carrierwave 0.9.0 → 3.0.2

data/lib/carrierwave/sanitized_file.rb

@@ -1,7 +1,6 @@
-# encoding: utf-8
-
 require 'pathname'
 require 'active_support/core_ext/string/multibyte'
+require 'marcel'
 
 module CarrierWave
 
@@ -14,19 +13,21 @@ module CarrierWave
   # It's probably needlessly comprehensive and complex. Help is appreciated.
   #
   class SanitizedFile
+    include CarrierWave::Utilities::FileName
 
-    attr_accessor :file
+    attr_reader :file
 
     class << self
       attr_writer :sanitize_regexp
 
       def sanitize_regexp
-        @sanitize_regexp ||= /[^a-zA-Z0-9\.\-\+_]/
+        @sanitize_regexp ||= /[^[:word:]\.\-\+]/
       end
     end
 
     def initialize(file)
       self.file = file
+      @content = @content_type = nil
     end
 
     ##
@@ -38,7 +39,7 @@ module CarrierWave
     #
     def original_filename
       return @original_filename if @original_filename
-      if @file and @file.respond_to?(:original_filename)
+      if @file && @file.respond_to?(:original_filename)
         @file.original_filename
       elsif path
         File.basename(path)
@@ -58,29 +59,6 @@ module CarrierWave
 
     alias_method :identifier, :filename
 
-    ##
-    # Returns the part of the filename before the extension. So if a file is called 'test.jpeg'
-    # this would return 'test'
-    #
-    # === Returns
-    #
-    # [String] the first part of the filename
-    #
-    def basename
-      split_extension(filename)[0] if filename
-    end
-
-    ##
-    # Returns the file extension
-    #
-    # === Returns
-    #
-    # [String] the extension
-    #
-    def extension
-      split_extension(filename)[1] if filename
-    end
-
     ##
     # Returns the file's size.
     #
@@ -108,12 +86,11 @@ module CarrierWave
     # [String, nil] the path where the file is located.
     #
     def path
-      unless @file.blank?
-        if is_path?
-          File.expand_path(@file)
-        elsif @file.respond_to?(:path) and not @file.path.blank?
-          File.expand_path(@file.path)
-        end
+      return if @file.blank?
+      if is_path?
+        File.expand_path(@file)
+      elsif @file.respond_to?(:path) && !@file.path.blank?
+        File.expand_path(@file.path)
       end
     end
 
@@ -132,7 +109,7 @@ module CarrierWave
     # [Boolean] whether the file is valid and has a non-zero size
     #
     def empty?
-      @file.nil? || self.size.nil? || (self.size.zero? && ! self.exists?)
+      @file.nil? || self.size.nil? || (self.size.zero? && !self.exists?)
     end
 
     ##
@@ -141,8 +118,7 @@ module CarrierWave
     # [Boolean] Whether the file exists
     #
     def exists?
-      return File.exists?(self.path) if self.path
-      return false
+      self.path.present? && File.exist?(self.path)
     end
 
     ##
@@ -152,15 +128,21 @@ module CarrierWave
     #
     # [String] contents of the file
     #
-    def read
+    def read(*args)
       if @content
-        @content
+        if args.empty?
+          @content
+        else
+          length, outbuf = args
+          raise ArgumentError, "outbuf argument not supported since the content is already loaded" if outbuf
+          @content[0, length]
+        end
       elsif is_path?
-        File.open(@file, "rb") {|file| file.read}
+        File.open(@file, "rb") {|file| file.read(*args)}
       else
-        @file.rewind if @file.respond_to?(:rewind)
-        @content = @file.read
-        @file.close if @file.respond_to?(:close) && @file.respond_to?(:closed?) && !@file.closed?
+        @file.try(:rewind)
+        @content = @file.read(*args)
+        @file.try(:close) unless @file.class.ancestors.include?(::StringIO) || @file.try(:closed?)
         @content
       end
     end
@@ -174,19 +156,26 @@ module CarrierWave
     # [permissions (Integer)] permissions to set on the file in its new location.
     # [directory_permissions (Integer)] permissions to set on created directories.
     #
-    def move_to(new_path, permissions=nil, directory_permissions=nil)
+    def move_to(new_path, permissions=nil, directory_permissions=nil, keep_filename=false)
       return if self.empty?
       new_path = File.expand_path(new_path)
 
       mkdir!(new_path, directory_permissions)
+      move!(new_path)
+      chmod!(new_path, permissions)
+      self.file = {tempfile: new_path, filename: keep_filename ? original_filename : nil, content_type: declared_content_type}
+      self
+    end
+
+    ##
+    # Helper to move file to new path.
+    #
+    def move!(new_path)
       if exists?
-        FileUtils.mv(path, new_path) unless new_path == path
+        FileUtils.mv(path, new_path) unless File.identical?(new_path, path)
       else
         File.open(new_path, "wb") { |f| f.write(read) }
       end
-      chmod!(new_path, permissions)
-      self.file = new_path
-      self
     end
 
     ##
@@ -207,13 +196,20 @@ module CarrierWave
       new_path = File.expand_path(new_path)
 
       mkdir!(new_path, directory_permissions)
+      copy!(new_path)
+      chmod!(new_path, permissions)
+      self.class.new({tempfile: new_path, content_type: declared_content_type})
+    end
+
+    ##
+    # Helper to create copy of file in new path.
+    #
+    def copy!(new_path)
       if exists?
         FileUtils.cp(path, new_path) unless new_path == path
       else
         File.open(new_path, "wb") { |f| f.write(read) }
       end
-      chmod!(new_path, permissions)
-      self.class.new({:tempfile => new_path, :content_type => content_type})
     end
 
     ##
@@ -243,8 +239,11 @@ module CarrierWave
     # [String] the content type of the file
     #
     def content_type
-      return @content_type if @content_type
-      @file.content_type.to_s.chomp if @file.respond_to?(:content_type) and @file.content_type
+      @content_type ||=
+        identified_content_type ||
+        declared_content_type ||
+        guessed_safe_content_type ||
+        Marcel::MimeType::BINARY
     end
 
     ##
@@ -275,11 +274,11 @@ module CarrierWave
       if file.is_a?(Hash)
         @file = file["tempfile"] || file[:tempfile]
         @original_filename = file["filename"] || file[:filename]
-        @content_type = file["content_type"] || file[:content_type]
+        @declared_content_type = file["content_type"] || file[:content_type] || file["type"] || file[:type]
       else
         @file = file
         @original_filename = nil
-        @content_type = nil
+        @declared_content_type = nil
       end
     end
 
@@ -287,7 +286,7 @@ module CarrierWave
     def mkdir!(path, directory_permissions)
       options = {}
       options[:mode] = directory_permissions if directory_permissions
-      FileUtils.mkdir_p(File.dirname(path), options) unless File.exists?(File.dirname(path))
+      FileUtils.mkdir_p(File.dirname(path), **options) unless File.exist?(File.dirname(path))
     end
 
     def chmod!(path, permissions)
@@ -296,28 +295,48 @@ module CarrierWave
 
     # Sanitize the filename, to prevent hacking
     def sanitize(name)
-      name = name.gsub("\\", "/") # work-around for IE
+      name = name.scrub
+      name = name.tr("\\", "/") # work-around for IE
       name = File.basename(name)
-      name = name.gsub(sanitize_regexp,"_")
+      name = name.gsub(sanitize_regexp, "_")
       name = "_#{name}" if name =~ /\A\.+\z/
-      name = "unnamed" if name.size == 0
-      return name.mb_chars.to_s
+      name = "unnamed" if name.size.zero?
+      name.mb_chars.to_s
     end
 
-    def split_extension(filename)
-      # regular expressions to try for identifying extensions
-      extension_matchers = [
-        /\A(.+)\.(tar\.([glx]?z|bz2))\z/, # matches "something.tar.gz"
-        /\A(.+)\.([^\.]+)\z/ # matches "something.jpg"
-      ]
-
-      extension_matchers.each do |regexp|
-        if filename =~ regexp
-          return $1, $2
+    def declared_content_type
+      @declared_content_type ||
+        if @file.respond_to?(:content_type) && @file.content_type
+          @file.content_type.to_s.chomp
         end
+    end
+
+    # Guess content type from its file extension. Limit what to be returned to prevent spoofing.
+    def guessed_safe_content_type
+      return unless path
+
+      type = Marcel::Magic.by_path(original_filename).to_s
+      type if type.start_with?('text/') || type.start_with?('application/json')
+    end
+
+    def identified_content_type
+      with_io do |io|
+        Marcel::Magic.by_magic(io).try(:type)
       end
-      return filename, "" # In case we weren't able to split the extension
+    rescue Errno::ENOENT
+      nil
     end
 
+    def with_io(&block)
+      if file.is_a?(IO)
+        begin
+          yield file
+        ensure
+          file.try(:rewind)
+        end
+      elsif path
+        File.open(path, &block)
+      end
+    end
   end # SanitizedFile
 end # CarrierWave

data/lib/carrierwave/storage/abstract.rb

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 module CarrierWave
   module Storage
 
@@ -16,7 +14,7 @@ module CarrierWave
       end
 
       def identifier
-        uploader.filename
+        uploader.deduplicated_filename
       end
 
       def store!(file)
@@ -25,6 +23,21 @@ module CarrierWave
       def retrieve!(identifier)
       end
 
+      def cache!(new_file)
+        raise NotImplementedError, "Need to implement #cache! if you want to use #{self.class.name} as a cache storage."
+      end
+
+      def retrieve_from_cache!(identifier)
+        raise NotImplementedError, "Need to implement #retrieve_from_cache! if you want to use #{self.class.name} as a cache storage."
+      end
+
+      def delete_dir!(path)
+        raise NotImplementedError, "Need to implement #delete_dir! if you want to use #{self.class.name} as a cache storage."
+      end
+
+      def clean_cache!(seconds)
+        raise NotImplementedError, "Need to implement #clean_cache! if you want to use #{self.class.name} as a cache storage."
+      end
     end # Abstract
   end # Storage
 end # CarrierWave

data/lib/carrierwave/storage/file.rb

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 module CarrierWave
   module Storage
 
@@ -9,13 +7,17 @@ module CarrierWave
     # pretty much it.
     #
     class File < Abstract
+      def initialize(*)
+        super
+        @cache_called = nil
+      end
 
       ##
       # Move the file to the uploader's store path.
       #
       # By default, store!() uses copy_to(), which operates by copying the file
       # from the cache to the store, then deleting the file from the cache.
-      # If move_to_store() is overriden to return true, then store!() uses move_to(),
+      # If move_to_store() is overridden to return true, then store!() uses move_to(),
       # which simply moves the file from cache to store.  Useful for large files.
       #
       # === Parameters
@@ -51,6 +53,72 @@ module CarrierWave
         CarrierWave::SanitizedFile.new(path)
       end
 
+      ##
+      # Stores given file to cache directory.
+      #
+      # === Parameters
+      #
+      # [new_file (File, IOString, Tempfile)] any kind of file object
+      #
+      # === Returns
+      #
+      # [CarrierWave::SanitizedFile] a sanitized file
+      #
+      def cache!(new_file)
+        new_file.move_to(::File.expand_path(uploader.cache_path, uploader.root), uploader.permissions, uploader.directory_permissions, true)
+      rescue Errno::EMLINK, Errno::ENOSPC => e
+        raise(e) if @cache_called
+        @cache_called = true
+
+        # NOTE: Remove cached files older than 10 minutes
+        clean_cache!(600)
+
+        cache!(new_file)
+      end
+
+      ##
+      # Retrieves the file with the given cache_name from the cache.
+      #
+      # === Parameters
+      #
+      # [cache_name (String)] uniquely identifies a cache file
+      #
+      # === Raises
+      #
+      # [CarrierWave::InvalidParameter] if the cache_name is incorrectly formatted.
+      #
+      def retrieve_from_cache!(identifier)
+        CarrierWave::SanitizedFile.new(::File.expand_path(uploader.cache_path(identifier), uploader.root))
+      end
+
+      ##
+      # Deletes a cache dir
+      #
+      def delete_dir!(path)
+        if path
+          begin
+            Dir.rmdir(::File.expand_path(path, uploader.root))
+          rescue Errno::ENOENT
+            # Ignore: path does not exist
+          rescue Errno::ENOTDIR
+            # Ignore: path is not a dir
+          rescue Errno::ENOTEMPTY, Errno::EEXIST
+            # Ignore: dir is not empty
+          end
+        end
+      end
+
+      def clean_cache!(seconds)
+        Dir.glob(::File.expand_path(::File.join(uploader.cache_dir, '*'), uploader.root)).each do |dir|
+          # generate_cache_id returns key formatted TIMEINT-PID(-COUNTER)-RND
+          matched = dir.scan(/(\d+)-\d+-\d+(?:-\d+)?/).first
+          next unless matched
+          time = Time.at(matched[0].to_i)
+          if time < (Time.now.utc - seconds)
+            FileUtils.rm_rf(dir)
+          end
+        end
+      end
     end # File
   end # Storage
 end # CarrierWave