dragonfly 1.1.4 → 1.4.0

data/lib/dragonfly/image_magick/plugin.rb

@@ -1,11 +1,11 @@
-require 'dragonfly/image_magick/analysers/image_properties'
-require 'dragonfly/image_magick/generators/convert'
-require 'dragonfly/image_magick/generators/plain'
-require 'dragonfly/image_magick/generators/plasma'
-require 'dragonfly/image_magick/generators/text'
-require 'dragonfly/image_magick/processors/convert'
-require 'dragonfly/image_magick/processors/encode'
-require 'dragonfly/image_magick/processors/thumb'
+require "dragonfly/image_magick/analysers/image_properties"
+require "dragonfly/image_magick/generators/plain"
+require "dragonfly/image_magick/generators/plasma"
+require "dragonfly/image_magick/generators/text"
+require "dragonfly/image_magick/processors/encode"
+require "dragonfly/image_magick/processors/thumb"
+require "dragonfly/image_magick/commands"
+require "dragonfly/param_validators"
 
 module Dragonfly
   module ImageMagick
@@ -13,37 +13,36 @@ module Dragonfly
     # The ImageMagick Plugin registers an app with generators, analysers and processors.
     # Look at the source code for #call to see exactly how it configures the app.
     class Plugin
-
-      def call(app, opts={})
+      def call(app, opts = {})
         # ENV
-        app.env[:convert_command] = opts[:convert_command] || 'convert'
-        app.env[:identify_command] = opts[:identify_command] || 'identify'
+        app.env[:convert_command] = opts[:convert_command] || "convert"
+        app.env[:identify_command] = opts[:identify_command] || "identify"
 
         # Analysers
         app.add_analyser :image_properties, ImageMagick::Analysers::ImageProperties.new
         app.add_analyser :width do |content|
-          content.analyse(:image_properties)['width']
+          content.analyse(:image_properties)["width"]
         end
         app.add_analyser :height do |content|
-          content.analyse(:image_properties)['height']
+          content.analyse(:image_properties)["height"]
         end
         app.add_analyser :format do |content|
-          content.analyse(:image_properties)['format']
+          content.analyse(:image_properties)["format"]
         end
         app.add_analyser :aspect_ratio do |content|
           attrs = content.analyse(:image_properties)
-          attrs['width'].to_f / attrs['height']
+          attrs["width"].to_f / attrs["height"]
         end
         app.add_analyser :portrait do |content|
           attrs = content.analyse(:image_properties)
-          attrs['width'] <= attrs['height']
+          attrs["width"] <= attrs["height"]
         end
         app.add_analyser :landscape do |content|
           !content.analyse(:portrait)
         end
         app.add_analyser :image do |content|
           begin
-            content.analyse(:image_properties)['format'] != 'pdf'
+            content.analyse(:image_properties)["format"] != "pdf"
           rescue Shell::CommandFailed
             false
           end
@@ -55,29 +54,31 @@ module Dragonfly
         app.define(:image?) { image }
 
         # Generators
-        app.add_generator :convert, ImageMagick::Generators::Convert.new
         app.add_generator :plain, ImageMagick::Generators::Plain.new
         app.add_generator :plasma, ImageMagick::Generators::Plasma.new
         app.add_generator :text, ImageMagick::Generators::Text.new
+        app.add_generator :convert do
+          raise "The convert generator is deprecated for better security - use Dragonfly::ImageMagick::Commands.generate(content, args, format) instead."
+        end
 
         # Processors
-        app.add_processor :convert, Processors::Convert.new
         app.add_processor :encode, Processors::Encode.new
         app.add_processor :thumb, Processors::Thumb.new
         app.add_processor :rotate do |content, amount|
-          content.process!(:convert, "-rotate #{amount}")
+          ParamValidators.validate!(amount, &ParamValidators.is_number)
+          Commands.convert(content, "-rotate #{amount}")
+        end
+        app.add_processor :convert do
+          raise "The convert processor is deprecated for better security - use Dragonfly::ImageMagick::Commands.convert(content, args, opts) instead."
         end
 
         # Extra methods
-        app.define :identify do |cli_args=nil|
+        app.define :identify do |cli_args = nil|
           shell_eval do |path|
             "#{app.env[:identify_command]} #{cli_args} #{path}"
           end
         end
-
       end
-
     end
   end
 end
-

data/lib/dragonfly/image_magick/processors/encode.rb

@@ -1,18 +1,29 @@
+require "dragonfly/image_magick/commands"
+
 module Dragonfly
   module ImageMagick
     module Processors
       class Encode
+        include ParamValidators
+
+        WHITELISTED_ARGS = %w(quality)
+
+        IS_IN_WHITELISTED_ARGS = ->(args_string) {
+          args_string.scan(/-\w+/).all? { |arg|
+            WHITELISTED_ARGS.include?(arg.sub("-", ""))
+          }
+        }
 
-        def update_url(attrs, format, args="")
+        def update_url(attrs, format, args = "")
           attrs.ext = format.to_s
         end
 
-        def call(content, format, args="")
-          content.process!(:convert, args, 'format' => format)
+        def call(content, format, args = "")
+          validate!(format, &is_word)
+          validate!(args, &IS_IN_WHITELISTED_ARGS)
+          Commands.convert(content, args, "format" => format)
         end
-
       end
     end
   end
 end
-

data/lib/dragonfly/image_magick/processors/thumb.rb

@@ -1,32 +1,40 @@
+require "dragonfly/image_magick/commands"
+
 module Dragonfly
   module ImageMagick
     module Processors
       class Thumb
+        include ParamValidators
 
         GRAVITIES = {
-          'nw' => 'NorthWest',
-          'n'  => 'North',
-          'ne' => 'NorthEast',
-          'w'  => 'West',
-          'c'  => 'Center',
-          'e'  => 'East',
-          'sw' => 'SouthWest',
-          's'  => 'South',
-          'se' => 'SouthEast'
+          "nw" => "NorthWest",
+          "n" => "North",
+          "ne" => "NorthEast",
+          "w" => "West",
+          "c" => "Center",
+          "e" => "East",
+          "sw" => "SouthWest",
+          "s" => "South",
+          "se" => "SouthEast",
         }
 
         # Geometry string patterns
-        RESIZE_GEOMETRY         = /\A\d*x\d*[><%^!]?\z|\A\d+@\z/ # e.g. '300x200!'
+        RESIZE_GEOMETRY = /\A\d*x\d*[><%^!]?\z|\A\d+@\z/ # e.g. '300x200!'
         CROPPED_RESIZE_GEOMETRY = /\A(\d+)x(\d+)#(\w{1,2})?\z/ # e.g. '20x50#ne'
-        CROP_GEOMETRY           = /\A(\d+)x(\d+)([+-]\d+)?([+-]\d+)?(\w{1,2})?\z/ # e.g. '30x30+10+10'
+        CROP_GEOMETRY = /\A(\d+)x(\d+)([+-]\d+)?([+-]\d+)?(\w{1,2})?\z/ # e.g. '30x30+10+10'
 
-        def update_url(url_attributes, geometry, opts={})
-          format = opts['format']
+        def update_url(url_attributes, geometry, opts = {})
+          format = opts["format"]
           url_attributes.ext = format if format
         end
 
-        def call(content, geometry, opts={})
-          content.process!(:convert, args_for_geometry(geometry), opts)
+        def call(content, geometry, opts = {})
+          validate!(opts["format"], &is_word)
+          validate!(opts["frame"], &is_number)
+          Commands.convert(content, args_for_geometry(geometry), {
+            "format" => opts["format"],
+            "frame" => opts["frame"],
+          })
         end
 
         def args_for_geometry(geometry)
@@ -37,11 +45,11 @@ module Dragonfly
             resize_and_crop_args($1, $2, $3)
           when CROP_GEOMETRY
             crop_args(
-              'width' => $1,
-              'height' => $2,
-              'x' => $3,
-              'y' => $4,
-              'gravity' => $5
+              "width" => $1,
+              "height" => $2,
+              "x" => $3,
+              "y" => $4,
+              "gravity" => $5,
             )
           else raise ArgumentError, "Didn't recognise the geometry string #{geometry}"
           end
@@ -54,26 +62,24 @@ module Dragonfly
         end
 
         def crop_args(opts)
-          raise ArgumentError, "you can't give a crop offset and gravity at the same time" if opts['x'] && opts['gravity']
+          raise ArgumentError, "you can't give a crop offset and gravity at the same time" if opts["x"] && opts["gravity"]
 
-          width   = opts['width']
-          height  = opts['height']
-          gravity = GRAVITIES[opts['gravity']]
-          x       = "#{opts['x'] || 0}"
-          x = '+' + x unless x[/\A[+-]/]
-          y       = "#{opts['y'] || 0}"
-          y = '+' + y unless y[/\A[+-]/]
+          width = opts["width"]
+          height = opts["height"]
+          gravity = GRAVITIES[opts["gravity"]]
+          x = "#{opts["x"] || 0}"
+          x = "+" + x unless x[/\A[+-]/]
+          y = "#{opts["y"] || 0}"
+          y = "+" + y unless y[/\A[+-]/]
 
           "#{"-gravity #{gravity} " if gravity}-crop #{width}x#{height}#{x}#{y} +repage"
         end
 
         def resize_and_crop_args(width, height, gravity)
-          gravity = GRAVITIES[gravity || 'c']
+          gravity = GRAVITIES[gravity || "c"]
           "-resize #{width}x#{height}^^ -gravity #{gravity} -crop #{width}x#{height}+0+0 +repage"
         end
-
       end
     end
   end
 end
-

data/lib/dragonfly/job/fetch_url.rb

@@ -91,7 +91,7 @@ module Dragonfly
       end
 
       def parse_url(url)
-        URI.parse(url)
+        URI.parse(url.to_s)
       rescue URI::InvalidURIError
         begin
           encoded_uri = Addressable::URI.parse(url).normalize.to_s

data/lib/dragonfly/model/class_methods.rb

@@ -30,7 +30,12 @@ module Dragonfly
 
         # Add callbacks
         before_save :save_dragonfly_attachments if respond_to?(:before_save)
-        before_destroy :destroy_dragonfly_attachments if respond_to?(:before_destroy)
+        case
+        when respond_to?(:after_commit)
+          after_commit :destroy_dragonfly_attachments, on: :destroy
+        when respond_to?(:after_destroy)
+          after_destroy :destroy_dragonfly_attachments
+        end
 
         # Register the new attribute
         dragonfly_attachment_classes << new_dragonfly_attachment_class(attribute, app, config_block)

data/lib/dragonfly/param_validators.rb

@@ -0,0 +1,37 @@
+module Dragonfly
+  module ParamValidators
+    class InvalidParameter < RuntimeError; end
+
+    module_function
+
+    IS_NUMBER = ->(param) {
+      param.is_a?(Numeric) || /\A[\d\.]+\z/ === param
+    }
+
+    IS_WORD = ->(param) {
+      /\A\w+\z/ === param
+    }
+
+    IS_WORDS = ->(param) {
+      /\A[\w ]+\z/ === param
+    }
+
+    def is_number; IS_NUMBER; end
+    def is_word; IS_WORD; end
+    def is_words; IS_WORDS; end
+
+    def validate!(parameter, &validator)
+      return if parameter.nil?
+      raise InvalidParameter unless validator.(parameter)
+    end
+
+    def validate_all!(parameters, &validator)
+      parameters.each { |p| validate!(p, &validator) }
+    end
+
+    def validate_all_keys!(obj, keys, &validator)
+      parameters = keys.map { |key| obj[key] }
+      validate_all!(parameters, &validator)
+    end
+  end
+end

data/lib/dragonfly/response.rb

@@ -1,4 +1,4 @@
-require 'uri'
+require 'cgi'
 require 'rack'
 
 module Dragonfly
@@ -99,7 +99,7 @@ module Dragonfly
 
     def filename_string
       return unless job.name
-      filename = request_from_msie? ? URI.encode(job.name) : job.name
+      filename = request_from_msie? ? CGI.escape(job.name) : job.name
       %(filename="#{filename}")
     end
 

data/lib/dragonfly/shell.rb

@@ -15,14 +15,11 @@ module Dragonfly
     end
 
     def escape_args(args)
-      args.shellsplit.map do |arg|
-        quote arg.gsub(/\\?'/, %q('\\\\''))
-      end.join(' ')
+      args.shellsplit.map{|arg| escape(arg) }.join(' ')
     end
 
-    def quote(string)
-      q = Dragonfly.running_on_windows? ? '"' : "'"
-      q + string + q
+    def escape(string)
+      Shellwords.escape(string)
     end
 
     private
@@ -36,22 +33,31 @@ module Dragonfly
       def run_command(command)
         result = `#{command}`
         status = $?
-        raise CommandFailed, "Command failed (#{command}) with exit status #{status.exitstatus}" unless status.success?
+        raise_command_failed!(command, status.exitstatus) unless status.success?
         result
+      rescue Errno::ENOENT => e
+        raise_command_failed!(command, nil, e.message)
       end
 
     else
 
       def run_command(command)
-        Open3.popen3 command do |stdin, stdout, stderr, wait_thread|
-          stdin.close_write # make sure it doesn't hang
-          status = wait_thread.value
-          raise CommandFailed, "Command failed (#{command}) with exit status #{status.exitstatus} and stderr #{stderr.read}" unless status.success?
-          stdout.read
-        end
+        stdout_str, stderr_str, status = Open3.capture3(command)
+        raise_command_failed!(command, status.exitstatus, stderr_str) unless status.success?
+        stdout_str
+      rescue Errno::ENOENT => e
+        raise_command_failed!(command, nil, e.message)
       end
 
     end
 
+    def raise_command_failed!(command, status=nil, error=nil)
+      raise CommandFailed, [
+        "Command failed: #{command}",
+        ("exit status: #{status}" if status),
+        ("error: #{error}" if error),
+      ].join(', ')
+    end
+
   end
 end

data/lib/dragonfly/utils.rb

@@ -38,7 +38,7 @@ module Dragonfly
     end
 
     def uri_unescape(string)
-      URI.unescape(string)
+      URI::DEFAULT_PARSER.unescape(string)
     end
 
   end

data/lib/dragonfly/version.rb

@@ -1,3 +1,3 @@
 module Dragonfly
-  VERSION = '1.1.4'
+  VERSION = "1.4.0"
 end

data/spec/dragonfly/content_spec.rb

@@ -232,7 +232,7 @@ describe Dragonfly::Content do
         path = p
         "cat #{path}"
       end.should == "big\nstuff"
-      path.should == app.shell.quote(content.path)
+      path.should == app.shell.escape(content.path)
     end
 
     it "allows evaluating without escaping" do
@@ -253,8 +253,8 @@ describe Dragonfly::Content do
         new_path = n
         "cp #{o} #{n}"
       end.should == content
-      old_path.should == app.shell.quote(original_path)
-      new_path.should == app.shell.quote(content.path)
+      old_path.should == app.shell.escape(original_path)
+      new_path.should == app.shell.escape(content.path)
       content.data.should == "big\nstuff"
     end
 

data/spec/dragonfly/cookie_monster_spec.rb

@@ -7,7 +7,7 @@ describe Dragonfly::CookieMonster do
   def app(extra_env={})
     Rack::Builder.new do
       use Dragonfly::CookieMonster
-      run proc{|env| env.merge!(extra_env); [200, {"Set-Cookie" => "blah", "Something" => "else"}, ["body here"]] }
+      run proc{|env| env.merge!(extra_env); [200, {"Set-Cookie" => "blah=thing", "Something" => "else"}, ["body here"]] }
     end
   end
 
@@ -15,7 +15,7 @@ describe Dragonfly::CookieMonster do
     response = Rack::MockRequest.new(app).get('')
     response.status.should == 200
     response.body.should == "body here"
-    response.headers["Set-Cookie"].should == "blah"
+    response.headers["Set-Cookie"].should == "blah=thing"
     response.headers["Something"].should == "else"
   end
 

data/spec/dragonfly/image_magick/commands_spec.rb

@@ -0,0 +1,98 @@
+require "spec_helper"
+require "dragonfly/image_magick/commands"
+
+describe Dragonfly::ImageMagick::Commands do
+  include Dragonfly::ImageMagick::Commands
+
+  let(:app) { test_app }
+
+  def sample_content(name)
+    Dragonfly::Content.new(app, SAMPLES_DIR.join(name))
+  end
+
+  describe "convert" do
+    let(:image) { sample_content("beach.png") } # 280x355
+
+    it "should allow for general convert commands" do
+      convert(image, "-scale 56x71")
+      image.should have_width(56)
+      image.should have_height(71)
+    end
+
+    it "should allow for general convert commands with added format" do
+      convert(image, "-scale 56x71", "format" => "gif")
+      image.should have_width(56)
+      image.should have_height(71)
+      image.should have_format("gif")
+      image.meta["format"].should == "gif"
+    end
+
+    it "should work for commands with parenthesis" do
+      convert(image, "\\( +clone -sparse-color Barycentric '0,0 black 0,%[fx:h-1] white' -function polynomial 2,-2,0.5 \\) -compose Blur -set option:compose:args 15 -composite")
+      image.should have_width(280)
+    end
+
+    it "should work for files with spaces/apostrophes in the name" do
+      image = Dragonfly::Content.new(app, SAMPLES_DIR.join("mevs' white pixel.png"))
+      convert(image, "-resize 2x2!")
+      image.should have_width(2)
+    end
+
+    it "allows converting specific frames" do
+      gif = sample_content("gif.gif")
+      convert(gif, "-resize 50x50")
+      all_frames_size = gif.size
+
+      gif = sample_content("gif.gif")
+      convert(gif, "-resize 50x50", "frame" => 0)
+      one_frame_size = gif.size
+
+      one_frame_size.should < all_frames_size
+    end
+
+    it "accepts input arguments for convert commands" do
+      image2 = image.clone
+      convert(image, "")
+      convert(image2, "", "input_args" => "-extract 50x50+10+10")
+
+      image.should_not equal_image(image2)
+      image2.should have_width(50)
+    end
+
+    it "allows converting using specific delegates" do
+      expect {
+        convert(image, "", "format" => "jpg", "delegate" => "png")
+      }.to call_command(app.shell, %r{convert png:/[^']+?/beach\.png /[^']+?\.jpg})
+    end
+
+    it "maintains the mime_type meta if it exists already" do
+      convert(image, "-resize 10x")
+      image.meta["mime_type"].should be_nil
+
+      image.add_meta("mime_type" => "image/png")
+      convert(image, "-resize 5x")
+      image.meta["mime_type"].should == "image/png"
+      image.mime_type.should == "image/png" # sanity check
+    end
+
+    it "doesn't maintain the mime_type meta on format change" do
+      image.add_meta("mime_type" => "image/png")
+      convert(image, "", "format" => "gif")
+      image.meta["mime_type"].should be_nil
+      image.mime_type.should == "image/gif" # sanity check
+    end
+  end
+
+  describe "generate" do
+    let (:image) { Dragonfly::Content.new(app) }
+
+    before(:each) do
+      generate(image, "-size 1x1 xc:white", "png")
+    end
+
+    it { image.should have_width(1) }
+    it { image.should have_height(1) }
+    it { image.should have_format("png") }
+    it { image.meta.should == { "format" => "png" } }
+  end
+end