activestorage 5.2.6 → 5.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of activestorage might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/app/models/active_storage/variation.rb +60 -0
- data/lib/active_storage/engine.rb +14 -0
- data/lib/active_storage/gem_version.rb +1 -1
- data/lib/active_storage.rb +290 -0
- metadata +8 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 221e253595145d3f877c7f1c72422ab97989ba9cba8cb7a5c14f20d8589b0240
|
4
|
+
data.tar.gz: 32de8686073e333e7f0a4177acc3aba161e5bbd59d90597e42ad49ca7ec55af9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5617c40e89b030ed1e8b3a05a57ab954a572e40b27f6aade9e4046ae23f7ff298a9f40b1d1ecb31ec7e9cd3717186d6cc7e6ceb939a3967bcd3ab70533e431c9
|
7
|
+
data.tar.gz: 39a0968e43f9d8a1763c3120a83b3ae8cc82b9c2d78b1a0a5503da4818296f0cf5abad84fd57733bd1eac61f321b0a288d99c2aff058d3f37fb0cd453fc423ff
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,31 @@
|
|
1
|
+
## Rails 5.2.7 (March 10, 2022) ##
|
2
|
+
|
3
|
+
* Fix `ActiveStorage.supported_image_processing_methods` and
|
4
|
+
`ActiveStorage.unsupported_image_processing_arguments` that were not being applied.
|
5
|
+
|
6
|
+
*Rafael Mendonça França*
|
7
|
+
|
8
|
+
|
9
|
+
## Rails 5.2.6.3 (March 08, 2022) ##
|
10
|
+
|
11
|
+
* Added image transformation validation via configurable allow-list.
|
12
|
+
|
13
|
+
Variant now offers a configurable allow-list for
|
14
|
+
transformation methods in addition to a configurable deny-list for arguments.
|
15
|
+
|
16
|
+
[CVE-2022-21831]
|
17
|
+
|
18
|
+
|
19
|
+
## Rails 5.2.6.2 (February 11, 2022) ##
|
20
|
+
|
21
|
+
* No changes.
|
22
|
+
|
23
|
+
|
24
|
+
## Rails 5.2.6.1 (February 11, 2022) ##
|
25
|
+
|
26
|
+
* No changes.
|
27
|
+
|
28
|
+
|
1
29
|
## Rails 5.2.6 (May 05, 2021) ##
|
2
30
|
|
3
31
|
* No changes.
|
@@ -20,6 +20,9 @@
|
|
20
20
|
class ActiveStorage::Variation
|
21
21
|
attr_reader :transformations
|
22
22
|
|
23
|
+
class UnsupportedImageProcessingMethod < StandardError; end
|
24
|
+
class UnsupportedImageProcessingArgument < StandardError; end
|
25
|
+
|
23
26
|
class << self
|
24
27
|
# Returns a Variation instance based on the given variator. If the variator is a Variation, it is
|
25
28
|
# returned unmodified. If it is a String, it is passed to ActiveStorage::Variation.decode. Otherwise,
|
@@ -56,12 +59,15 @@ class ActiveStorage::Variation
|
|
56
59
|
def transform(image)
|
57
60
|
ActiveSupport::Notifications.instrument("transform.active_storage") do
|
58
61
|
transformations.each do |name, argument_or_subtransformations|
|
62
|
+
validate_transformation(name, argument_or_subtransformations)
|
59
63
|
image.mogrify do |command|
|
60
64
|
if name.to_s == "combine_options"
|
61
65
|
argument_or_subtransformations.each do |subtransformation_name, subtransformation_argument|
|
66
|
+
validate_transformation(subtransformation_name, subtransformation_argument)
|
62
67
|
pass_transform_argument(command, subtransformation_name, subtransformation_argument)
|
63
68
|
end
|
64
69
|
else
|
70
|
+
validate_transformation(name, argument_or_subtransformations)
|
65
71
|
pass_transform_argument(command, name, argument_or_subtransformations)
|
66
72
|
end
|
67
73
|
end
|
@@ -86,4 +92,58 @@ class ActiveStorage::Variation
|
|
86
92
|
def eligible_argument?(argument)
|
87
93
|
argument.present? && argument != true
|
88
94
|
end
|
95
|
+
|
96
|
+
def validate_transformation(name, argument)
|
97
|
+
method_name = name.to_s.gsub("-","_")
|
98
|
+
|
99
|
+
unless ActiveStorage.supported_image_processing_methods.any? { |method| method_name == method }
|
100
|
+
raise UnsupportedImageProcessingMethod, <<~ERROR.squish
|
101
|
+
One or more of the provided transformation methods is not supported.
|
102
|
+
ERROR
|
103
|
+
end
|
104
|
+
|
105
|
+
if argument.present?
|
106
|
+
if argument.is_a?(String) || argument.is_a?(Symbol)
|
107
|
+
validate_arg_string(argument)
|
108
|
+
elsif argument.is_a?(Array)
|
109
|
+
validate_arg_array(argument)
|
110
|
+
elsif argument.is_a?(Hash)
|
111
|
+
validate_arg_hash(argument)
|
112
|
+
end
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
def validate_arg_string(argument)
|
117
|
+
if ActiveStorage.unsupported_image_processing_arguments.any? { |bad_arg| argument.to_s.downcase.include?(bad_arg) }; raise UnsupportedImageProcessingArgument end
|
118
|
+
end
|
119
|
+
|
120
|
+
def validate_arg_array(argument)
|
121
|
+
argument.each do |arg|
|
122
|
+
if arg.is_a?(Integer) || arg.is_a?(Float)
|
123
|
+
next
|
124
|
+
elsif arg.is_a?(String) || arg.is_a?(Symbol)
|
125
|
+
validate_arg_string(arg)
|
126
|
+
elsif arg.is_a?(Array)
|
127
|
+
validate_arg_array(arg)
|
128
|
+
elsif arg.is_a?(Hash)
|
129
|
+
validate_arg_hash(arg)
|
130
|
+
end
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
def validate_arg_hash(argument)
|
135
|
+
argument.each do |key, value|
|
136
|
+
validate_arg_string(key)
|
137
|
+
|
138
|
+
if value.is_a?(Integer) || value.is_a?(Float)
|
139
|
+
next
|
140
|
+
elsif value.is_a?(String) || value.is_a?(Symbol)
|
141
|
+
validate_arg_string(value)
|
142
|
+
elsif value.is_a?(Array)
|
143
|
+
validate_arg_array(value)
|
144
|
+
elsif value.is_a?(Hash)
|
145
|
+
validate_arg_hash(value)
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
89
149
|
end
|
@@ -61,6 +61,20 @@ module ActiveStorage
|
|
61
61
|
ActiveStorage.analyzers = app.config.active_storage.analyzers || []
|
62
62
|
ActiveStorage.paths = app.config.active_storage.paths || {}
|
63
63
|
|
64
|
+
ActiveStorage.supported_image_processing_methods += app.config.active_storage.supported_image_processing_methods || []
|
65
|
+
ActiveStorage.unsupported_image_processing_arguments = app.config.active_storage.unsupported_image_processing_arguments || %w(
|
66
|
+
-debug
|
67
|
+
-display
|
68
|
+
-distribute-cache
|
69
|
+
-help
|
70
|
+
-path
|
71
|
+
-print
|
72
|
+
-set
|
73
|
+
-verbose
|
74
|
+
-version
|
75
|
+
-write
|
76
|
+
-write-mask
|
77
|
+
)
|
64
78
|
ActiveStorage.variable_content_types = app.config.active_storage.variable_content_types || []
|
65
79
|
ActiveStorage.content_types_to_serve_as_binary = app.config.active_storage.content_types_to_serve_as_binary || []
|
66
80
|
ActiveStorage.content_types_allowed_inline = app.config.active_storage.content_types_allowed_inline || []
|
data/lib/active_storage.rb
CHANGED
@@ -50,4 +50,294 @@ module ActiveStorage
|
|
50
50
|
mattr_accessor :content_types_to_serve_as_binary, default: []
|
51
51
|
mattr_accessor :content_types_allowed_inline, default: []
|
52
52
|
mattr_accessor :binary_content_type, default: "application/octet-stream"
|
53
|
+
mattr_accessor :supported_image_processing_methods, default: [
|
54
|
+
"adaptive_blur",
|
55
|
+
"adaptive_resize",
|
56
|
+
"adaptive_sharpen",
|
57
|
+
"adjoin",
|
58
|
+
"affine",
|
59
|
+
"alpha",
|
60
|
+
"annotate",
|
61
|
+
"antialias",
|
62
|
+
"append",
|
63
|
+
"apply",
|
64
|
+
"attenuate",
|
65
|
+
"authenticate",
|
66
|
+
"auto_gamma",
|
67
|
+
"auto_level",
|
68
|
+
"auto_orient",
|
69
|
+
"auto_threshold",
|
70
|
+
"backdrop",
|
71
|
+
"background",
|
72
|
+
"bench",
|
73
|
+
"bias",
|
74
|
+
"bilateral_blur",
|
75
|
+
"black_point_compensation",
|
76
|
+
"black_threshold",
|
77
|
+
"blend",
|
78
|
+
"blue_primary",
|
79
|
+
"blue_shift",
|
80
|
+
"blur",
|
81
|
+
"border",
|
82
|
+
"bordercolor",
|
83
|
+
"borderwidth",
|
84
|
+
"brightness_contrast",
|
85
|
+
"cache",
|
86
|
+
"canny",
|
87
|
+
"caption",
|
88
|
+
"channel",
|
89
|
+
"channel_fx",
|
90
|
+
"charcoal",
|
91
|
+
"chop",
|
92
|
+
"clahe",
|
93
|
+
"clamp",
|
94
|
+
"clip",
|
95
|
+
"clip_path",
|
96
|
+
"clone",
|
97
|
+
"clut",
|
98
|
+
"coalesce",
|
99
|
+
"colorize",
|
100
|
+
"colormap",
|
101
|
+
"color_matrix",
|
102
|
+
"colors",
|
103
|
+
"colorspace",
|
104
|
+
"colourspace",
|
105
|
+
"color_threshold",
|
106
|
+
"combine",
|
107
|
+
"combine_options",
|
108
|
+
"comment",
|
109
|
+
"compare",
|
110
|
+
"complex",
|
111
|
+
"compose",
|
112
|
+
"composite",
|
113
|
+
"compress",
|
114
|
+
"connected_components",
|
115
|
+
"contrast",
|
116
|
+
"contrast_stretch",
|
117
|
+
"convert",
|
118
|
+
"convolve",
|
119
|
+
"copy",
|
120
|
+
"crop",
|
121
|
+
"cycle",
|
122
|
+
"deconstruct",
|
123
|
+
"define",
|
124
|
+
"delay",
|
125
|
+
"delete",
|
126
|
+
"density",
|
127
|
+
"depth",
|
128
|
+
"descend",
|
129
|
+
"deskew",
|
130
|
+
"despeckle",
|
131
|
+
"direction",
|
132
|
+
"displace",
|
133
|
+
"dispose",
|
134
|
+
"dissimilarity_threshold",
|
135
|
+
"dissolve",
|
136
|
+
"distort",
|
137
|
+
"dither",
|
138
|
+
"draw",
|
139
|
+
"duplicate",
|
140
|
+
"edge",
|
141
|
+
"emboss",
|
142
|
+
"encoding",
|
143
|
+
"endian",
|
144
|
+
"enhance",
|
145
|
+
"equalize",
|
146
|
+
"evaluate",
|
147
|
+
"evaluate_sequence",
|
148
|
+
"extent",
|
149
|
+
"extract",
|
150
|
+
"family",
|
151
|
+
"features",
|
152
|
+
"fft",
|
153
|
+
"fill",
|
154
|
+
"filter",
|
155
|
+
"flatten",
|
156
|
+
"flip",
|
157
|
+
"floodfill",
|
158
|
+
"flop",
|
159
|
+
"font",
|
160
|
+
"foreground",
|
161
|
+
"format",
|
162
|
+
"frame",
|
163
|
+
"function",
|
164
|
+
"fuzz",
|
165
|
+
"fx",
|
166
|
+
"gamma",
|
167
|
+
"gaussian_blur",
|
168
|
+
"geometry",
|
169
|
+
"gravity",
|
170
|
+
"grayscale",
|
171
|
+
"green_primary",
|
172
|
+
"hald_clut",
|
173
|
+
"highlight_color",
|
174
|
+
"hough_lines",
|
175
|
+
"iconGeometry",
|
176
|
+
"iconic",
|
177
|
+
"identify",
|
178
|
+
"ift",
|
179
|
+
"illuminant",
|
180
|
+
"immutable",
|
181
|
+
"implode",
|
182
|
+
"insert",
|
183
|
+
"intensity",
|
184
|
+
"intent",
|
185
|
+
"interlace",
|
186
|
+
"interline_spacing",
|
187
|
+
"interpolate",
|
188
|
+
"interpolative_resize",
|
189
|
+
"interword_spacing",
|
190
|
+
"kerning",
|
191
|
+
"kmeans",
|
192
|
+
"kuwahara",
|
193
|
+
"label",
|
194
|
+
"lat",
|
195
|
+
"layers",
|
196
|
+
"level",
|
197
|
+
"level_colors",
|
198
|
+
"limit",
|
199
|
+
"limits",
|
200
|
+
"linear_stretch",
|
201
|
+
"linewidth",
|
202
|
+
"liquid_rescale",
|
203
|
+
"list",
|
204
|
+
"loader",
|
205
|
+
"log",
|
206
|
+
"loop",
|
207
|
+
"lowlight_color",
|
208
|
+
"magnify",
|
209
|
+
"map",
|
210
|
+
"mattecolor",
|
211
|
+
"median",
|
212
|
+
"mean_shift",
|
213
|
+
"metric",
|
214
|
+
"mode",
|
215
|
+
"modulate",
|
216
|
+
"moments",
|
217
|
+
"monitor",
|
218
|
+
"monochrome",
|
219
|
+
"morph",
|
220
|
+
"morphology",
|
221
|
+
"mosaic",
|
222
|
+
"motion_blur",
|
223
|
+
"name",
|
224
|
+
"negate",
|
225
|
+
"noise",
|
226
|
+
"normalize",
|
227
|
+
"opaque",
|
228
|
+
"ordered_dither",
|
229
|
+
"orient",
|
230
|
+
"page",
|
231
|
+
"paint",
|
232
|
+
"pause",
|
233
|
+
"perceptible",
|
234
|
+
"ping",
|
235
|
+
"pointsize",
|
236
|
+
"polaroid",
|
237
|
+
"poly",
|
238
|
+
"posterize",
|
239
|
+
"precision",
|
240
|
+
"preview",
|
241
|
+
"process",
|
242
|
+
"quality",
|
243
|
+
"quantize",
|
244
|
+
"quiet",
|
245
|
+
"radial_blur",
|
246
|
+
"raise",
|
247
|
+
"random_threshold",
|
248
|
+
"range_threshold",
|
249
|
+
"red_primary",
|
250
|
+
"regard_warnings",
|
251
|
+
"region",
|
252
|
+
"remote",
|
253
|
+
"render",
|
254
|
+
"repage",
|
255
|
+
"resample",
|
256
|
+
"resize",
|
257
|
+
"resize_to_fill",
|
258
|
+
"resize_to_fit",
|
259
|
+
"resize_to_limit",
|
260
|
+
"resize_and_pad",
|
261
|
+
"respect_parentheses",
|
262
|
+
"reverse",
|
263
|
+
"roll",
|
264
|
+
"rotate",
|
265
|
+
"sample",
|
266
|
+
"sampling_factor",
|
267
|
+
"saver",
|
268
|
+
"scale",
|
269
|
+
"scene",
|
270
|
+
"screen",
|
271
|
+
"seed",
|
272
|
+
"segment",
|
273
|
+
"selective_blur",
|
274
|
+
"separate",
|
275
|
+
"sepia_tone",
|
276
|
+
"shade",
|
277
|
+
"shadow",
|
278
|
+
"shared_memory",
|
279
|
+
"sharpen",
|
280
|
+
"shave",
|
281
|
+
"shear",
|
282
|
+
"sigmoidal_contrast",
|
283
|
+
"silent",
|
284
|
+
"similarity_threshold",
|
285
|
+
"size",
|
286
|
+
"sketch",
|
287
|
+
"smush",
|
288
|
+
"snaps",
|
289
|
+
"solarize",
|
290
|
+
"sort_pixels",
|
291
|
+
"sparse_color",
|
292
|
+
"splice",
|
293
|
+
"spread",
|
294
|
+
"statistic",
|
295
|
+
"stegano",
|
296
|
+
"stereo",
|
297
|
+
"storage_type",
|
298
|
+
"stretch",
|
299
|
+
"strip",
|
300
|
+
"stroke",
|
301
|
+
"strokewidth",
|
302
|
+
"style",
|
303
|
+
"subimage_search",
|
304
|
+
"swap",
|
305
|
+
"swirl",
|
306
|
+
"synchronize",
|
307
|
+
"taint",
|
308
|
+
"text_font",
|
309
|
+
"threshold",
|
310
|
+
"thumbnail",
|
311
|
+
"tile_offset",
|
312
|
+
"tint",
|
313
|
+
"title",
|
314
|
+
"transform",
|
315
|
+
"transparent",
|
316
|
+
"transparent_color",
|
317
|
+
"transpose",
|
318
|
+
"transverse",
|
319
|
+
"treedepth",
|
320
|
+
"trim",
|
321
|
+
"type",
|
322
|
+
"undercolor",
|
323
|
+
"unique_colors",
|
324
|
+
"units",
|
325
|
+
"unsharp",
|
326
|
+
"update",
|
327
|
+
"valid_image",
|
328
|
+
"view",
|
329
|
+
"vignette",
|
330
|
+
"virtual_pixel",
|
331
|
+
"visual",
|
332
|
+
"watermark",
|
333
|
+
"wave",
|
334
|
+
"wavelet_denoise",
|
335
|
+
"weight",
|
336
|
+
"white_balance",
|
337
|
+
"white_point",
|
338
|
+
"white_threshold",
|
339
|
+
"window",
|
340
|
+
"window_group",
|
341
|
+
]
|
342
|
+
mattr_accessor :unsupported_image_processing_arguments
|
53
343
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activestorage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.2.
|
4
|
+
version: 5.2.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-03-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|
@@ -16,28 +16,28 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 5.2.
|
19
|
+
version: 5.2.7
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 5.2.
|
26
|
+
version: 5.2.7
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: activerecord
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - '='
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 5.2.
|
33
|
+
version: 5.2.7
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - '='
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 5.2.
|
40
|
+
version: 5.2.7
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: marcel
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -124,8 +124,8 @@ homepage: http://rubyonrails.org
|
|
124
124
|
licenses:
|
125
125
|
- MIT
|
126
126
|
metadata:
|
127
|
-
source_code_uri: https://github.com/rails/rails/tree/v5.2.
|
128
|
-
changelog_uri: https://github.com/rails/rails/blob/v5.2.
|
127
|
+
source_code_uri: https://github.com/rails/rails/tree/v5.2.7/activestorage
|
128
|
+
changelog_uri: https://github.com/rails/rails/blob/v5.2.7/activestorage/CHANGELOG.md
|
129
129
|
post_install_message:
|
130
130
|
rdoc_options: []
|
131
131
|
require_paths:
|