800bc3885bdc37984c9cf51a836bff1
|
|
7
|
+
data.tar.gz: 7350e9ffb7d0c93bc233561ab3457aec477f988c447708498d791f559440a08207cfddf245b2b835716f978d2d8171f4c71252697183df5284ee8f33ce136540
|
|
@@ -56,23 +56,32 @@ module ActiveStorageValidations
|
|
|
56
56
|
@attachable_filename = attachable_filename(attachable).to_s
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
+
# Check if the provided content_type is authorized and not spoofed against
|
|
60
|
+
# the file io.
|
|
59
61
|
def is_valid?(record, attribute, attachable)
|
|
60
|
-
|
|
61
|
-
authorized_content_type?(record, attribute, attachable) &&
|
|
62
|
+
authorized_content_type?(record, attribute, attachable) &&
|
|
62
63
|
not_spoofing_content_type?(record, attribute, attachable)
|
|
63
64
|
end
|
|
64
65
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
66
|
+
# Dead code that we keep here for some time, maybe we will find a solution
|
|
67
|
+
# to this check later? (November 2024)
|
|
68
|
+
#
|
|
69
|
+
# We do not perform any validations against the extension because it is an
|
|
70
|
+
# unreliable source of truth. For example, a `.csv` file could have its
|
|
71
|
+
# `text/csv` content_type changed to `application/vnd.ms-excel` because
|
|
72
|
+
# it had been opened by Excel at some point, making the file extension vs
|
|
73
|
+
# file content_type check invalid.
|
|
74
|
+
# def extension_matches_content_type?(record, attribute, attachable)
|
|
75
|
+
# return true if !@attachable_filename || !@attachable_content_type
|
|
76
|
+
|
|
77
|
+
# extension = @attachable_filename.split('.').last
|
|
78
|
+
# possible_extensions = Marcel::TYPE_EXTS[@attachable_content_type]
|
|
79
|
+
# return true if possible_extensions && extension.downcase.in?(possible_extensions)
|
|
80
|
+
|
|
81
|
+
# errors_options = initialize_and_populate_error_options(options, attachable)
|
|
82
|
+
# add_error(record, attribute, ERROR_TYPES.first, **errors_options)
|
|
83
|
+
# false
|
|
84
|
+
# end
|
|
76
85
|
|
|
77
86
|
def authorized_content_type?(record, attribute, attachable)
|
|
78
87
|
attachable_content_type_is_authorized = @authorized_content_types.any? do |authorized_content_type|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: active_storage_validations
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Igor Kasyanchuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-11-
|
|
11
|
+
date: 2024-11-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activejob
|