activestorage 7.0.2.2 → 7.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 797efdf2ca8b6bb58815e2352e430b2cca2b6defaf37fc4e524c2a2150695f4a
4
- data.tar.gz: 11490b758f9b6e9c2a9eda88757e5a454ca92e587624ce85cb6235dfa9f10fbd
3
+ metadata.gz: cb27c3976b612802226ea7343ba6bd9483eb635f1785a0255d8048f936c77fc0
4
+ data.tar.gz: f4bea0eb4dad8afe87aa78185cb3a9eaa92e7c4eb4bd50a28f5505dba4574a6a
5
5
  SHA512:
6
- metadata.gz: 02a012dd3e41df712e0b4f64576db45634659b369d5e09245c6cc87e1bbb38d31bebd2e110d5782f97477ba2798717f9770167325c68b3b3b8c12d3409c492c5
7
- data.tar.gz: b89aa21d7d77e5c4ed766c507b06c7c81b34cf79db5fd01f8f1aaa171476e88cf90cabb0e576ebfba698065ab1daee2021cb34b6a9ba2da7054a21907fcd0218
6
+ metadata.gz: 24ef173da37fd9a08160b3ca83e78633a2f54699c6043ac7c21bf111226c1d94e6f7971acb3c2be035320cbfd6dfae9dd91c85abaaf0f97c922c33e1f5b26043
7
+ data.tar.gz: 640a260bf6d6bc690491fe365e810117232c3be9c96112ddc9a5d8e68d8d8f680930f3ae065fcaedadb43490de63a3226e8f5cbde1279419d9f23a019e692b7f
data/CHANGELOG.md CHANGED
@@ -1,8 +1,34 @@
1
- ## Rails 7.0.2.2 (February 11, 2022) ##
1
+ ## Rails 7.0.3 (May 09, 2022) ##
2
+
3
+ * Don't stream responses in redirect mode
4
+
5
+ Previously, both redirect mode and proxy mode streamed their
6
+ responses which caused a new thread to be created, and could end
7
+ up leaking connections in the connection pool. But since redirect
8
+ mode doesn't actually send any data, it doesn't need to be
9
+ streamed.
10
+
11
+ *Luke Lau*
12
+
13
+ ## Rails 7.0.2.4 (April 26, 2022) ##
2
14
 
3
15
  * No changes.
4
16
 
5
17
 
18
+ ## Rails 7.0.2.3 (March 08, 2022) ##
19
+
20
+ * Added image transformation validation via configurable allow-list.
21
+
22
+ Variant now offers a configurable allow-list for
23
+ transformation methods in addition to a configurable deny-list for arguments.
24
+
25
+ [CVE-2022-21831]
26
+
27
+
28
+ ## Rails 7.0.2.2 (February 11, 2022) ##
29
+
30
+ * No changes.
31
+
6
32
  ## Rails 7.0.2.1 (February 11, 2022) ##
7
33
 
8
34
  * No changes.
@@ -2,7 +2,7 @@
2
2
 
3
3
  # The base class for all Active Storage controllers.
4
4
  class ActiveStorage::BaseController < ActionController::Base
5
- include ActiveStorage::SetCurrent, ActiveStorage::Streaming
5
+ include ActiveStorage::SetCurrent
6
6
 
7
7
  protect_from_forgery with: :exception
8
8
 
@@ -8,6 +8,7 @@
8
8
  # {Authenticated Controllers}[https://guides.rubyonrails.org/active_storage_overview.html#authenticated-controllers].
9
9
  class ActiveStorage::Blobs::ProxyController < ActiveStorage::BaseController
10
10
  include ActiveStorage::SetBlob
11
+ include ActiveStorage::Streaming
11
12
 
12
13
  def show
13
14
  if request.headers["Range"].present?
@@ -7,6 +7,8 @@
7
7
  # require a higher level of protection consider implementing
8
8
  # {Authenticated Controllers}[https://guides.rubyonrails.org/active_storage_overview.html#authenticated-controllers].
9
9
  class ActiveStorage::Representations::ProxyController < ActiveStorage::Representations::BaseController
10
+ include ActiveStorage::Streaming
11
+
10
12
  def show
11
13
  http_cache_forever public: true do
12
14
  send_blob_stream @representation.image, disposition: params[:disposition]
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  # Like an ActiveStorage::Variant, but keeps detail about the variant in the database as an
4
- # ActiveStorage::VariantRecord. This is only used if `ActiveStorage.track_variants` is enabled.
4
+ # ActiveStorage::VariantRecord. This is only used if +ActiveStorage.track_variants+ is enabled.
5
5
  class ActiveStorage::VariantWithRecord
6
6
  attr_reader :blob, :variation
7
7
  delegate :service, to: :blob
@@ -1,5 +1,7 @@
1
1
  class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0]
2
2
  def up
3
+ return unless table_exists?(:active_storage_blobs)
4
+
3
5
  unless column_exists?(:active_storage_blobs, :service_name)
4
6
  add_column :active_storage_blobs, :service_name, :string
5
7
 
@@ -12,6 +14,8 @@ class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0]
12
14
  end
13
15
 
14
16
  def down
17
+ return unless table_exists?(:active_storage_blobs)
18
+
15
19
  remove_column :active_storage_blobs, :service_name
16
20
  end
17
21
  end
@@ -1,5 +1,7 @@
1
1
  class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0]
2
2
  def change
3
+ return unless table_exists?(:active_storage_blobs)
4
+
3
5
  # Use Active Record's configured type for primary key
4
6
  create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t|
5
7
  t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type
@@ -1,5 +1,7 @@
1
1
  class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0]
2
2
  def change
3
+ return unless table_exists?(:active_storage_blobs)
4
+
3
5
  change_column_null(:active_storage_blobs, :checksum, true)
4
6
  end
5
7
  end
@@ -93,6 +93,21 @@ module ActiveStorage
93
93
  ActiveStorage.draw_routes = app.config.active_storage.draw_routes != false
94
94
  ActiveStorage.resolve_model_to_route = app.config.active_storage.resolve_model_to_route || :rails_storage_redirect
95
95
 
96
+ ActiveStorage.supported_image_processing_methods += app.config.active_storage.supported_image_processing_methods || []
97
+ ActiveStorage.unsupported_image_processing_arguments = app.config.active_storage.unsupported_image_processing_arguments || %w(
98
+ -debug
99
+ -display
100
+ -distribute-cache
101
+ -help
102
+ -path
103
+ -print
104
+ -set
105
+ -verbose
106
+ -version
107
+ -write
108
+ -write-mask
109
+ )
110
+
96
111
  ActiveStorage.variable_content_types = app.config.active_storage.variable_content_types || []
97
112
  ActiveStorage.web_image_content_types = app.config.active_storage.web_image_content_types || []
98
113
  ActiveStorage.content_types_to_serve_as_binary = app.config.active_storage.content_types_to_serve_as_binary || []
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ActiveStorage
4
- # Returns the version of the currently loaded Active Storage as a <tt>Gem::Version</tt>.
4
+ # Returns the currently loaded version of Active Storage as a <tt>Gem::Version</tt>.
5
5
  def self.gem_version
6
6
  Gem::Version.new VERSION::STRING
7
7
  end
@@ -9,8 +9,8 @@ module ActiveStorage
9
9
  module VERSION
10
10
  MAJOR = 7
11
11
  MINOR = 0
12
- TINY = 2
13
- PRE = "2"
12
+ TINY = 3
13
+ PRE = nil
14
14
 
15
15
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join(".")
16
16
  end
@@ -13,6 +13,9 @@ module ActiveStorage
13
13
  module Transformers
14
14
  class ImageProcessingTransformer < Transformer
15
15
  private
16
+ class UnsupportedImageProcessingMethod < StandardError; end
17
+ class UnsupportedImageProcessingArgument < StandardError; end
18
+
16
19
  def process(file, format:)
17
20
  processor.
18
21
  source(file).
@@ -28,6 +31,10 @@ module ActiveStorage
28
31
 
29
32
  def operations
30
33
  transformations.each_with_object([]) do |(name, argument), list|
34
+ if ActiveStorage.variant_processor == :mini_magick
35
+ validate_transformation(name, argument)
36
+ end
37
+
31
38
  if name.to_s == "combine_options"
32
39
  raise ArgumentError, <<~ERROR.squish
33
40
  Active Storage's ImageProcessing transformer doesn't support :combine_options,
@@ -40,6 +47,64 @@ module ActiveStorage
40
47
  end
41
48
  end
42
49
  end
50
+
51
+ def validate_transformation(name, argument)
52
+ method_name = name.to_s.tr("-", "_")
53
+
54
+ unless ActiveStorage.supported_image_processing_methods.any? { |method| method_name == method }
55
+ raise UnsupportedImageProcessingMethod, <<~ERROR.squish
56
+ One or more of the provided transformation methods is not supported.
57
+ ERROR
58
+ end
59
+
60
+ if argument.present?
61
+ if argument.is_a?(String) || argument.is_a?(Symbol)
62
+ validate_arg_string(argument)
63
+ elsif argument.is_a?(Array)
64
+ validate_arg_array(argument)
65
+ elsif argument.is_a?(Hash)
66
+ validate_arg_hash(argument)
67
+ end
68
+ end
69
+ end
70
+
71
+ def validate_arg_string(argument)
72
+ unsupported_arguments = ActiveStorage.unsupported_image_processing_arguments.any? do |bad_arg|
73
+ argument.to_s.downcase.include?(bad_arg)
74
+ end
75
+
76
+ raise UnsupportedImageProcessingArgument if unsupported_arguments
77
+ end
78
+
79
+ def validate_arg_array(argument)
80
+ argument.each do |arg|
81
+ if arg.is_a?(Integer) || arg.is_a?(Float)
82
+ next
83
+ elsif arg.is_a?(String) || arg.is_a?(Symbol)
84
+ validate_arg_string(arg)
85
+ elsif arg.is_a?(Array)
86
+ validate_arg_array(arg)
87
+ elsif arg.is_a?(Hash)
88
+ validate_arg_hash(arg)
89
+ end
90
+ end
91
+ end
92
+
93
+ def validate_arg_hash(argument)
94
+ argument.each do |key, value|
95
+ validate_arg_string(key)
96
+
97
+ if value.is_a?(Integer) || value.is_a?(Float)
98
+ next
99
+ elsif value.is_a?(String) || value.is_a?(Symbol)
100
+ validate_arg_string(value)
101
+ elsif value.is_a?(Array)
102
+ validate_arg_array(value)
103
+ elsif value.is_a?(Hash)
104
+ validate_arg_hash(value)
105
+ end
106
+ end
107
+ end
43
108
  end
44
109
  end
45
110
  end
@@ -3,7 +3,7 @@
3
3
  require_relative "gem_version"
4
4
 
5
5
  module ActiveStorage
6
- # Returns the version of the currently loaded ActiveStorage as a <tt>Gem::Version</tt>
6
+ # Returns the currently loaded version of Active Storage as a <tt>Gem::Version</tt>.
7
7
  def self.version
8
8
  gem_version
9
9
  end
@@ -59,6 +59,297 @@ module ActiveStorage
59
59
  mattr_accessor :content_types_to_serve_as_binary, default: []
60
60
  mattr_accessor :content_types_allowed_inline, default: []
61
61
 
62
+ mattr_accessor :supported_image_processing_methods, default: [
63
+ "adaptive_blur",
64
+ "adaptive_resize",
65
+ "adaptive_sharpen",
66
+ "adjoin",
67
+ "affine",
68
+ "alpha",
69
+ "annotate",
70
+ "antialias",
71
+ "append",
72
+ "apply",
73
+ "attenuate",
74
+ "authenticate",
75
+ "auto_gamma",
76
+ "auto_level",
77
+ "auto_orient",
78
+ "auto_threshold",
79
+ "backdrop",
80
+ "background",
81
+ "bench",
82
+ "bias",
83
+ "bilateral_blur",
84
+ "black_point_compensation",
85
+ "black_threshold",
86
+ "blend",
87
+ "blue_primary",
88
+ "blue_shift",
89
+ "blur",
90
+ "border",
91
+ "bordercolor",
92
+ "borderwidth",
93
+ "brightness_contrast",
94
+ "cache",
95
+ "canny",
96
+ "caption",
97
+ "channel",
98
+ "channel_fx",
99
+ "charcoal",
100
+ "chop",
101
+ "clahe",
102
+ "clamp",
103
+ "clip",
104
+ "clip_path",
105
+ "clone",
106
+ "clut",
107
+ "coalesce",
108
+ "colorize",
109
+ "colormap",
110
+ "color_matrix",
111
+ "colors",
112
+ "colorspace",
113
+ "colourspace",
114
+ "color_threshold",
115
+ "combine",
116
+ "combine_options",
117
+ "comment",
118
+ "compare",
119
+ "complex",
120
+ "compose",
121
+ "composite",
122
+ "compress",
123
+ "connected_components",
124
+ "contrast",
125
+ "contrast_stretch",
126
+ "convert",
127
+ "convolve",
128
+ "copy",
129
+ "crop",
130
+ "cycle",
131
+ "deconstruct",
132
+ "define",
133
+ "delay",
134
+ "delete",
135
+ "density",
136
+ "depth",
137
+ "descend",
138
+ "deskew",
139
+ "despeckle",
140
+ "direction",
141
+ "displace",
142
+ "dispose",
143
+ "dissimilarity_threshold",
144
+ "dissolve",
145
+ "distort",
146
+ "dither",
147
+ "draw",
148
+ "duplicate",
149
+ "edge",
150
+ "emboss",
151
+ "encoding",
152
+ "endian",
153
+ "enhance",
154
+ "equalize",
155
+ "evaluate",
156
+ "evaluate_sequence",
157
+ "extent",
158
+ "extract",
159
+ "family",
160
+ "features",
161
+ "fft",
162
+ "fill",
163
+ "filter",
164
+ "flatten",
165
+ "flip",
166
+ "floodfill",
167
+ "flop",
168
+ "font",
169
+ "foreground",
170
+ "format",
171
+ "frame",
172
+ "function",
173
+ "fuzz",
174
+ "fx",
175
+ "gamma",
176
+ "gaussian_blur",
177
+ "geometry",
178
+ "gravity",
179
+ "grayscale",
180
+ "green_primary",
181
+ "hald_clut",
182
+ "highlight_color",
183
+ "hough_lines",
184
+ "iconGeometry",
185
+ "iconic",
186
+ "identify",
187
+ "ift",
188
+ "illuminant",
189
+ "immutable",
190
+ "implode",
191
+ "insert",
192
+ "intensity",
193
+ "intent",
194
+ "interlace",
195
+ "interline_spacing",
196
+ "interpolate",
197
+ "interpolative_resize",
198
+ "interword_spacing",
199
+ "kerning",
200
+ "kmeans",
201
+ "kuwahara",
202
+ "label",
203
+ "lat",
204
+ "layers",
205
+ "level",
206
+ "level_colors",
207
+ "limit",
208
+ "limits",
209
+ "linear_stretch",
210
+ "linewidth",
211
+ "liquid_rescale",
212
+ "list",
213
+ "loader",
214
+ "log",
215
+ "loop",
216
+ "lowlight_color",
217
+ "magnify",
218
+ "map",
219
+ "mattecolor",
220
+ "median",
221
+ "mean_shift",
222
+ "metric",
223
+ "mode",
224
+ "modulate",
225
+ "moments",
226
+ "monitor",
227
+ "monochrome",
228
+ "morph",
229
+ "morphology",
230
+ "mosaic",
231
+ "motion_blur",
232
+ "name",
233
+ "negate",
234
+ "noise",
235
+ "normalize",
236
+ "opaque",
237
+ "ordered_dither",
238
+ "orient",
239
+ "page",
240
+ "paint",
241
+ "pause",
242
+ "perceptible",
243
+ "ping",
244
+ "pointsize",
245
+ "polaroid",
246
+ "poly",
247
+ "posterize",
248
+ "precision",
249
+ "preview",
250
+ "process",
251
+ "quality",
252
+ "quantize",
253
+ "quiet",
254
+ "radial_blur",
255
+ "raise",
256
+ "random_threshold",
257
+ "range_threshold",
258
+ "red_primary",
259
+ "regard_warnings",
260
+ "region",
261
+ "remote",
262
+ "render",
263
+ "repage",
264
+ "resample",
265
+ "resize",
266
+ "resize_to_fill",
267
+ "resize_to_fit",
268
+ "resize_to_limit",
269
+ "resize_and_pad",
270
+ "respect_parentheses",
271
+ "reverse",
272
+ "roll",
273
+ "rotate",
274
+ "sample",
275
+ "sampling_factor",
276
+ "saver",
277
+ "scale",
278
+ "scene",
279
+ "screen",
280
+ "seed",
281
+ "segment",
282
+ "selective_blur",
283
+ "separate",
284
+ "sepia_tone",
285
+ "shade",
286
+ "shadow",
287
+ "shared_memory",
288
+ "sharpen",
289
+ "shave",
290
+ "shear",
291
+ "sigmoidal_contrast",
292
+ "silent",
293
+ "similarity_threshold",
294
+ "size",
295
+ "sketch",
296
+ "smush",
297
+ "snaps",
298
+ "solarize",
299
+ "sort_pixels",
300
+ "sparse_color",
301
+ "splice",
302
+ "spread",
303
+ "statistic",
304
+ "stegano",
305
+ "stereo",
306
+ "storage_type",
307
+ "stretch",
308
+ "strip",
309
+ "stroke",
310
+ "strokewidth",
311
+ "style",
312
+ "subimage_search",
313
+ "swap",
314
+ "swirl",
315
+ "synchronize",
316
+ "taint",
317
+ "text_font",
318
+ "threshold",
319
+ "thumbnail",
320
+ "tile_offset",
321
+ "tint",
322
+ "title",
323
+ "transform",
324
+ "transparent",
325
+ "transparent_color",
326
+ "transpose",
327
+ "transverse",
328
+ "treedepth",
329
+ "trim",
330
+ "type",
331
+ "undercolor",
332
+ "unique_colors",
333
+ "units",
334
+ "unsharp",
335
+ "update",
336
+ "valid_image",
337
+ "view",
338
+ "vignette",
339
+ "virtual_pixel",
340
+ "visual",
341
+ "watermark",
342
+ "wave",
343
+ "wavelet_denoise",
344
+ "weight",
345
+ "white_balance",
346
+ "white_point",
347
+ "white_threshold",
348
+ "window",
349
+ "window_group"
350
+ ]
351
+ mattr_accessor :unsupported_image_processing_arguments
352
+
62
353
  mattr_accessor :service_urls_expire_in, default: 5.minutes
63
354
  mattr_accessor :urls_expire_in
64
355
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activestorage
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.2.2
4
+ version: 7.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-02-11 00:00:00.000000000 Z
11
+ date: 2022-05-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,56 +16,56 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 7.0.2.2
19
+ version: 7.0.3
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 7.0.2.2
26
+ version: 7.0.3
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: actionpack
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 7.0.2.2
33
+ version: 7.0.3
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 7.0.2.2
40
+ version: 7.0.3
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: activejob
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - '='
46
46
  - !ruby/object:Gem::Version
47
- version: 7.0.2.2
47
+ version: 7.0.3
48
48
  type: :runtime
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - '='
53
53
  - !ruby/object:Gem::Version
54
- version: 7.0.2.2
54
+ version: 7.0.3
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: activerecord
57
57
  requirement: !ruby/object:Gem::Requirement
58
58
  requirements:
59
59
  - - '='
60
60
  - !ruby/object:Gem::Version
61
- version: 7.0.2.2
61
+ version: 7.0.3
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - '='
67
67
  - !ruby/object:Gem::Version
68
- version: 7.0.2.2
68
+ version: 7.0.3
69
69
  - !ruby/object:Gem::Dependency
70
70
  name: marcel
71
71
  requirement: !ruby/object:Gem::Requirement
@@ -198,10 +198,10 @@ licenses:
198
198
  - MIT
199
199
  metadata:
200
200
  bug_tracker_uri: https://github.com/rails/rails/issues
201
- changelog_uri: https://github.com/rails/rails/blob/v7.0.2.2/activestorage/CHANGELOG.md
202
- documentation_uri: https://api.rubyonrails.org/v7.0.2.2/
201
+ changelog_uri: https://github.com/rails/rails/blob/v7.0.3/activestorage/CHANGELOG.md
202
+ documentation_uri: https://api.rubyonrails.org/v7.0.3/
203
203
  mailing_list_uri: https://discuss.rubyonrails.org/c/rubyonrails-talk
204
- source_code_uri: https://github.com/rails/rails/tree/v7.0.2.2/activestorage
204
+ source_code_uri: https://github.com/rails/rails/tree/v7.0.3/activestorage
205
205
  rubygems_mfa_required: 'true'
206
206
  post_install_message:
207
207
  rdoc_options: []
@@ -218,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
218
218
  - !ruby/object:Gem::Version
219
219
  version: '0'
220
220
  requirements: []
221
- rubygems_version: 3.2.22
221
+ rubygems_version: 3.3.7
222
222
  signing_key:
223
223
  specification_version: 4
224
224
  summary: Local and cloud file storage framework.