carrierwave 2.2.6 → 3.1.0

data/lib/carrierwave/uploader/{content_type_blacklist.rb → content_type_denylist.rb}

@@ -1,10 +1,10 @@
 module CarrierWave
   module Uploader
-    module ContentTypeBlacklist
+    module ContentTypeDenylist
       extend ActiveSupport::Concern
 
       included do
-        before :cache, :check_content_type_blacklist!
+        before :cache, :check_content_type_denylist!
       end
 
       ##
@@ -29,29 +29,34 @@ module CarrierWave
       #     end
       #
       def content_type_denylist
-        if respond_to?(:content_type_blacklist)
-          ActiveSupport::Deprecation.warn "#content_type_blacklist is deprecated, use #content_type_denylist instead." unless instance_variable_defined?(:@content_type_blacklist_warned)
-          @content_type_blacklist_warned = true
-          content_type_blacklist
-        end
       end
 
     private
 
-      def check_content_type_blacklist!(new_file)
-        return unless content_type_denylist
+      def check_content_type_denylist!(new_file)
+        denylist = content_type_denylist
+        if !denylist && respond_to?(:content_type_blacklist) && content_type_blacklist
+          CarrierWave.deprecator.warn "#content_type_blacklist is deprecated, use #content_type_denylist instead." unless instance_variable_defined?(:@content_type_blacklist_warned)
+          @content_type_blacklist_warned = true
+          denylist = content_type_blacklist
+        end
+
+        return unless denylist
+
+        CarrierWave.deprecator.warn "Use of #content_type_denylist is deprecated for the security reason, use #content_type_allowlist instead to explicitly state what are safe to accept" unless instance_variable_defined?(:@content_type_denylist_warned)
+        @content_type_denylist_warned = true
 
         content_type = new_file.content_type
-        if blacklisted_content_type?(content_type)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_blacklist_error",
-                                                            content_type: content_type, default: :"errors.messages.content_type_denylist_error")
+        if denylisted_content_type?(denylist, content_type)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.content_type_denylist_error",
+                                                            content_type: content_type, default: :"errors.messages.content_type_blacklist_error")
         end
       end
 
-      def blacklisted_content_type?(content_type)
-        Array(content_type_denylist).any? { |item| content_type =~ /#{item}/ }
+      def denylisted_content_type?(denylist, content_type)
+        Array(denylist).any? { |item| content_type =~ /#{item}/ }
       end
 
-    end # ContentTypeBlacklist
+    end # ContentTypeDenylist
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/dimension.rb

@@ -0,0 +1,66 @@
+require 'active_support'
+
+module CarrierWave
+  module Uploader
+    module Dimension
+      extend ActiveSupport::Concern
+
+      included do
+        before :cache, :check_dimensions!
+      end
+
+      ##
+      # Override this method in your uploader to provide a Range of width which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a width range which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def width_range
+      #       1000..2000
+      #     end
+      #
+      def width_range; end
+
+      ##
+      # Override this method in your uploader to provide a Range of height which
+      # are allowed to be uploaded.
+      # === Returns
+      #
+      # [NilClass, Range] a height range which are permitted to be uploaded
+      #
+      # === Examples
+      #
+      #     def height_range
+      #       1000..
+      #     end
+      #
+      def height_range; end
+
+    private
+
+      def check_dimensions!(new_file)
+        # NOTE: Skip the check for resized images
+        return if version_name.present?
+        return unless width_range || height_range
+
+        unless respond_to?(:width) || respond_to?(:height)
+          raise 'You need to include one of CarrierWave::MiniMagick, CarrierWave::RMagick, or CarrierWave::Vips to perform image dimension validation'
+        end
+
+        if width_range&.begin && width < width_range.begin
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.min_width_error", :min_width => ActiveSupport::NumberHelper.number_to_delimited(width_range.begin))
+        elsif width_range&.end && width > width_range.end
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.max_width_error", :max_width => ActiveSupport::NumberHelper.number_to_delimited(width_range.end))
+        elsif height_range&.begin && height < height_range.begin
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.min_height_error", :min_height => ActiveSupport::NumberHelper.number_to_delimited(height_range.begin))
+        elsif height_range&.end && height > height_range.end
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.max_height_error", :max_height => ActiveSupport::NumberHelper.number_to_delimited(height_range.end))
+        end
+      end
+
+    end # Dimension
+  end # Uploader
+end # CarrierWave

data/lib/carrierwave/uploader/{extension_whitelist.rb → extension_allowlist.rb}

@@ -1,10 +1,10 @@
 module CarrierWave
   module Uploader
-    module ExtensionWhitelist
+    module ExtensionAllowlist
       extend ActiveSupport::Concern
 
       included do
-        before :cache, :check_extension_whitelist!
+        before :cache, :check_extension_allowlist!
       end
 
       ##
@@ -32,30 +32,32 @@ module CarrierWave
       #     end
       #
       def extension_allowlist
-        if respond_to?(:extension_whitelist)
-          ActiveSupport::Deprecation.warn "#extension_whitelist is deprecated, use #extension_allowlist instead." unless instance_variable_defined?(:@extension_whitelist_warned)
-          @extension_whitelist_warned = true
-          extension_whitelist
-        end
       end
 
     private
 
-      def check_extension_whitelist!(new_file)
-        return unless extension_allowlist
+      def check_extension_allowlist!(new_file)
+        allowlist = extension_allowlist
+        if !allowlist && respond_to?(:extension_whitelist) && extension_whitelist
+          CarrierWave.deprecator.warn "#extension_whitelist is deprecated, use #extension_allowlist instead." unless instance_variable_defined?(:@extension_whitelist_warned)
+          @extension_whitelist_warned = true
+          allowlist = extension_whitelist
+        end
+
+        return unless allowlist
 
         extension = new_file.extension.to_s
-        if !whitelisted_extension?(extension)
+        if !allowlisted_extension?(allowlist, extension)
           # Look for whitelist first, then fallback to allowlist
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_whitelist_error", extension: new_file.extension.inspect,
-                                                            allowed_types: Array(extension_allowlist).join(", "), default: :"errors.messages.extension_allowlist_error")
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_allowlist_error", extension: new_file.extension.inspect,
+                                                            allowed_types: Array(allowlist).join(", "), default: :"errors.messages.extension_whitelist_error")
         end
       end
 
-      def whitelisted_extension?(extension)
+      def allowlisted_extension?(allowlist, extension)
         downcase_extension = extension.downcase
-        Array(extension_allowlist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
+        Array(allowlist).any? { |item| downcase_extension =~ /\A#{item}\z/i }
       end
-    end # ExtensionWhitelist
+    end # ExtensionAllowlist
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/{extension_blacklist.rb → extension_denylist.rb}

@@ -1,10 +1,10 @@
 module CarrierWave
   module Uploader
-    module ExtensionBlacklist
+    module ExtensionDenylist
       extend ActiveSupport::Concern
 
       included do
-        before :cache, :check_extension_blacklist!
+        before :cache, :check_extension_denylist!
       end
 
       ##
@@ -32,27 +32,32 @@ module CarrierWave
       #     end
       #
       def extension_denylist
-        if respond_to?(:extension_blacklist)
-          ActiveSupport::Deprecation.warn "#extension_blacklist is deprecated, use #extension_denylist instead." unless instance_variable_defined?(:@extension_blacklist_warned)
-          @extension_blacklist_warned = true
-          extension_blacklist
-        end
       end
 
     private
 
-      def check_extension_blacklist!(new_file)
-        return unless extension_denylist
+      def check_extension_denylist!(new_file)
+        denylist = extension_denylist
+        if !denylist && respond_to?(:extension_blacklist) && extension_blacklist
+          CarrierWave.deprecator.warn "#extension_blacklist is deprecated, use #extension_denylist instead." unless instance_variable_defined?(:@extension_blacklist_warned)
+          @extension_blacklist_warned = true
+          denylist = extension_blacklist
+        end
+
+        return unless denylist
+
+        CarrierWave.deprecator.warn "Use of #extension_denylist is deprecated for the security reason, use #extension_allowlist instead to explicitly state what are safe to accept" unless instance_variable_defined?(:@extension_denylist_warned)
+        @extension_denylist_warned = true
 
         extension = new_file.extension.to_s
-        if blacklisted_extension?(extension)
-          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_blacklist_error", extension: new_file.extension.inspect,
-                                                            prohibited_types: Array(extension_denylist).join(", "), default: :"errors.messages.extension_denylist_error")
+        if denylisted_extension?(denylist, extension)
+          raise CarrierWave::IntegrityError, I18n.translate(:"errors.messages.extension_denylist_error", extension: new_file.extension.inspect,
+                                                            prohibited_types: Array(extension_denylist).join(", "), default: :"errors.messages.extension_blacklist_error")
         end
       end
 
-      def blacklisted_extension?(extension)
-        Array(extension_denylist).any? { |item| extension =~ /\A#{item}\z/i }
+      def denylisted_extension?(denylist, extension)
+        Array(denylist).any? { |item| extension =~ /\A#{item}\z/i }
       end
     end
   end

data/lib/carrierwave/uploader/file_size.rb

@@ -14,7 +14,7 @@ module CarrierWave
       # are allowed to be uploaded.
       # === Returns
       #
-      # [NilClass, Range] a size range which are permitted to be uploaded
+      # [NilClass, Range] a size range (in bytes) which are permitted to be uploaded
       #
       # === Examples
       #
@@ -24,7 +24,7 @@ module CarrierWave
       #
       def size_range; end
 
-      private
+    private
 
       def check_size!(new_file)
         size = new_file.size

data/lib/carrierwave/uploader/processing.rb

@@ -18,7 +18,7 @@ module CarrierWave
         # Adds a processor callback which applies operations as a file is uploaded.
         # The argument may be the name of any method of the uploader, expressed as a symbol,
         # or a list of such methods, or a hash where the key is a method and the value is
-        # an array of arguments to call the method with
+        # an array of arguments to call the method with. Also accepts an :if or :unless condition
         #
         # === Parameters
         #
@@ -31,6 +31,7 @@ module CarrierWave
         #       process :sepiatone, :vignette
         #       process :scale => [200, 200]
         #       process :scale => [200, 200], :if => :image?
+        #       process :scale => [200, 200], :unless => :disallowed_image_type?
         #       process :sepiatone, :if => :image?
         #
         #       def sepiatone
@@ -49,6 +50,10 @@ module CarrierWave
         #         ...
         #       end
         #
+        #       def disallowed_image_type?
+        #         ...
+        #       end
+        #
         #     end
         #
         def process(*args)
@@ -57,12 +62,20 @@ module CarrierWave
             hash.merge!(arg)
           end
 
-          condition = new_processors.delete(:if)
+          condition_type = new_processors.keys.detect { |key| [:if, :unless].include?(key) }
+          condition = new_processors.delete(:if) || new_processors.delete(:unless)
           new_processors.each do |processor, processor_args|
-            self.processors += [[processor, processor_args, condition]]
+            self.processors += [[processor, processor_args, condition, condition_type]]
+
+            if processor == :convert
+              # Treat :convert specially, since it should trigger the file extension change
+              force_extension processor_args
+              if condition
+                warn "Use of 'process convert: format' with conditionals has an issue and doesn't work correctly. See https://github.com/carrierwaveuploader/carrierwave/issues/2723 for details. "
+              end
+            end
           end
         end
-
       end # ClassMethods
 
       ##
@@ -72,13 +85,19 @@ module CarrierWave
         return unless enable_processing
 
         with_callbacks(:process, new_file) do
-          self.class.processors.each do |method, args, condition|
-            if(condition)
+          self.class.processors.each do |method, args, condition, condition_type|
+            if condition && condition_type == :if
               if condition.respond_to?(:call)
                 next unless condition.call(self, :args => args, :method => method, :file => new_file)
               else
                 next unless self.send(condition, new_file)
               end
+            elsif condition && condition_type == :unless
+              if condition.respond_to?(:call)
+                next if condition.call(self, :args => args, :method => method, :file => new_file)
+              elsif self.send(condition, new_file)
+                next
+              end
             end
 
             if args.is_a? Array
@@ -95,6 +114,15 @@ module CarrierWave
         end
       end
 
+    private
+
+      def forcing_extension(filename)
+        if force_extension && filename
+          Pathname.new(filename).sub_ext(".#{force_extension.to_s.delete_prefix('.')}").to_s
+        else
+          filename
+        end
+      end
     end # Processing
   end # Uploader
 end # CarrierWave

data/lib/carrierwave/uploader/proxy.rb

@@ -30,7 +30,20 @@ module CarrierWave
       # [String] uniquely identifies a file
       #
       def identifier
-        @identifier || storage.try(:identifier)
+        @identifier || (file && storage.try(:identifier))
+      end
+
+      ##
+      # Returns a String which is to be used as a temporary value which gets assigned to the column.
+      # The purpose is to mark the column that it will be updated. Finally before the save it will be
+      # overwritten by the #identifier value, which is usually #filename.
+      #
+      # === Returns
+      #
+      # [String] a temporary_identifier, by default the value of #cache_name is used
+      #
+      def temporary_identifier
+        cache_name || @identifier
       end
 
       ##
@@ -40,8 +53,8 @@ module CarrierWave
       #
       # [String] contents of the file
       #
-      def read
-        file.try(:read)
+      def read(*args)
+        file.try(:read, *args)
       end
 
       ##

data/lib/carrierwave/uploader/store.rb

@@ -11,9 +11,23 @@ module CarrierWave
         prepend Module.new {
           def initialize(*)
             super
-            @file, @filename, @cache_id, @identifier = nil
+            @file, @filename, @cache_id, @identifier, @deduplication_index = nil
           end
         }
+
+        after :store, :show_warning_when_filename_is_unavailable
+
+        class_attribute :filename_safeguard_checked
+      end
+
+      module ClassMethods
+      private
+
+        def inherited(subclass)
+          # To perform the filename safeguard check once per a class
+          self.filename_safeguard_checked = false
+          super
+        end
       end
 
       ##
@@ -34,9 +48,26 @@ module CarrierWave
         @filename
       end
 
+      ##
+      # Returns a filename which doesn't conflict with already-stored files.
+      #
+      # === Returns
+      #
+      # [String] the filename with suffix added for deduplication
+      #
+      def deduplicated_filename
+        return unless filename
+        return filename unless @deduplication_index
+
+        parts = filename.split('.')
+        basename = parts.shift
+        basename.sub!(/ ?\(\d+\)\z/, '')
+        ([basename.to_s + (@deduplication_index > 1 ? "(#{@deduplication_index})" : '')] + parts).join('.')
+      end
+
       ##
       # Calculates the path where the file should be stored. If +for_file+ is given, it will be
-      # used as the filename, otherwise +CarrierWave::Uploader#filename+ is assumed.
+      # used as the identifier, otherwise +CarrierWave::Uploader#identifier+ is assumed.
       #
       # === Parameters
       #
@@ -46,7 +77,7 @@ module CarrierWave
       #
       # [String] the store path
       #
-      def store_path(for_file=filename)
+      def store_path(for_file=identifier)
         File.join([store_dir, full_filename(for_file)].compact)
       end
 
@@ -60,7 +91,7 @@ module CarrierWave
       # [new_file (File, IOString, Tempfile)] any kind of file object
       #
       def store!(new_file=nil)
-        cache!(new_file) if new_file && ((@cache_id != parent_cache_id) || @cache_id.nil?)
+        cache!(new_file) if new_file && !cached?
         if !cache_only && @file && @cache_id
           with_callbacks(:store, new_file) do
             new_file = storage.store!(@file)
@@ -69,7 +100,8 @@ module CarrierWave
               cache_storage.delete_dir!(cache_path(nil))
             end
             @file = new_file
-            @cache_id = @identifier = nil
+            @identifier = storage.identifier
+            @original_filename = @cache_id = @deduplication_index = nil
             @staged = false
           end
         end
@@ -89,10 +121,42 @@ module CarrierWave
         end
       end
 
+      ##
+      # Look for an identifier which doesn't collide with the given already-stored identifiers.
+      # It is done by adding a index number as the suffix.
+      # For example, if there's 'image.jpg' and the @deduplication_index is set to 2,
+      # The stored file will be named as 'image(2).jpg'.
+      #
+      # === Parameters
+      #
+      # [current_identifiers (Array[String])] List of identifiers for already-stored files
+      #
+      def deduplicate(current_identifiers)
+        @deduplication_index = nil
+        return unless current_identifiers.include?(identifier)
+
+        (1..current_identifiers.size + 1).each do |i|
+          @deduplication_index = i
+          break unless current_identifiers.include?(identifier)
+        end
+      end
+
     private
 
       def full_filename(for_file)
-        for_file
+        forcing_extension(for_file)
+      end
+
+      def show_warning_when_filename_is_unavailable(_)
+        return if self.class.filename_safeguard_checked
+        self.class.filename_safeguard_checked = true
+        return if filename
+
+        warn <<~MESSAGE
+          [WARNING] Your uploader's #filename method defined at #{method(:filename).source_location.join(':')} didn't return value after storing the file.
+          It's likely that the method is safeguarded with `if original_filename`, which were necessary for pre-3.x CarrierWave but is no longer needed.
+          Removing it is recommended, as it is known to cause issues depending on the use case: https://github.com/carrierwaveuploader/carrierwave/issues/2708
+        MESSAGE
       end
 
       def storage

data/lib/carrierwave/uploader/url.rb

@@ -23,7 +23,7 @@ module CarrierWave
         if file.respond_to?(:path)
           path = encode_path(file.path.sub(File.expand_path(root), ''))
 
-          if host = asset_host
+          if (host = asset_host)
             if host.respond_to? :call
               "#{host.call(file)}#{path}"
             else