dragonfly 1.3.0 → 1.4.0

data/lib/dragonfly/image_magick/plugin.rb

@@ -1,11 +1,11 @@
-require 'dragonfly/image_magick/analysers/image_properties'
-require 'dragonfly/image_magick/generators/convert'
-require 'dragonfly/image_magick/generators/plain'
-require 'dragonfly/image_magick/generators/plasma'
-require 'dragonfly/image_magick/generators/text'
-require 'dragonfly/image_magick/processors/convert'
-require 'dragonfly/image_magick/processors/encode'
-require 'dragonfly/image_magick/processors/thumb'
+require "dragonfly/image_magick/analysers/image_properties"
+require "dragonfly/image_magick/generators/plain"
+require "dragonfly/image_magick/generators/plasma"
+require "dragonfly/image_magick/generators/text"
+require "dragonfly/image_magick/processors/encode"
+require "dragonfly/image_magick/processors/thumb"
+require "dragonfly/image_magick/commands"
+require "dragonfly/param_validators"
 
 module Dragonfly
   module ImageMagick
@@ -13,37 +13,36 @@ module Dragonfly
     # The ImageMagick Plugin registers an app with generators, analysers and processors.
     # Look at the source code for #call to see exactly how it configures the app.
     class Plugin
-
-      def call(app, opts={})
+      def call(app, opts = {})
         # ENV
-        app.env[:convert_command] = opts[:convert_command] || 'convert'
-        app.env[:identify_command] = opts[:identify_command] || 'identify'
+        app.env[:convert_command] = opts[:convert_command] || "convert"
+        app.env[:identify_command] = opts[:identify_command] || "identify"
 
         # Analysers
         app.add_analyser :image_properties, ImageMagick::Analysers::ImageProperties.new
         app.add_analyser :width do |content|
-          content.analyse(:image_properties)['width']
+          content.analyse(:image_properties)["width"]
         end
         app.add_analyser :height do |content|
-          content.analyse(:image_properties)['height']
+          content.analyse(:image_properties)["height"]
         end
         app.add_analyser :format do |content|
-          content.analyse(:image_properties)['format']
+          content.analyse(:image_properties)["format"]
         end
         app.add_analyser :aspect_ratio do |content|
           attrs = content.analyse(:image_properties)
-          attrs['width'].to_f / attrs['height']
+          attrs["width"].to_f / attrs["height"]
         end
         app.add_analyser :portrait do |content|
           attrs = content.analyse(:image_properties)
-          attrs['width'] <= attrs['height']
+          attrs["width"] <= attrs["height"]
         end
         app.add_analyser :landscape do |content|
           !content.analyse(:portrait)
         end
         app.add_analyser :image do |content|
           begin
-            content.analyse(:image_properties)['format'] != 'pdf'
+            content.analyse(:image_properties)["format"] != "pdf"
           rescue Shell::CommandFailed
             false
           end
@@ -55,29 +54,31 @@ module Dragonfly
         app.define(:image?) { image }
 
         # Generators
-        app.add_generator :convert, ImageMagick::Generators::Convert.new
         app.add_generator :plain, ImageMagick::Generators::Plain.new
         app.add_generator :plasma, ImageMagick::Generators::Plasma.new
         app.add_generator :text, ImageMagick::Generators::Text.new
+        app.add_generator :convert do
+          raise "The convert generator is deprecated for better security - use Dragonfly::ImageMagick::Commands.generate(content, args, format) instead."
+        end
 
         # Processors
-        app.add_processor :convert, Processors::Convert.new
         app.add_processor :encode, Processors::Encode.new
         app.add_processor :thumb, Processors::Thumb.new
         app.add_processor :rotate do |content, amount|
-          content.process!(:convert, "-rotate #{amount}")
+          ParamValidators.validate!(amount, &ParamValidators.is_number)
+          Commands.convert(content, "-rotate #{amount}")
+        end
+        app.add_processor :convert do
+          raise "The convert processor is deprecated for better security - use Dragonfly::ImageMagick::Commands.convert(content, args, opts) instead."
         end
 
         # Extra methods
-        app.define :identify do |cli_args=nil|
+        app.define :identify do |cli_args = nil|
           shell_eval do |path|
             "#{app.env[:identify_command]} #{cli_args} #{path}"
           end
         end
-
       end
-
     end
   end
 end
-

data/lib/dragonfly/image_magick/processors/encode.rb

@@ -1,18 +1,29 @@
+require "dragonfly/image_magick/commands"
+
 module Dragonfly
   module ImageMagick
     module Processors
       class Encode
+        include ParamValidators
+
+        WHITELISTED_ARGS = %w(quality)
+
+        IS_IN_WHITELISTED_ARGS = ->(args_string) {
+          args_string.scan(/-\w+/).all? { |arg|
+            WHITELISTED_ARGS.include?(arg.sub("-", ""))
+          }
+        }
 
-        def update_url(attrs, format, args="")
+        def update_url(attrs, format, args = "")
           attrs.ext = format.to_s
         end
 
-        def call(content, format, args="")
-          content.process!(:convert, args, 'format' => format)
+        def call(content, format, args = "")
+          validate!(format, &is_word)
+          validate!(args, &IS_IN_WHITELISTED_ARGS)
+          Commands.convert(content, args, "format" => format)
         end
-
       end
     end
   end
 end
-

data/lib/dragonfly/image_magick/processors/thumb.rb

@@ -1,32 +1,40 @@
+require "dragonfly/image_magick/commands"
+
 module Dragonfly
   module ImageMagick
     module Processors
       class Thumb
+        include ParamValidators
 
         GRAVITIES = {
-          'nw' => 'NorthWest',
-          'n'  => 'North',
-          'ne' => 'NorthEast',
-          'w'  => 'West',
-          'c'  => 'Center',
-          'e'  => 'East',
-          'sw' => 'SouthWest',
-          's'  => 'South',
-          'se' => 'SouthEast'
+          "nw" => "NorthWest",
+          "n" => "North",
+          "ne" => "NorthEast",
+          "w" => "West",
+          "c" => "Center",
+          "e" => "East",
+          "sw" => "SouthWest",
+          "s" => "South",
+          "se" => "SouthEast",
         }
 
         # Geometry string patterns
-        RESIZE_GEOMETRY         = /\A\d*x\d*[><%^!]?\z|\A\d+@\z/ # e.g. '300x200!'
+        RESIZE_GEOMETRY = /\A\d*x\d*[><%^!]?\z|\A\d+@\z/ # e.g. '300x200!'
         CROPPED_RESIZE_GEOMETRY = /\A(\d+)x(\d+)#(\w{1,2})?\z/ # e.g. '20x50#ne'
-        CROP_GEOMETRY           = /\A(\d+)x(\d+)([+-]\d+)?([+-]\d+)?(\w{1,2})?\z/ # e.g. '30x30+10+10'
+        CROP_GEOMETRY = /\A(\d+)x(\d+)([+-]\d+)?([+-]\d+)?(\w{1,2})?\z/ # e.g. '30x30+10+10'
 
-        def update_url(url_attributes, geometry, opts={})
-          format = opts['format']
+        def update_url(url_attributes, geometry, opts = {})
+          format = opts["format"]
           url_attributes.ext = format if format
         end
 
-        def call(content, geometry, opts={})
-          content.process!(:convert, args_for_geometry(geometry), opts)
+        def call(content, geometry, opts = {})
+          validate!(opts["format"], &is_word)
+          validate!(opts["frame"], &is_number)
+          Commands.convert(content, args_for_geometry(geometry), {
+            "format" => opts["format"],
+            "frame" => opts["frame"],
+          })
         end
 
         def args_for_geometry(geometry)
@@ -37,11 +45,11 @@ module Dragonfly
             resize_and_crop_args($1, $2, $3)
           when CROP_GEOMETRY
             crop_args(
-              'width' => $1,
-              'height' => $2,
-              'x' => $3,
-              'y' => $4,
-              'gravity' => $5
+              "width" => $1,
+              "height" => $2,
+              "x" => $3,
+              "y" => $4,
+              "gravity" => $5,
             )
           else raise ArgumentError, "Didn't recognise the geometry string #{geometry}"
           end
@@ -54,26 +62,24 @@ module Dragonfly
         end
 
         def crop_args(opts)
-          raise ArgumentError, "you can't give a crop offset and gravity at the same time" if opts['x'] && opts['gravity']
+          raise ArgumentError, "you can't give a crop offset and gravity at the same time" if opts["x"] && opts["gravity"]
 
-          width   = opts['width']
-          height  = opts['height']
-          gravity = GRAVITIES[opts['gravity']]
-          x       = "#{opts['x'] || 0}"
-          x = '+' + x unless x[/\A[+-]/]
-          y       = "#{opts['y'] || 0}"
-          y = '+' + y unless y[/\A[+-]/]
+          width = opts["width"]
+          height = opts["height"]
+          gravity = GRAVITIES[opts["gravity"]]
+          x = "#{opts["x"] || 0}"
+          x = "+" + x unless x[/\A[+-]/]
+          y = "#{opts["y"] || 0}"
+          y = "+" + y unless y[/\A[+-]/]
 
           "#{"-gravity #{gravity} " if gravity}-crop #{width}x#{height}#{x}#{y} +repage"
         end
 
         def resize_and_crop_args(width, height, gravity)
-          gravity = GRAVITIES[gravity || 'c']
+          gravity = GRAVITIES[gravity || "c"]
           "-resize #{width}x#{height}^^ -gravity #{gravity} -crop #{width}x#{height}+0+0 +repage"
         end
-
       end
     end
   end
 end
-

data/lib/dragonfly/param_validators.rb

@@ -0,0 +1,37 @@
+module Dragonfly
+  module ParamValidators
+    class InvalidParameter < RuntimeError; end
+
+    module_function
+
+    IS_NUMBER = ->(param) {
+      param.is_a?(Numeric) || /\A[\d\.]+\z/ === param
+    }
+
+    IS_WORD = ->(param) {
+      /\A\w+\z/ === param
+    }
+
+    IS_WORDS = ->(param) {
+      /\A[\w ]+\z/ === param
+    }
+
+    def is_number; IS_NUMBER; end
+    def is_word; IS_WORD; end
+    def is_words; IS_WORDS; end
+
+    def validate!(parameter, &validator)
+      return if parameter.nil?
+      raise InvalidParameter unless validator.(parameter)
+    end
+
+    def validate_all!(parameters, &validator)
+      parameters.each { |p| validate!(p, &validator) }
+    end
+
+    def validate_all_keys!(obj, keys, &validator)
+      parameters = keys.map { |key| obj[key] }
+      validate_all!(parameters, &validator)
+    end
+  end
+end

data/lib/dragonfly/response.rb

@@ -1,4 +1,4 @@
-require 'uri'
+require 'cgi'
 require 'rack'
 
 module Dragonfly
@@ -99,7 +99,7 @@ module Dragonfly
 
     def filename_string
       return unless job.name
-      filename = request_from_msie? ? URI.encode(job.name) : job.name
+      filename = request_from_msie? ? CGI.escape(job.name) : job.name
       %(filename="#{filename}")
     end
 

data/lib/dragonfly/version.rb

@@ -1,3 +1,3 @@
 module Dragonfly
-  VERSION = "1.3.0"
+  VERSION = "1.4.0"
 end

data/spec/dragonfly/image_magick/commands_spec.rb

@@ -0,0 +1,98 @@
+require "spec_helper"
+require "dragonfly/image_magick/commands"
+
+describe Dragonfly::ImageMagick::Commands do
+  include Dragonfly::ImageMagick::Commands
+
+  let(:app) { test_app }
+
+  def sample_content(name)
+    Dragonfly::Content.new(app, SAMPLES_DIR.join(name))
+  end
+
+  describe "convert" do
+    let(:image) { sample_content("beach.png") } # 280x355
+
+    it "should allow for general convert commands" do
+      convert(image, "-scale 56x71")
+      image.should have_width(56)
+      image.should have_height(71)
+    end
+
+    it "should allow for general convert commands with added format" do
+      convert(image, "-scale 56x71", "format" => "gif")
+      image.should have_width(56)
+      image.should have_height(71)
+      image.should have_format("gif")
+      image.meta["format"].should == "gif"
+    end
+
+    it "should work for commands with parenthesis" do
+      convert(image, "\\( +clone -sparse-color Barycentric '0,0 black 0,%[fx:h-1] white' -function polynomial 2,-2,0.5 \\) -compose Blur -set option:compose:args 15 -composite")
+      image.should have_width(280)
+    end
+
+    it "should work for files with spaces/apostrophes in the name" do
+      image = Dragonfly::Content.new(app, SAMPLES_DIR.join("mevs' white pixel.png"))
+      convert(image, "-resize 2x2!")
+      image.should have_width(2)
+    end
+
+    it "allows converting specific frames" do
+      gif = sample_content("gif.gif")
+      convert(gif, "-resize 50x50")
+      all_frames_size = gif.size
+
+      gif = sample_content("gif.gif")
+      convert(gif, "-resize 50x50", "frame" => 0)
+      one_frame_size = gif.size
+
+      one_frame_size.should < all_frames_size
+    end
+
+    it "accepts input arguments for convert commands" do
+      image2 = image.clone
+      convert(image, "")
+      convert(image2, "", "input_args" => "-extract 50x50+10+10")
+
+      image.should_not equal_image(image2)
+      image2.should have_width(50)
+    end
+
+    it "allows converting using specific delegates" do
+      expect {
+        convert(image, "", "format" => "jpg", "delegate" => "png")
+      }.to call_command(app.shell, %r{convert png:/[^']+?/beach\.png /[^']+?\.jpg})
+    end
+
+    it "maintains the mime_type meta if it exists already" do
+      convert(image, "-resize 10x")
+      image.meta["mime_type"].should be_nil
+
+      image.add_meta("mime_type" => "image/png")
+      convert(image, "-resize 5x")
+      image.meta["mime_type"].should == "image/png"
+      image.mime_type.should == "image/png" # sanity check
+    end
+
+    it "doesn't maintain the mime_type meta on format change" do
+      image.add_meta("mime_type" => "image/png")
+      convert(image, "", "format" => "gif")
+      image.meta["mime_type"].should be_nil
+      image.mime_type.should == "image/gif" # sanity check
+    end
+  end
+
+  describe "generate" do
+    let (:image) { Dragonfly::Content.new(app) }
+
+    before(:each) do
+      generate(image, "-size 1x1 xc:white", "png")
+    end
+
+    it { image.should have_width(1) }
+    it { image.should have_height(1) }
+    it { image.should have_format("png") }
+    it { image.meta.should == { "format" => "png" } }
+  end
+end

data/spec/dragonfly/image_magick/generators/plain_spec.rb

@@ -1,4 +1,5 @@
-require 'spec_helper'
+require "spec_helper"
+require "dragonfly/param_validators"
 
 describe Dragonfly::ImageMagick::Generators::Plain do
   let (:generator) { Dragonfly::ImageMagick::Generators::Plain.new }
@@ -9,32 +10,32 @@ describe Dragonfly::ImageMagick::Generators::Plain do
     before(:each) do
       generator.call(image, 3, 2)
     end
-    it {image.should have_width(3)}
-    it {image.should have_height(2)}
-    it {image.should have_format('png')}
-    it {image.meta.should == {'format' => 'png', 'name' => 'plain.png'}}
+    it { image.should have_width(3) }
+    it { image.should have_height(2) }
+    it { image.should have_format("png") }
+    it { image.meta.should == { "format" => "png", "name" => "plain.png" } }
   end
 
   describe "specifying the format" do
     before(:each) do
-      generator.call(image, 1, 1, 'format'=> 'gif')
+      generator.call(image, 1, 1, "format" => "gif")
     end
-    it {image.should have_format('gif')}
-    it {image.meta.should == {'format' => 'gif', 'name' => 'plain.gif'}}
+    it { image.should have_format("gif") }
+    it { image.meta.should == { "format" => "gif", "name" => "plain.gif" } }
   end
 
   describe "specifying the colour" do
     it "works with English spelling" do
-      generator.call(image, 1, 1, 'colour' => 'red')
+      generator.call(image, 1, 1, "colour" => "red")
     end
 
     it "works with American spelling" do
-      generator.call(image, 1, 1, 'color' => 'red')
+      generator.call(image, 1, 1, "color" => "red")
     end
 
     it "blows up with a bad colour" do
       expect {
-        generator.call(image, 1, 1, 'colour' => 'lardoin')
+        generator.call(image, 1, 1, "colour" => "lardoin")
       }.to raise_error(Dragonfly::Shell::CommandFailed)
     end
   end
@@ -42,9 +43,34 @@ describe Dragonfly::ImageMagick::Generators::Plain do
   describe "urls" do
     it "updates the url" do
       url_attributes = Dragonfly::UrlAttributes.new
-      generator.update_url(url_attributes, 1, 1, 'format' => 'gif')
-      url_attributes.name.should == 'plain.gif'
+      generator.update_url(url_attributes, 1, 1, "format" => "gif")
+      url_attributes.name.should == "plain.gif"
     end
   end
 
+  describe "param validations" do
+    {
+      "color" => "white -write bad.png",
+      "colour" => "white -write bad.png",
+      "format" => "png -write bad.png",
+    }.each do |opt, value|
+      it "validates bad opts like #{opt} = '#{value}'" do
+        expect {
+          generator.call(image, 1, 1, opt => value)
+        }.to raise_error(Dragonfly::ParamValidators::InvalidParameter)
+      end
+    end
+
+    it "validates width" do
+      expect {
+        generator.call(image, "1 -write bad.png", 1)
+      }.to raise_error(Dragonfly::ParamValidators::InvalidParameter)
+    end
+
+    it "validates height" do
+      expect {
+        generator.call(image, 1, "1 -write bad.png")
+      }.to raise_error(Dragonfly::ParamValidators::InvalidParameter)
+    end
+  end
 end