carrierwave 1.2.1 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 7a985080c1432e2d6d27cbe46b823f4ca5bdbc75
-  data.tar.gz: e3e60a7159815499f0559f9574480633e73d68ed
+SHA256:
+  metadata.gz: d5e6d1dd656203f5e14c43b75b807e793d623126006ddf8c5a4f9f4706faa750
+  data.tar.gz: 82281b939837f54716f580a1deb6397d87cc9bb867dc6a6938a4322d795500b1
 SHA512:
-  metadata.gz: 9e027080e1e7fcc86a2f6e0b74cb0d4db2d1f955b733c9bf47354fb74da0707c0017a9305fdc6f090825a7203b319f25bcd61ecc2fa84f123da19a9b9d784d6c
-  data.tar.gz: 2c8d16ca3353952282e9ffb97d37d44477c5a22f4744f99a84d0fde7bc0ee9d6b456698aa386d0664e8b734f9b8edf155a8034b15efb5b60831579a610d09b67
+  metadata.gz: 8eca3a53204f520d0cabf6e2384e6670cb634159e4b6c1e8d3915b6bab8473f21fb116047129b142a986588ea27401131d095186657770d7c31b03d6c929a1c9
+  data.tar.gz: 316797cffad6d2568e50929862cd80ba3e56c05d557f70f8631b66fc60ffd65fe5862afe4121a1e5e775e55a5f6c9a6c14414bce6a57deab2d12a8a127ed5b0d

data/README.md

@@ -4,8 +4,8 @@ This gem provides a simple and extremely flexible way to upload files from Ruby
 It works well with Rack based web applications, such as Ruby on Rails.
 
 [![Build Status](https://travis-ci.org/carrierwaveuploader/carrierwave.svg?branch=master)](http://travis-ci.org/carrierwaveuploader/carrierwave)
-[![Code Climate](http://img.shields.io/codeclimate/github/carrierwaveuploader/carrierwave.svg)](https://codeclimate.com/github/carrierwaveuploader/carrierwave)
-[![git.legal](https://git.legal/projects/1363/badge.svg "Number of libraries approved")](https://git.legal/projects/1363)
+[![Code Climate](https://codeclimate.com/github/carrierwaveuploader/carrierwave.svg)](https://codeclimate.com/github/carrierwaveuploader/carrierwave)
+[![SemVer](https://api.dependabot.com/badges/compatibility_score?dependency-name=carrierwave&package-manager=bundler&version-scheme=semver)](https://dependabot.com/compatibility-score.html?dependency-name=carrierwave&package-manager=bundler&version-scheme=semver)
 
 
 ## Information
@@ -24,7 +24,7 @@ It works well with Rack based web applications, such as Ruby on Rails.
 Install the latest release:
 
 ```
-$ gem install carrierwave -v "1.0.0"
+$ gem install carrierwave
 ```
 
 In Rails, add it to your Gemfile:
@@ -89,7 +89,7 @@ a migration:
 
 
 	rails g migration add_avatar_to_users avatar:string
-	rake db:migrate
+	rails db:migrate
 
 Open your model file and mount the uploader:
 
@@ -144,12 +144,12 @@ example, create a migration like this:
 #### For databases with ActiveRecord json data type support (e.g. PostgreSQL, MySQL)
 
 	rails g migration add_avatars_to_users avatars:json
-	rake db:migrate
+	rails db:migrate
 
 #### For database without ActiveRecord json data type support (e.g. SQLite)
 
 	rails g migration add_avatars_to_users avatars:string
-	rake db:migrate
+	rails db:migrate
 
 __Note__: JSON datatype doesn't exists in SQLite adapter, that's why you can use a string datatype which will be serialized in model.
 
@@ -163,6 +163,9 @@ class User < ActiveRecord::Base
 end
 ```
 
+Make sure that you mount the uploader with write (mount_uploaders) with `s` not (mount_uploader)
+in order to avoid errors when uploading multiple files
+
 Make sure your file input fields are set up as multiple file fields. For
 example in Rails you'll want to do something like this:
 
@@ -301,8 +304,16 @@ end
 ```
 
 When this uploader is used, an uploaded image would be scaled to be no larger
-than 800 by 800 pixels. A version called thumb is then created, which is scaled
-and cropped to exactly 200 by 200 pixels. The uploader could be used like this:
+than 800 by 800 pixels. The original aspect ratio will be kept.
+A version called thumb is then created, which is scaled
+to exactly 200 by 200 pixels.
+
+If you would like to crop images to a specific height and width you
+can use the alternative option of '''resize_to_fill'''. It will make sure
+that the width and height specified are filled, only cropping
+if the aspect ratio requires it.
+
+The uploader could be used like this:
 
 ```ruby
 uploader = AvatarUploader.new
@@ -625,6 +636,8 @@ describe MyUploader do
 end
 ```
 
+If you're looking for minitest asserts, checkout [carrierwave_asserts](https://github.com/hcfairbanks/carrierwave_asserts).
+
 Setting the enable_processing flag on an uploader will prevent any of the versions from processing as well.
 Processing can be enabled for a single version by setting the processing flag on the version like so:
 
@@ -659,15 +672,16 @@ CarrierWave.configure do |config|
   config.fog_provider = 'fog/aws'                        # required
   config.fog_credentials = {
     provider:              'AWS',                        # required
-    aws_access_key_id:     'xxx',                        # required
-    aws_secret_access_key: 'yyy',                        # required
+    aws_access_key_id:     'xxx',                        # required unless using use_iam_profile
+    aws_secret_access_key: 'yyy',                        # required unless using use_iam_profile
+    use_iam_profile:       true,                         # optional, defaults to false
     region:                'eu-west-1',                  # optional, defaults to 'us-east-1'
     host:                  's3.example.com',             # optional, defaults to nil
     endpoint:              'https://s3.example.com:8080' # optional, defaults to nil
   }
-  config.fog_directory  = 'name_of_directory'                          # required
-  config.fog_public     = false                                        # optional, defaults to true
-  config.fog_attributes = { cache_control: "public, max-age=#{365.day.to_i}" } # optional, defaults to {}
+  config.fog_directory  = 'name_of_bucket'                                      # required
+  config.fog_public     = false                                                 # optional, defaults to true
+  config.fog_attributes = { cache_control: "public, max-age=#{365.days.to_i}" } # optional, defaults to {}
 end
 ```
 
@@ -912,7 +926,7 @@ errors:
     carrierwave_download_error: could not be downloaded
     extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}"
     extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}"
-    content_type_whitelist_error: "You are not allowed to upload %{content_type} files"
+    content_type_whitelist_error: "You are not allowed to upload %{content_type} files, allowed types: %{allowed_types}"
     content_type_blacklist_error: "You are not allowed to upload %{content_type} files"
     rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?"
     mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}"

data/lib/carrierwave.rb

@@ -34,6 +34,26 @@ if defined?(Merb)
     Dir.glob(File.join(Merb.load_paths[:uploaders])).each {|f| require f }
   end
 
+elsif defined?(Jets)
+
+  module CarrierWave
+    class Turbine < Jets::Turbine
+      initializer "carrierwave.setup_paths" do |app|
+        CarrierWave.root = Jets.root.to_s
+        CarrierWave.tmp_path = "/tmp/carrierwave"
+        CarrierWave.configure do |config|
+          config.cache_dir = "/tmp/carrierwave/uploads/tmp"
+        end
+      end
+
+      initializer "carrierwave.active_record" do
+        ActiveSupport.on_load :active_record do
+          require 'carrierwave/orm/activerecord'
+        end
+      end
+    end
+  end
+
 elsif defined?(Rails)
 
   module CarrierWave

data/lib/carrierwave/locale/en.yml

@@ -6,7 +6,7 @@ en:
       carrierwave_download_error: could not be downloaded
       extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}"
       extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}"
-      content_type_whitelist_error: "You are not allowed to upload %{content_type} files"
+      content_type_whitelist_error: "You are not allowed to upload %{content_type} files, allowed types: %{allowed_types}"
       content_type_blacklist_error: "You are not allowed to upload %{content_type} files"
       rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?"
       mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}"

data/lib/carrierwave/processing/mini_magick.rb

@@ -61,6 +61,13 @@ module CarrierWave
         e.message << " (You may need to install the mini_magick gem)"
         raise e
       end
+
+      prepend Module.new {
+        def initialize(*)
+          super
+          @format = nil
+        end
+      }
     end
 
     module ClassMethods
@@ -303,6 +310,7 @@ module CarrierWave
 
         if @format
           move_to = current_path.chomp(File.extname(current_path)) + ".#{@format}"
+          file.content_type = ::MIME::Types.type_for(move_to).first.to_s
           file.move_to(move_to, permissions, directory_permissions)
         end
 
@@ -333,11 +341,7 @@ module CarrierWave
       end
 
       def mini_magick_image
-        if url
-          ::MiniMagick::Image.open(url)
-        else
-          ::MiniMagick::Image.open(current_path)
-        end
+        ::MiniMagick::Image.read(read)
       end
 
   end # MiniMagick

data/lib/carrierwave/processing/rmagick.rb

@@ -67,6 +67,13 @@ module CarrierWave
         e.message << " (You may need to install the rmagick gem)"
         raise e
       end
+
+      prepend Module.new {
+        def initialize(*)
+          super
+          @format = nil
+        end
+      }
     end
 
     module ClassMethods
@@ -346,7 +353,7 @@ module CarrierWave
       frames = ::Magick::ImageList.new
 
       image.each_with_index do |frame, index|
-        frame = yield *[frame, index, options].take(block.arity) if block_given?
+        frame = yield(*[frame, index, options].take(block.arity)) if block_given?
         frames << frame if frame
       end
       frames.append(true) if block_given?
@@ -356,6 +363,7 @@ module CarrierWave
       if options[:format] || @format
         frames.write("#{options[:format] || @format}:#{current_path}", &write_block)
         move_to = current_path.chomp(File.extname(current_path)) + ".#{options[:format] || @format}"
+        file.content_type = ::MIME::Types.type_for(move_to).first.to_s
         file.move_to(move_to, permissions, directory_permissions)
       else
         frames.write(current_path, &write_block)
@@ -370,9 +378,15 @@ module CarrierWave
 
     def create_info_block(options)
       return nil unless options
-      assignments = options.map { |k, v| "self.#{k} = #{v}" }
-      code = "lambda { |img| " + assignments.join(";") + "}"
-      eval code
+      proc do |img|
+        options.each do |k, v|
+          if v.is_a?(String) && (matches = v.match(/^["'](.+)["']/))
+            ActiveSupport::Deprecation.warn "Passing quoted strings like #{v} to #manipulate! is deprecated, pass them without quoting."
+            v = matches[1]
+          end
+          img.public_send(:"#{k}=", v)
+        end
+      end
     end
 
     def destroy_image(image)

data/lib/carrierwave/sanitized_file.rb

@@ -20,7 +20,7 @@ module CarrierWave
   #
   class SanitizedFile
 
-    attr_accessor :file
+    attr_reader :file
 
     class << self
       attr_writer :sanitize_regexp
@@ -32,6 +32,7 @@ module CarrierWave
 
     def initialize(file)
       self.file = file
+      @content = nil
     end
 
     ##
@@ -113,12 +114,11 @@ module CarrierWave
     # [String, nil] the path where the file is located.
     #
     def path
-      unless @file.blank?
-        if is_path?
-          File.expand_path(@file)
-        elsif @file.respond_to?(:path) and not @file.path.blank?
-          File.expand_path(@file.path)
-        end
+      return if @file.blank?
+      if is_path?
+        File.expand_path(@file)
+      elsif @file.respond_to?(:path) && !@file.path.blank?
+        File.expand_path(@file.path)
       end
     end
 
@@ -312,7 +312,7 @@ module CarrierWave
     def mkdir!(path, directory_permissions)
       options = {}
       options[:mode] = directory_permissions if directory_permissions
-      FileUtils.mkdir_p(File.dirname(path), options) unless File.exist?(File.dirname(path))
+      FileUtils.mkdir_p(File.dirname(path), **options) unless File.exist?(File.dirname(path))
     end
 
     def chmod!(path, permissions)

data/lib/carrierwave/storage/file.rb

@@ -7,6 +7,10 @@ module CarrierWave
     # pretty much it.
     #
     class File < Abstract
+      def initialize(*)
+        super
+        @cache_called = nil
+      end
 
       ##
       # Move the file to the uploader's store path.
@@ -62,7 +66,7 @@ module CarrierWave
       #
       def cache!(new_file)
         new_file.move_to(::File.expand_path(uploader.cache_path, uploader.root), uploader.permissions, uploader.directory_permissions, true)
-      rescue Errno::EMLINK => e
+      rescue Errno::EMLINK, Errno::ENOSPC => e
         raise(e) if @cache_called
         @cache_called = true
 

data/lib/carrierwave/storage/fog.rb

@@ -177,7 +177,7 @@ module CarrierWave
 
         ##
         # Return a temporary authenticated url to a private file, if available
-        # Only supported for AWS, Rackspace and Google providers
+        # Only supported for AWS, Rackspace, Google and AzureRM providers
         #
         # === Returns
         #
@@ -186,18 +186,22 @@ module CarrierWave
         # [NilClass] no authenticated url available
         #
         def authenticated_url(options = {})
-          if ['AWS', 'Google', 'Rackspace', 'OpenStack'].include?(@uploader.fog_credentials[:provider])
+          if ['AWS', 'Google', 'Rackspace', 'OpenStack', 'AzureRM'].include?(@uploader.fog_credentials[:provider])
             # avoid a get by using local references
             local_directory = connection.directories.new(:key => @uploader.fog_directory)
             local_file = local_directory.files.new(:key => path)
             expire_at = ::Fog::Time.now + @uploader.fog_authenticated_url_expiration
             case @uploader.fog_credentials[:provider]
-              when 'AWS'
-                local_file.url(expire_at, options)
-              when 'Rackspace'
+              when 'AWS', 'Google'
+                # Older versions of fog-google do not support options as a parameter
+                if url_options_supported?(local_file)
+                  local_file.url(expire_at, options)
+                else
+                  warn "Options hash not supported in #{local_file.class}. You may need to upgrade your Fog provider."
+                  local_file.url(expire_at)
+                end
+              when 'Rackspace', 'OpenStack'
                 connection.get_object_https_url(@uploader.fog_directory, path, expire_at, options)
-              when 'OpenStack'
-                connection.get_object_https_url(@uploader.fog_directory, path, expire_at)
               else
                 local_file.url(expire_at)
             end
@@ -266,7 +270,7 @@ module CarrierWave
         end
 
         def initialize(uploader, base, path)
-          @uploader, @base, @path = uploader, base, path
+          @uploader, @base, @path, @content_type = uploader, base, path, nil
         end
 
         ##
@@ -276,6 +280,16 @@ module CarrierWave
         #
         # [String] contents of file
         def read
+          file_body = file.body
+
+          return if file_body.nil?
+          return file_body unless file_body.is_a?(::File)
+
+          # Fog::Storage::XXX::File#body could return the source file which was upoloaded to the remote server.
+          read_source_file(file_body) if ::File.exist?(file_body.path)
+
+          # If the source file doesn't exist, the remote content is read
+          @file = nil # rubocop:disable Gitlab/ModuleWithInstanceVariables
           file.body
         end
 
@@ -313,7 +327,7 @@ module CarrierWave
             fog_file = new_file.to_file
             @content_type ||= new_file.content_type
             @file = directory.files.create({
-              :body         => (fog_file ? fog_file : new_file).read,
+              :body         => fog_file ? fog_file : new_file.read,
               :content_type => @content_type,
               :key          => path,
               :public       => @uploader.fog_public
@@ -342,15 +356,19 @@ module CarrierWave
             end
           else
             # AWS/Google optimized for speed over correctness
-            case @uploader.fog_credentials[:provider].to_s
+            case fog_provider
             when 'AWS'
               # check if some endpoint is set in fog_credentials
               if @uploader.fog_credentials.has_key?(:endpoint)
                 "#{@uploader.fog_credentials[:endpoint]}/#{@uploader.fog_directory}/#{encoded_path}"
               else
                 protocol = @uploader.fog_use_ssl_for_aws ? "https" : "http"
+
+                subdomain_regex = /^(?:[a-z]|\d(?!\d{0,2}(?:\d{1,3}){3}$))(?:[a-z0-9\.]|(?![\-])|\-(?![\.])){1,61}[a-z0-9]$/
+                valid_subdomain = @uploader.fog_directory.to_s =~ subdomain_regex && !(protocol == 'https' && @uploader.fog_directory =~ /\./)
+
                 # if directory is a valid subdomain, use that style for access
-                if @uploader.fog_directory.to_s =~ /^(?:[a-z]|\d(?!\d{0,2}(?:\d{1,3}){3}$))(?:[a-z0-9\.]|(?![\-])|\-(?![\.])){1,61}[a-z0-9]$/
+                if valid_subdomain
                   s3_subdomain = @uploader.fog_aws_accelerate ? "s3-accelerate" : "s3"
                   "#{protocol}://#{@uploader.fog_directory}.#{s3_subdomain}.amazonaws.com/#{encoded_path}"
                 else
@@ -456,7 +474,31 @@ module CarrierWave
         end
 
         def acl_header
-          {'x-amz-acl' => @uploader.fog_public ? 'public-read' : 'private'}
+          if fog_provider == 'AWS'
+            { 'x-amz-acl' => @uploader.fog_public ? 'public-read' : 'private' }
+          else
+            {}
+          end
+        end
+
+        def fog_provider
+          @uploader.fog_credentials[:provider].to_s
+        end
+
+        def read_source_file(file_body)
+          return unless ::File.exist?(file_body.path)
+
+          begin
+            file_body = ::File.open(file_body.path) if file_body.closed? # Reopen if it's already closed
+            file_body.read
+          ensure
+            file_body.close
+          end
+        end
+
+        def url_options_supported?(local_file)
+          parameters = local_file.method(:url).parameters
+          parameters.count == 2 && parameters[1].include?(:options)
         end
       end
 

data/lib/carrierwave/uploader.rb

@@ -43,6 +43,15 @@ module CarrierWave
     class Base
       attr_reader :file
 
+      ##
+      # Workaround for class_attribute malfunction when used with Module#prepend
+      #
+      if RUBY_VERSION < '2.1.0'
+        def self.singleton_class?
+          !ancestors.include? self
+        end
+      end
+
       include CarrierWave::Uploader::Configuration
       include CarrierWave::Uploader::Callbacks
       include CarrierWave::Uploader::Proxy

data/lib/carrierwave/uploader/configuration.rb

@@ -117,12 +117,14 @@ module CarrierWave
 
         def add_config(name)
           class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            @#{name} = nil
+
             def self.eager_load_fog(fog_credentials)
               # see #1198. This will hopefully no longer be necessary after fog 2.0
               require self.fog_provider
               require 'carrierwave/storage/fog'
               Fog::Storage.new(fog_credentials) if fog_credentials.present?
-            end
+            end unless defined? eager_load_fog
 
             def self.#{name}(value=nil)
               @#{name} = value if value

data/lib/carrierwave/uploader/content_type_whitelist.rb

@@ -35,7 +35,7 @@ module CarrierWave
       def check_content_type_whitelist!(new_file)
         content_type = new_file.content_type
         if content_type_whitelist && !whitelisted_content_type?(content_type)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type, allowed_types: Array(content_type_whitelist).join(", "))
         end
       end
 

data/lib/carrierwave/uploader/download.rb

@@ -1,4 +1,5 @@
 require 'open-uri'
+require 'ssrf_filter'
 
 module CarrierWave
   module Uploader
@@ -10,14 +11,18 @@ module CarrierWave
       include CarrierWave::Uploader::Cache
 
       class RemoteFile
-        def initialize(uri, remote_headers = {})
+        attr_reader :uri
+
+        def initialize(uri, remote_headers = {}, skip_ssrf_protection: false)
           @uri = uri
-          @remote_headers = remote_headers
+          @remote_headers = remote_headers.reverse_merge('User-Agent' => "CarrierWave/#{CarrierWave::VERSION}")
+          @file, @content_type, @headers = nil
+          @skip_ssrf_protection = skip_ssrf_protection
         end
 
         def original_filename
           filename = filename_from_header || filename_from_uri
-          mime_type = MIME::Types[file.content_type].first
+          mime_type = MIME::Types[content_type].first
           unless File.extname(filename).present? || mime_type.blank?
             filename = "#{filename}.#{mime_type.extensions.first}"
           end
@@ -32,15 +37,35 @@ module CarrierWave
           @uri.scheme =~ /^https?$/
         end
 
-      private
+        def content_type
+          @content_type || 'application/octet-stream'
+        end
+
+        def headers
+          @headers || {}
+        end
+
+        private
 
         def file
           if @file.blank?
-            headers = @remote_headers.
-              reverse_merge('User-Agent' => "CarrierWave/#{CarrierWave::VERSION}")
-
-            @file = Kernel.open(@uri.to_s, headers)
-            @file = @file.is_a?(String) ? StringIO.new(@file) : @file
+            if @skip_ssrf_protection
+              @file = (URI.respond_to?(:open) ? URI : Kernel).open(@uri.to_s, @remote_headers)
+              @file = @file.is_a?(String) ? StringIO.new(@file) : @file
+              @content_type = @file.content_type
+              @headers = @file.meta
+              @uri = @file.base_uri
+            else
+              request = nil
+              response = SsrfFilter.get(@uri, headers: @remote_headers) do |req|
+                request = req
+              end
+              response.value
+              @file = StringIO.new(response.body)
+              @content_type = response.content_type
+              @headers = response
+              @uri = request.uri
+            end
           end
           @file
 
@@ -49,14 +74,14 @@ module CarrierWave
         end
 
         def filename_from_header
-          if file.meta.include? 'content-disposition'
-            match = file.meta['content-disposition'].match(/filename="?([^"]+)/)
+          if headers['content-disposition']
+            match = headers['content-disposition'].match(/filename="?([^"]+)/)
             return match[1] unless match.nil? || match[1].empty?
           end
         end
 
         def filename_from_uri
-          URI.decode(File.basename(file.base_uri.path))
+          URI::DEFAULT_PARSER.unescape(File.basename(@uri.path))
         end
 
         def method_missing(*args, &block)
@@ -74,7 +99,7 @@ module CarrierWave
       #
       def download!(uri, remote_headers = {})
         processed_uri = process_uri(uri)
-        file = RemoteFile.new(processed_uri, remote_headers)
+        file = RemoteFile.new(processed_uri, remote_headers, skip_ssrf_protection: skip_ssrf_protection?(processed_uri))
         raise CarrierWave::DownloadError, "trying to download a file which is not served over HTTP" unless file.http?
         cache!(file)
       end
@@ -91,11 +116,30 @@ module CarrierWave
       rescue URI::InvalidURIError
         uri_parts = uri.split('?')
         # regexp from Ruby's URI::Parser#regexp[:UNSAFE], with [] specifically removed
-        encoded_uri = URI.encode(uri_parts.shift, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,]/)
-        encoded_uri << '?' << URI.encode(uri_parts.join('?')) if uri_parts.any?
+        encoded_uri = URI::DEFAULT_PARSER.escape(uri_parts.shift, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,]/)
+        encoded_uri << '?' << URI::DEFAULT_PARSER.escape(uri_parts.join('?')) if uri_parts.any?
         URI.parse(encoded_uri) rescue raise CarrierWave::DownloadError, "couldn't parse URL"
       end
 
+      ##
+      # If this returns true, SSRF protection will be bypassed.
+      # You can override this if you want to allow accessing specific local URIs that are not SSRF exploitable.
+      #
+      # === Parameters
+      #
+      # [uri (URI)] The URI where the remote file is stored
+      #
+      # === Examples
+      #
+      #     class MyUploader < CarrierWave::Uploader::Base
+      #       def skip_ssrf_protection?(uri)
+      #         uri.hostname == 'localhost' && uri.port == 80
+      #       end
+      #     end
+      #
+      def skip_ssrf_protection?(uri)
+        false
+      end
     end # Download
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/store.rb

@@ -7,6 +7,15 @@ module CarrierWave
       include CarrierWave::Uploader::Configuration
       include CarrierWave::Uploader::Cache
 
+      included do
+        prepend Module.new {
+          def initialize(*)
+            super
+            @file, @filename, @cache_id = nil
+          end
+        }
+      end
+
       ##
       # Override this in your Uploader to change the filename.
       #

data/lib/carrierwave/uploader/versions.rb

@@ -19,6 +19,13 @@ module CarrierWave
         after :remove, :remove_versions!
         after :retrieve_from_cache, :retrieve_versions_from_cache!
         after :retrieve_from_store, :retrieve_versions_from_store!
+
+        prepend Module.new {
+          def initialize(*)
+            super
+            @versions = nil
+          end
+        }
       end
 
       module ClassMethods
@@ -77,7 +84,7 @@ module CarrierWave
               # value from the parent class unless explicitly overwritten
               def self.enable_processing(value=nil)
                 self.enable_processing = value if value
-                if !@enable_processing.nil?
+                if defined?(@enable_processing) && !@enable_processing.nil?
                   @enable_processing
                 else
                   superclass.enable_processing

data/lib/carrierwave/version.rb

@@ -1,3 +1,3 @@
 module CarrierWave
-  VERSION = "1.2.1"
+  VERSION = "1.3.2"
 end

data/lib/generators/templates/uploader.rb

@@ -1,5 +1,4 @@
 class <%= class_name %>Uploader < CarrierWave::Uploader::Base
-
   # Include RMagick or MiniMagick support:
   # include CarrierWave::RMagick
   # include CarrierWave::MiniMagick
@@ -45,5 +44,4 @@ class <%= class_name %>Uploader < CarrierWave::Uploader::Base
   # def filename
   #   "something.jpg" if original_filename
   # end
-
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: carrierwave
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.2
 platform: ruby
 authors:
 - Jonas Nicklas
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-10-04 00:00:00.000000000 Z
+date: 2021-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: ssrf_filter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -123,35 +137,49 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: fog
+  name: fog-aws
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.28.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.28.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: mini_magick
+  name: fog-google
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+- !ruby/object:Gem::Dependency
+  name: fog-local
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.6.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rmagick
+  name: fog-rackspace
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -164,6 +192,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: mini_magick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.6.0
+- !ruby/object:Gem::Dependency
+  name: rmagick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.16'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -243,8 +299,6 @@ files:
 - lib/carrierwave/uploader/extension_blacklist.rb
 - lib/carrierwave/uploader/extension_whitelist.rb
 - lib/carrierwave/uploader/file_size.rb
-- lib/carrierwave/uploader/magic_mime_blacklist.rb
-- lib/carrierwave/uploader/magic_mime_whitelist.rb
 - lib/carrierwave/uploader/mountable.rb
 - lib/carrierwave/uploader/processing.rb
 - lib/carrierwave/uploader/proxy.rb
@@ -263,7 +317,7 @@ homepage: https://github.com/carrierwaveuploader/carrierwave
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--main"
 require_paths:
@@ -279,9 +333,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.2
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Ruby file upload library
 test_files: []

data/lib/carrierwave/uploader/magic_mime_blacklist.rb

@@ -1,94 +0,0 @@
-module CarrierWave
-  module Uploader
-
-    ##
-    # This modules validates the content type of a file with the use of
-    # ruby-filemagic gem and a blacklist regular expression. If you want
-    # to use this, you'll need to require this file:
-    #
-    #   require 'carrierwave/uploader/magic_mime_blacklist'
-    #
-    # And then include it in your uploader:
-    #
-    #   class MyUploader < CarrierWave::Uploader::Base
-    #     include CarrierWave::Uploader::MagicMimeBlacklist
-    #
-    #     def blacklist_mime_type_pattern
-    #       /image\//
-    #     end
-    #   end
-    #
-    module MagicMimeBlacklist
-      extend ActiveSupport::Concern
-
-      included do
-        begin
-          require "filemagic"
-        rescue LoadError => e
-          e.message << " (You may need to install the ruby-filemagic gem)"
-          raise e
-        end
-
-        before :cache, :check_blacklist_pattern!
-      end
-
-      ##
-      # Override this method in your uploader to provide a black list pattern (regexp)
-      # of content-types which are prohibited to be uploaded.
-      # Compares the file's content-type.
-      #
-      # === Returns
-      #
-      # [Regexp] a black list regexp to match the content_type
-      #
-      # === Examples
-      #
-      #     def blacklist_mime_type_pattern
-      #       /(text|application)\/json/
-      #     end
-      #
-      def blacklist_mime_type_pattern; end
-
-    private
-
-      def check_blacklist_pattern!(new_file)
-        return if blacklist_mime_type_pattern.nil?
-
-        content_type = extract_content_type(new_file)
-
-        if content_type.match(blacklist_mime_type_pattern)
-          raise CarrierWave::IntegrityError,
-            I18n.translate(:"errors.messages.mime_type_pattern_black_list_error",
-                           :content_type => content_type)
-        end
-      end
-
-      ##
-      # Extracts the content type of the given file
-      #
-      # === Returns
-      #
-      # [String] the extracted content type
-      #
-      def extract_content_type(new_file)
-        content_type = nil
-
-        File.open(new_file.path) do |fd|
-          data = fd.read(1024) || ""
-          content_type = filemagic.buffer(data)
-        end
-
-        content_type
-      end
-
-    ##
-    # FileMagic object with the MAGIC_MIME_TYPE flag set
-    #
-    # @return [FileMagic] a filemagic object
-      def filemagic
-        @filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
-      end
-
-    end # MagicMimeblackList
-  end # Uploader
-end # CarrierWave

data/lib/carrierwave/uploader/magic_mime_whitelist.rb

@@ -1,94 +0,0 @@
-module CarrierWave
-  module Uploader
-
-    ##
-    # This modules validates the content type of a file with the use of
-    # ruby-filemagic gem and a whitelist regular expression. If you want
-    # to use this, you'll need to require this file:
-    #
-    #   require 'carrierwave/uploader/magic_mime_whitelist'
-    #
-    # And then include it in your uploader:
-    #
-    #   class MyUploader < CarrierWave::Uploader::Base
-    #     include CarrierWave::Uploader::MagicMimeWhitelist
-    #
-    #     def whitelist_mime_type_pattern
-    #       /image\//
-    #     end
-    #   end
-    #
-    module MagicMimeWhitelist
-      extend ActiveSupport::Concern
-
-      included do
-        begin
-          require "filemagic"
-        rescue LoadError => e
-          e.message << " (You may need to install the ruby-filemagic gem)"
-          raise e
-        end
-
-        before :cache, :check_whitelist_pattern!
-      end
-
-      ##
-      # Override this method in your uploader to provide a white list pattern (regexp)
-      # of content-types which are allowed to be uploaded.
-      # Compares the file's content-type.
-      #
-      # === Returns
-      #
-      # [Regexp] a white list regexp to match the content_type
-      #
-      # === Examples
-      #
-      #     def whitelist_mime_type_pattern
-      #       /(text|application)\/json/
-      #     end
-      #
-      def whitelist_mime_type_pattern; end
-
-    private
-
-      def check_whitelist_pattern!(new_file)
-        return if whitelist_mime_type_pattern.nil?
-
-        content_type = extract_content_type(new_file)
-
-        if !content_type.match(whitelist_mime_type_pattern)
-          raise CarrierWave::IntegrityError,
-            I18n.translate(:"errors.messages.mime_type_pattern_white_list_error",
-                           :content_type => content_type)
-        end
-      end
-
-      ##
-      # Extracts the content type of the given file
-      #
-      # === Returns
-      #
-      # [String] the extracted content type
-      #
-      def extract_content_type(new_file)
-        content_type = nil
-
-        File.open(new_file.path) do |fd|
-          data = fd.read(1024) || ""
-          content_type = filemagic.buffer(data)
-        end
-
-        content_type
-      end
-
-    ##
-    # FileMagic object with the MAGIC_MIME_TYPE flag set
-    #
-    # @return [FileMagic] a filemagic object
-      def filemagic
-        @filemagic ||= FileMagic.new(FileMagic::MAGIC_MIME_TYPE)
-      end
-
-    end # MagicMimeWhiteList
-  end # Uploader
-end # CarrierWave