carrierwave 1.3.2 → 2.2.5

data/lib/carrierwave/uploader/configuration.rb

@@ -1,3 +1,5 @@
+require 'carrierwave/downloader/base'
+
 module CarrierWave
 
   module Uploader
@@ -21,9 +23,10 @@ module CarrierWave
         add_config :move_to_cache
         add_config :move_to_store
         add_config :remove_previously_stored_files_after_update
+        add_config :downloader
 
         # fog
-        add_config :fog_provider
+        add_deprecated_config :fog_provider
         add_config :fog_attributes
         add_config :fog_credentials
         add_config :fog_directory
@@ -107,8 +110,8 @@ module CarrierWave
         #     cache_storage CarrierWave::Storage::File
         #     cache_storage MyCustomStorageEngine
         #
-        def cache_storage(storage = nil)
-          if storage
+        def cache_storage(storage = false)
+          unless storage == false
             self._cache_storage = storage.is_a?(Symbol) ? eval(storage_engines[storage]) : storage
           end
           _cache_storage
@@ -119,16 +122,8 @@ module CarrierWave
           class_eval <<-RUBY, __FILE__, __LINE__ + 1
             @#{name} = nil
 
-            def self.eager_load_fog(fog_credentials)
-              # see #1198. This will hopefully no longer be necessary after fog 2.0
-              require self.fog_provider
-              require 'carrierwave/storage/fog'
-              Fog::Storage.new(fog_credentials) if fog_credentials.present?
-            end unless defined? eager_load_fog
-
             def self.#{name}(value=nil)
               @#{name} = value if value
-              eager_load_fog(value) if value && '#{name}' == 'fog_credentials'
               return @#{name} if self.object_id == #{self.object_id} || defined?(@#{name})
               name = superclass.#{name}
               return nil if name.nil? && !instance_variable_defined?(:@#{name})
@@ -136,12 +131,10 @@ module CarrierWave
             end
 
             def self.#{name}=(value)
-              eager_load_fog(value) if '#{name}' == 'fog_credentials' && value.present?
               @#{name} = value
             end
 
             def #{name}=(value)
-              self.class.eager_load_fog(value) if '#{name}' == 'fog_credentials' && value.present?
               @#{name} = value
             end
 
@@ -157,6 +150,26 @@ module CarrierWave
           RUBY
         end
 
+        def add_deprecated_config(name)
+          class_eval <<-RUBY, __FILE__, __LINE__ + 1
+            def self.#{name}(value=nil)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def self.#{name}=(value)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def #{name}=(value)
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+
+            def #{name}
+              ActiveSupport::Deprecation.warn "##{name} is deprecated and has no effect"
+            end
+          RUBY
+        end
+
         def configure
           yield self
         end
@@ -173,8 +186,7 @@ module CarrierWave
               :fog  => "CarrierWave::Storage::Fog"
             }
             config.storage = :file
-            config.cache_storage = :file
-            config.fog_provider = 'fog'
+            config.cache_storage = nil
             config.fog_attributes = {}
             config.fog_credentials = {}
             config.fog_public = true
@@ -187,6 +199,7 @@ module CarrierWave
             config.move_to_cache = false
             config.move_to_store = false
             config.remove_previously_stored_files_after_update = true
+            config.downloader = CarrierWave::Downloader::Base
             config.ignore_integrity_errors = true
             config.ignore_processing_errors = true
             config.ignore_download_errors = true

data/lib/carrierwave/uploader/content_type_blacklist.rb

@@ -8,39 +8,48 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a blacklist of files content types
+      # Override this method in your uploader to provide a denylist of files content types
       # which are not allowed to be uploaded.
       # Not only strings but Regexp are allowed as well.
       #
       # === Returns
       #
-      # [NilClass, String, Regexp, Array[String, Regexp]] a blacklist of content types which are not allowed to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] a denylist of content types which are not allowed to be uploaded
       #
       # === Examples
       #
-      #     def content_type_blacklist
+      #     def content_type_denylist
       #       %w(text/json application/json)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def content_type_blacklist
+      #     def content_type_denylist
       #       [/(text|application)\/json/]
       #     end
       #
-      def content_type_blacklist; end
+      def content_type_denylist
+        if respond_to?(:content_type_blacklist)
+          ActiveSupport::Deprecation.warn "#content_type_blacklist is deprecated, use #content_type_denylist instead." unless instance_variable_defined?(:@content_type_blacklist_warned)
+          @content_type_blacklist_warned = true
+          content_type_blacklist
+        end
+      end
 
     private
 
       def check_content_type_blacklist!(new_file)
+        return unless content_type_denylist
+
         content_type = new_file.content_type
-        if content_type_blacklist && blacklisted_content_type?(content_type)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_blacklist_error", content_type: content_type)
+        if blacklisted_content_type?(content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_blacklist_error",
+                                                            content_type: content_type, default: :"errors.messages.content_type_denylist_error")
         end
       end
 
       def blacklisted_content_type?(content_type)
-        Array(content_type_blacklist).any? { |item| content_type =~ /#{item}/ }
+        Array(content_type_denylist).any? { |item| content_type =~ /#{item}/ }
       end
 
     end # ContentTypeBlacklist

data/lib/carrierwave/uploader/content_type_whitelist.rb

@@ -8,39 +8,51 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a whitelist of files content types
+      # Override this method in your uploader to provide an allowlist of files content types
       # which are allowed to be uploaded.
       # Not only strings but Regexp are allowed as well.
       #
       # === Returns
       #
-      # [NilClass, String, Regexp, Array[String, Regexp]] a whitelist of content types which are allowed to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of content types which are allowed to be uploaded
       #
       # === Examples
       #
-      #     def content_type_whitelist
+      #     def content_type_allowlist
       #       %w(text/json application/json)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def content_type_whitelist
+      #     def content_type_allowlist
       #       [/(text|application)\/json/]
       #     end
       #
-      def content_type_whitelist; end
+      def content_type_allowlist
+        if respond_to?(:content_type_whitelist)
+          ActiveSupport::Deprecation.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned)
+          @content_type_whitelist_warned = true
+          content_type_whitelist
+        end
+      end
 
     private
 
       def check_content_type_whitelist!(new_file)
+        return unless content_type_allowlist
+
         content_type = new_file.content_type
-        if content_type_whitelist && !whitelisted_content_type?(content_type)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type, allowed_types: Array(content_type_whitelist).join(", "))
+        if !whitelisted_content_type?(content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type,
+                                                            allowed_types: Array(content_type_allowlist).join(", "), default: :"errors.messages.content_type_allowlist_error")
         end
       end
 
       def whitelisted_content_type?(content_type)
-        Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ }
+        Array(content_type_allowlist).any? do |item|
+          item = Regexp.quote(item) if item.class != Regexp
+          content_type =~ /\A#{item}/
+        end
       end
 
     end # ContentTypeWhitelist

data/lib/carrierwave/uploader/download.rb

@@ -1,6 +1,3 @@
-require 'open-uri'
-require 'ssrf_filter'
-
 module CarrierWave
   module Uploader
     module Download
@@ -10,87 +7,8 @@ module CarrierWave
       include CarrierWave::Uploader::Configuration
       include CarrierWave::Uploader::Cache
 
-      class RemoteFile
-        attr_reader :uri
-
-        def initialize(uri, remote_headers = {}, skip_ssrf_protection: false)
-          @uri = uri
-          @remote_headers = remote_headers.reverse_merge('User-Agent' => "CarrierWave/#{CarrierWave::VERSION}")
-          @file, @content_type, @headers = nil
-          @skip_ssrf_protection = skip_ssrf_protection
-        end
-
-        def original_filename
-          filename = filename_from_header || filename_from_uri
-          mime_type = MIME::Types[content_type].first
-          unless File.extname(filename).present? || mime_type.blank?
-            filename = "#{filename}.#{mime_type.extensions.first}"
-          end
-          filename
-        end
-
-        def respond_to?(*args)
-          super or file.respond_to?(*args)
-        end
-
-        def http?
-          @uri.scheme =~ /^https?$/
-        end
-
-        def content_type
-          @content_type || 'application/octet-stream'
-        end
-
-        def headers
-          @headers || {}
-        end
-
-        private
-
-        def file
-          if @file.blank?
-            if @skip_ssrf_protection
-              @file = (URI.respond_to?(:open) ? URI : Kernel).open(@uri.to_s, @remote_headers)
-              @file = @file.is_a?(String) ? StringIO.new(@file) : @file
-              @content_type = @file.content_type
-              @headers = @file.meta
-              @uri = @file.base_uri
-            else
-              request = nil
-              response = SsrfFilter.get(@uri, headers: @remote_headers) do |req|
-                request = req
-              end
-              response.value
-              @file = StringIO.new(response.body)
-              @content_type = response.content_type
-              @headers = response
-              @uri = request.uri
-            end
-          end
-          @file
-
-        rescue StandardError => e
-          raise CarrierWave::DownloadError, "could not download file: #{e.message}"
-        end
-
-        def filename_from_header
-          if headers['content-disposition']
-            match = headers['content-disposition'].match(/filename="?([^"]+)/)
-            return match[1] unless match.nil? || match[1].empty?
-          end
-        end
-
-        def filename_from_uri
-          URI::DEFAULT_PARSER.unescape(File.basename(@uri.path))
-        end
-
-        def method_missing(*args, &block)
-          file.send(*args, &block)
-        end
-      end
-
       ##
-      # Caches the file by downloading it from the given URL.
+      # Caches the file by downloading it from the given URL, using downloader.
       #
       # === Parameters
       #
@@ -98,48 +16,9 @@ module CarrierWave
       # [remote_headers (Hash)] Request headers
       #
       def download!(uri, remote_headers = {})
-        processed_uri = process_uri(uri)
-        file = RemoteFile.new(processed_uri, remote_headers, skip_ssrf_protection: skip_ssrf_protection?(processed_uri))
-        raise CarrierWave::DownloadError, "trying to download a file which is not served over HTTP" unless file.http?
+        file = downloader.new(self).download(uri, remote_headers)
         cache!(file)
       end
-
-      ##
-      # Processes the given URL by parsing and escaping it. Public to allow overriding.
-      #
-      # === Parameters
-      #
-      # [url (String)] The URL where the remote file is stored
-      #
-      def process_uri(uri)
-        URI.parse(uri)
-      rescue URI::InvalidURIError
-        uri_parts = uri.split('?')
-        # regexp from Ruby's URI::Parser#regexp[:UNSAFE], with [] specifically removed
-        encoded_uri = URI::DEFAULT_PARSER.escape(uri_parts.shift, /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,]/)
-        encoded_uri << '?' << URI::DEFAULT_PARSER.escape(uri_parts.join('?')) if uri_parts.any?
-        URI.parse(encoded_uri) rescue raise CarrierWave::DownloadError, "couldn't parse URL"
-      end
-
-      ##
-      # If this returns true, SSRF protection will be bypassed.
-      # You can override this if you want to allow accessing specific local URIs that are not SSRF exploitable.
-      #
-      # === Parameters
-      #
-      # [uri (URI)] The URI where the remote file is stored
-      #
-      # === Examples
-      #
-      #     class MyUploader < CarrierWave::Uploader::Base
-      #       def skip_ssrf_protection?(uri)
-      #         uri.hostname == 'localhost' && uri.port == 80
-      #       end
-      #     end
-      #
-      def skip_ssrf_protection?(uri)
-        false
-      end
     end # Download
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/extension_blacklist.rb

@@ -8,43 +8,51 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a black list of extensions which
+      # Override this method in your uploader to provide a denylist of extensions which
       # are prohibited to be uploaded. Compares the file's extension case insensitive.
       # Furthermore, not only strings but Regexp are allowed as well.
       #
-      # When using a Regexp in the black list, `\A` and `\z` are automatically added to
+      # When using a Regexp in the denylist, `\A` and `\z` are automatically added to
       # the Regexp expression, also case insensitive.
       #
       # === Returns
 
-      # [NilClass, String, Regexp, Array[String, Regexp]] a black list of extensions which are prohibited to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] a deny list of extensions which are prohibited to be uploaded
       #
       # === Examples
       #
-      #     def extension_blacklist
+      #     def extension_denylist
       #       %w(swf tiff)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def extension_blacklist
+      #     def extension_denylist
       #       [/swf/, 'tiff']
       #     end
       #
-
-      def extension_blacklist; end
+      def extension_denylist
+        if respond_to?(:extension_blacklist)
+          ActiveSupport::Deprecation.warn "#extension_blacklist is deprecated, use #extension_denylist instead." unless instance_variable_defined?(:@extension_blacklist_warned)
+          @extension_blacklist_warned = true
+          extension_blacklist
+        end
+      end
 
     private
 
       def check_extension_blacklist!(new_file)
+        return unless extension_denylist
+
         extension = new_file.extension.to_s
-        if extension_blacklist && blacklisted_extension?(extension)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect, prohibited_types: Array(extension_blacklist).join(", "))
+        if blacklisted_extension?(extension)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect,
+                                                            prohibited_types: Array(extension_denylist).join(", "), default: :"errors.messages.extension_denylist_error")
         end
       end
 
       def blacklisted_extension?(extension)
-        Array(extension_blacklist).any? { |item| extension =~ /\A#{item}\z/i }
+        Array(extension_denylist).any? { |item| extension =~ /\A#{item}\z/i }
       end
     end
   end

data/lib/carrierwave/uploader/extension_whitelist.rb

@@ -8,45 +8,54 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a white list of extensions which
+      # Override this method in your uploader to provide an allowlist of extensions which
       # are allowed to be uploaded. Compares the file's extension case insensitive.
       # Furthermore, not only strings but Regexp are allowed as well.
       #
-      # When using a Regexp in the white list, `\A` and `\z` are automatically added to
+      # When using a Regexp in the allowlist, `\A` and `\z` are automatically added to
       # the Regexp expression, also case insensitive.
       #
       # === Returns
       #
-      # [NilClass, String, Regexp, Array[String, Regexp]] a white list of extensions which are allowed to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of extensions which are allowed to be uploaded
       #
       # === Examples
       #
-      #     def extension_whitelist
+      #     def extension_allowlist
       #       %w(jpg jpeg gif png)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def extension_whitelist
+      #     def extension_allowlist
       #       [/jpe?g/, 'gif', 'png']
       #     end
       #
-      def extension_whitelist; end
+      def extension_allowlist
+        if respond_to?(:extension_whitelist)
+          ActiveSupport::Deprecation.warn "#extension_whitelist is deprecated, use #extension_allowlist instead." unless instance_variable_defined?(:@extension_whitelist_warned)
+          @extension_whitelist_warned = true
+          extension_whitelist
+        end
+      end
 
     private
 
       def check_extension_whitelist!(new_file)
+        return unless extension_allowlist
+
         extension = new_file.extension.to_s
-        if extension_whitelist && !whitelisted_extension?(extension)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect, allowed_types: Array(extension_whitelist).join(", "))
+        if !whitelisted_extension?(extension)
+          # Look for whitelist first, then fallback to allowlist
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect,
+                                                            allowed_types: Array(extension_allowlist).join(", "), default: :"errors.messages.extension_allowlist_error")
         end
       end
 
       def whitelisted_extension?(extension)
         downcase_extension = extension.downcase
-        Array(extension_whitelist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
+        Array(extension_allowlist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
       end
-
     end # ExtensionWhitelist
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/mountable.rb

@@ -33,6 +33,12 @@ module CarrierWave
         @mounted_as = mounted_as
       end
 
+      ##
+      # Returns array index of given uploader within currently mounted uploaders
+      #
+      def index
+        model.__send__(:_mounter, mounted_as).uploaders.index(self)
+      end
     end # Mountable
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/processing.rb

@@ -80,7 +80,17 @@ module CarrierWave
                 next unless self.send(condition, new_file)
               end
             end
-            self.send(method, *args)
+
+            if args.is_a? Array
+              kwargs, args = args.partition { |arg| arg.is_a? Hash }
+            end
+
+            if kwargs.present?
+              kwargs = kwargs.reduce(:merge)
+              self.send(method, *args, **kwargs)
+            else
+              self.send(method, *args)
+            end
           end
         end
       end

data/lib/carrierwave/uploader/proxy.rb

@@ -23,14 +23,14 @@ module CarrierWave
       alias_method :path, :current_path
 
       ##
-      # Returns a string that uniquely identifies the last stored file
+      # Returns a string that uniquely identifies the retrieved or last stored file
       #
       # === Returns
       #
       # [String] uniquely identifies a file
       #
       def identifier
-        storage.try(:identifier)
+        @identifier || storage.try(:identifier)
       end
 
       ##

data/lib/carrierwave/uploader/serialization.rb

@@ -7,7 +7,7 @@ module CarrierWave
       extend ActiveSupport::Concern
 
       def serializable_hash(options = nil)
-        {"url" => url}.merge Hash[versions.map { |name, version| [name, { "url" => version.url }] }]
+        {"url" => url}.merge Hash[versions.map { |name, version| [name.to_s, { "url" => version.url }] }]
       end
 
       def as_json(options=nil)

data/lib/carrierwave/uploader/store.rb

@@ -11,7 +11,7 @@ module CarrierWave
         prepend Module.new {
           def initialize(*)
             super
-            @file, @filename, @cache_id = nil
+            @file, @filename, @cache_id, @identifier = nil
           end
         }
       end
@@ -61,7 +61,7 @@ module CarrierWave
       #
       def store!(new_file=nil)
         cache!(new_file) if new_file && ((@cache_id != parent_cache_id) || @cache_id.nil?)
-        if !cache_only and @file and @cache_id
+        if !cache_only && @file && @cache_id
           with_callbacks(:store, new_file) do
             new_file = storage.store!(@file)
             if delete_tmp_file_after_storage
@@ -69,7 +69,8 @@ module CarrierWave
               cache_storage.delete_dir!(cache_path(nil))
             end
             @file = new_file
-            @cache_id = nil
+            @cache_id = @identifier = nil
+            @staged = false
           end
         end
       end
@@ -84,6 +85,7 @@ module CarrierWave
       def retrieve_from_store!(identifier)
         with_callbacks(:retrieve_from_store, identifier) do
           @file = storage.retrieve!(identifier)
+          @identifier = identifier
         end
       end
 

data/lib/carrierwave/uploader/url.rb

@@ -15,9 +15,12 @@ module CarrierWave
       # [String] the location where this file is accessible via a url
       #
       def url(options = {})
-        if file.respond_to?(:url) and not (tmp_url = file.url).blank?
-          file.method(:url).arity == 0 ? tmp_url : file.url(options)
-        elsif file.respond_to?(:path)
+        if file.respond_to?(:url)
+          tmp_url = file.method(:url).arity.zero? ? file.url : file.url(options)
+          return tmp_url if tmp_url.present?
+        end
+
+        if file.respond_to?(:path)
           path = encode_path(file.path.sub(File.expand_path(root), ''))
 
           if host = asset_host