carrierwave 2.0.0 → 2.2.0

data/lib/carrierwave/uploader/content_type_whitelist.rb

@@ -8,39 +8,51 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a whitelist of files content types
+      # Override this method in your uploader to provide an allowlist of files content types
       # which are allowed to be uploaded.
       # Not only strings but Regexp are allowed as well.
       #
       # === Returns
       #
-      # [NilClass, String, Regexp, Array[String, Regexp]] a whitelist of content types which are allowed to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of content types which are allowed to be uploaded
       #
       # === Examples
       #
-      #     def content_type_whitelist
+      #     def content_type_allowlist
       #       %w(text/json application/json)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def content_type_whitelist
+      #     def content_type_allowlist
       #       [/(text|application)\/json/]
       #     end
       #
-      def content_type_whitelist; end
+      def content_type_allowlist
+        if respond_to?(:content_type_whitelist)
+          ActiveSupport::Deprecation.warn "#content_type_whitelist is deprecated, use #content_type_allowlist instead." unless instance_variable_defined?(:@content_type_whitelist_warned)
+          @content_type_whitelist_warned = true
+          content_type_whitelist
+        end
+      end
 
     private
 
       def check_content_type_whitelist!(new_file)
+        return unless content_type_allowlist
+
         content_type = new_file.content_type
-        if content_type_whitelist && !whitelisted_content_type?(content_type)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type, allowed_types: Array(content_type_whitelist).join(", "))
+        if !whitelisted_content_type?(content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_whitelist_error", content_type: content_type,
+                                                            allowed_types: Array(content_type_allowlist).join(", "), default: :"errors.messages.content_type_allowlist_error")
         end
       end
 
       def whitelisted_content_type?(content_type)
-        Array(content_type_whitelist).any? { |item| content_type =~ /#{item}/ }
+        Array(content_type_allowlist).any? do |item|
+          item = Regexp.quote(item) if item.class != Regexp
+          content_type =~ /#{item}/
+        end
       end
 
     end # ContentTypeWhitelist

data/lib/carrierwave/uploader/extension_blacklist.rb

@@ -8,43 +8,51 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a black list of extensions which
+      # Override this method in your uploader to provide a denylist of extensions which
       # are prohibited to be uploaded. Compares the file's extension case insensitive.
       # Furthermore, not only strings but Regexp are allowed as well.
       #
-      # When using a Regexp in the black list, `\A` and `\z` are automatically added to
+      # When using a Regexp in the denylist, `\A` and `\z` are automatically added to
       # the Regexp expression, also case insensitive.
       #
       # === Returns
 
-      # [NilClass, String, Regexp, Array[String, Regexp]] a black list of extensions which are prohibited to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] a deny list of extensions which are prohibited to be uploaded
       #
       # === Examples
       #
-      #     def extension_blacklist
+      #     def extension_denylist
       #       %w(swf tiff)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def extension_blacklist
+      #     def extension_denylist
       #       [/swf/, 'tiff']
       #     end
       #
-
-      def extension_blacklist; end
+      def extension_denylist
+        if respond_to?(:extension_blacklist)
+          ActiveSupport::Deprecation.warn "#extension_blacklist is deprecated, use #extension_denylist instead." unless instance_variable_defined?(:@extension_blacklist_warned)
+          @extension_blacklist_warned = true
+          extension_blacklist
+        end
+      end
 
     private
 
       def check_extension_blacklist!(new_file)
+        return unless extension_denylist
+
         extension = new_file.extension.to_s
-        if extension_blacklist && blacklisted_extension?(extension)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect, prohibited_types: Array(extension_blacklist).join(", "))
+        if blacklisted_extension?(extension)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect,
+                                                            prohibited_types: Array(extension_denylist).join(", "), default: :"errors.messages.extension_denylist_error")
         end
       end
 
       def blacklisted_extension?(extension)
-        Array(extension_blacklist).any? { |item| extension =~ /\A#{item}\z/i }
+        Array(extension_denylist).any? { |item| extension =~ /\A#{item}\z/i }
       end
     end
   end

data/lib/carrierwave/uploader/extension_whitelist.rb

@@ -8,45 +8,54 @@ module CarrierWave
       end
 
       ##
-      # Override this method in your uploader to provide a white list of extensions which
+      # Override this method in your uploader to provide an allowlist of extensions which
       # are allowed to be uploaded. Compares the file's extension case insensitive.
       # Furthermore, not only strings but Regexp are allowed as well.
       #
-      # When using a Regexp in the white list, `\A` and `\z` are automatically added to
+      # When using a Regexp in the allowlist, `\A` and `\z` are automatically added to
       # the Regexp expression, also case insensitive.
       #
       # === Returns
       #
-      # [NilClass, String, Regexp, Array[String, Regexp]] a white list of extensions which are allowed to be uploaded
+      # [NilClass, String, Regexp, Array[String, Regexp]] an allowlist of extensions which are allowed to be uploaded
       #
       # === Examples
       #
-      #     def extension_whitelist
+      #     def extension_allowlist
       #       %w(jpg jpeg gif png)
       #     end
       #
       # Basically the same, but using a Regexp:
       #
-      #     def extension_whitelist
+      #     def extension_allowlist
       #       [/jpe?g/, 'gif', 'png']
       #     end
       #
-      def extension_whitelist; end
+      def extension_allowlist
+        if respond_to?(:extension_whitelist)
+          ActiveSupport::Deprecation.warn "#extension_whitelist is deprecated, use #extension_allowlist instead." unless instance_variable_defined?(:@extension_whitelist_warned)
+          @extension_whitelist_warned = true
+          extension_whitelist
+        end
+      end
 
     private
 
       def check_extension_whitelist!(new_file)
+        return unless extension_allowlist
+
         extension = new_file.extension.to_s
-        if extension_whitelist && !whitelisted_extension?(extension)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect, allowed_types: Array(extension_whitelist).join(", "))
+        if !whitelisted_extension?(extension)
+          # Look for whitelist first, then fallback to allowlist
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect,
+                                                            allowed_types: Array(extension_allowlist).join(", "), default: :"errors.messages.extension_allowlist_error")
         end
       end
 
       def whitelisted_extension?(extension)
         downcase_extension = extension.downcase
-        Array(extension_whitelist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
+        Array(extension_allowlist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
       end
-
     end # ExtensionWhitelist
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/url.rb

@@ -15,9 +15,12 @@ module CarrierWave
       # [String] the location where this file is accessible via a url
       #
       def url(options = {})
-        if file.respond_to?(:url) && !(tmp_url = file.url).blank?
-          file.method(:url).arity.zero? ? tmp_url : file.url(options)
-        elsif file.respond_to?(:path)
+        if file.respond_to?(:url)
+          tmp_url = file.method(:url).arity.zero? ? file.url : file.url(options)
+          return tmp_url if tmp_url.present?
+        end
+
+        if file.respond_to?(:path)
           path = encode_path(file.path.sub(File.expand_path(root), ''))
 
           if host = asset_host

data/lib/carrierwave/uploader/versions.rb

@@ -23,7 +23,7 @@ module CarrierWave
         prepend Module.new {
           def initialize(*)
             super
-            @versions = nil
+            @versions, @versions_to_cache, @versions_to_store = nil
           end
         }
       end

data/lib/carrierwave/version.rb

@@ -1,3 +1,3 @@
 module CarrierWave
-  VERSION = "2.0.0"
+  VERSION = "2.2.0"
 end

data/lib/generators/templates/uploader.rb

@@ -33,9 +33,9 @@ class <%= class_name %>Uploader < CarrierWave::Uploader::Base
   #   process resize_to_fit: [50, 50]
   # end
 
-  # Add a white list of extensions which are allowed to be uploaded.
+  # Add an allowlist of extensions which are allowed to be uploaded.
   # For images you might use something like this:
-  # def extension_whitelist
+  # def extension_allowlist
   #   %w(jpg jpeg gif png)
   # end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: carrierwave
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Jonas Nicklas
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-18 00:00:00.000000000 Z
+date: 2021-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -94,6 +94,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: ssrf_filter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -238,14 +252,14 @@ dependencies:
   name: rmagick
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.16'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '2.16'
 - !ruby/object:Gem::Dependency
@@ -290,6 +304,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Upload files in your Ruby applications, map them to a range of ORMs,
   store them on different backends.
 email:
@@ -312,6 +340,7 @@ files:
 - lib/carrierwave/processing.rb
 - lib/carrierwave/processing/mini_magick.rb
 - lib/carrierwave/processing/rmagick.rb
+- lib/carrierwave/processing/vips.rb
 - lib/carrierwave/sanitized_file.rb
 - lib/carrierwave/storage.rb
 - lib/carrierwave/storage/abstract.rb
@@ -347,7 +376,7 @@ homepage: https://github.com/carrierwaveuploader/carrierwave
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--main"
 require_paths:
@@ -363,8 +392,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Ruby file upload library
 test_files: []