dragonfly 0.8.2 → 0.8.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of dragonfly might be problematic. Click here for more details.
- data/History.md +6 -0
- data/VERSION +1 -1
- data/dragonfly.gemspec +3 -4
- data/lib/dragonfly/data_storage/file_data_store.rb +9 -0
- data/spec/dragonfly/data_storage/file_data_store_spec.rb +13 -1
- metadata +4 -69
data/History.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.8.
|
|
1
|
+
0.8.4
|
data/dragonfly.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{dragonfly}
|
|
8
|
-
s.version = "0.8.
|
|
8
|
+
s.version = "0.8.4"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Mark Evans"]
|
|
12
|
-
s.date = %q{2011-
|
|
12
|
+
s.date = %q{2011-04-27}
|
|
13
13
|
s.email = %q{mark@new-bamboo.co.uk}
|
|
14
14
|
s.extra_rdoc_files = [
|
|
15
15
|
"LICENSE",
|
|
@@ -176,7 +176,7 @@ Gem::Specification.new do |s|
|
|
|
176
176
|
]
|
|
177
177
|
s.homepage = %q{http://github.com/markevans/dragonfly}
|
|
178
178
|
s.require_paths = ["lib"]
|
|
179
|
-
s.rubygems_version = %q{1.
|
|
179
|
+
s.rubygems_version = %q{1.5.2}
|
|
180
180
|
s.summary = %q{Dragonfly is an on-the-fly Rack-based image handling framework. It is suitable for use with Rails, Sinatra and other web frameworks. Although it's mainly used for images, it can handle any content type.}
|
|
181
181
|
s.test_files = [
|
|
182
182
|
"spec/argument_matchers.rb",
|
|
@@ -228,7 +228,6 @@ Gem::Specification.new do |s|
|
|
|
228
228
|
]
|
|
229
229
|
|
|
230
230
|
if s.respond_to? :specification_version then
|
|
231
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
|
232
231
|
s.specification_version = 3
|
|
233
232
|
|
|
234
233
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
@@ -5,6 +5,9 @@ module Dragonfly
|
|
|
5
5
|
|
|
6
6
|
class FileDataStore
|
|
7
7
|
|
|
8
|
+
# Exceptions
|
|
9
|
+
class BadUID < RuntimeError; end
|
|
10
|
+
|
|
8
11
|
include Configurable
|
|
9
12
|
|
|
10
13
|
configurable_attr :root_path, '/var/tmp/dragonfly'
|
|
@@ -33,6 +36,7 @@ module Dragonfly
|
|
|
33
36
|
end
|
|
34
37
|
|
|
35
38
|
def retrieve(relative_path)
|
|
39
|
+
validate_uid!(relative_path)
|
|
36
40
|
path = absolute(relative_path)
|
|
37
41
|
file = File.new(path)
|
|
38
42
|
file.close
|
|
@@ -45,6 +49,7 @@ module Dragonfly
|
|
|
45
49
|
end
|
|
46
50
|
|
|
47
51
|
def destroy(relative_path)
|
|
52
|
+
validate_uid!(relative_path)
|
|
48
53
|
path = absolute(relative_path)
|
|
49
54
|
FileUtils.rm path
|
|
50
55
|
FileUtils.rm extra_data_path(path)
|
|
@@ -108,6 +113,10 @@ module Dragonfly
|
|
|
108
113
|
end
|
|
109
114
|
end
|
|
110
115
|
|
|
116
|
+
def validate_uid!(uid)
|
|
117
|
+
raise BadUID, "tried to fetch uid #{uid.inspect} - perhaps due to a malicious user" if uid['..']
|
|
118
|
+
end
|
|
119
|
+
|
|
111
120
|
end
|
|
112
121
|
|
|
113
122
|
end
|
|
@@ -136,11 +136,13 @@ describe Dragonfly::DataStorage::FileDataStore do
|
|
|
136
136
|
end
|
|
137
137
|
|
|
138
138
|
describe "retrieve" do
|
|
139
|
+
|
|
139
140
|
it "should return a closed file" do
|
|
140
141
|
uid = @data_store.store(@temp_object)
|
|
141
142
|
file, extra = @data_store.retrieve(uid)
|
|
142
143
|
file.should be_closed
|
|
143
144
|
end
|
|
145
|
+
|
|
144
146
|
it "should be able to retrieve any file, stored or not (and without extra data)" do
|
|
145
147
|
FileUtils.mkdir_p("#{@data_store.root_path}/jelly_beans/are")
|
|
146
148
|
File.open("#{@data_store.root_path}/jelly_beans/are/good", 'w'){|f| f.write('hey dog') }
|
|
@@ -148,10 +150,15 @@ describe Dragonfly::DataStorage::FileDataStore do
|
|
|
148
150
|
File.read(file.path).should == 'hey dog'
|
|
149
151
|
meta.should == {}
|
|
150
152
|
end
|
|
153
|
+
|
|
154
|
+
it "should raise an error if the file path has .. in it" do
|
|
155
|
+
expect{
|
|
156
|
+
@data_store.retrieve('jelly_beans/../are/good')
|
|
157
|
+
}.to raise_error(Dragonfly::DataStorage::FileDataStore::BadUID)
|
|
158
|
+
end
|
|
151
159
|
end
|
|
152
160
|
|
|
153
161
|
describe "destroying" do
|
|
154
|
-
|
|
155
162
|
it "should raise an error if the data doesn't exist" do
|
|
156
163
|
lambda{
|
|
157
164
|
@data_store.destroy('gooble/gubbub')
|
|
@@ -164,6 +171,11 @@ describe Dragonfly::DataStorage::FileDataStore do
|
|
|
164
171
|
@data_store.root_path.should be_an_empty_directory
|
|
165
172
|
end
|
|
166
173
|
|
|
174
|
+
it "should raise an error if the file path has .. in it" do
|
|
175
|
+
expect{
|
|
176
|
+
@data_store.destroy('jelly_beans/../are/good')
|
|
177
|
+
}.to raise_error(Dragonfly::DataStorage::FileDataStore::BadUID)
|
|
178
|
+
end
|
|
167
179
|
end
|
|
168
180
|
|
|
169
181
|
end
|
metadata
CHANGED
|
@@ -1,12 +1,8 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dragonfly
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
prerelease:
|
|
5
|
-
|
|
6
|
-
- 0
|
|
7
|
-
- 8
|
|
8
|
-
- 2
|
|
9
|
-
version: 0.8.2
|
|
4
|
+
prerelease:
|
|
5
|
+
version: 0.8.4
|
|
10
6
|
platform: ruby
|
|
11
7
|
authors:
|
|
12
8
|
- Mark Evans
|
|
@@ -14,7 +10,7 @@ autorequire:
|
|
|
14
10
|
bindir: bin
|
|
15
11
|
cert_chain: []
|
|
16
12
|
|
|
17
|
-
date: 2011-
|
|
13
|
+
date: 2011-04-27 00:00:00 +01:00
|
|
18
14
|
default_executable:
|
|
19
15
|
dependencies:
|
|
20
16
|
- !ruby/object:Gem::Dependency
|
|
@@ -24,8 +20,6 @@ dependencies:
|
|
|
24
20
|
requirements:
|
|
25
21
|
- - ">="
|
|
26
22
|
- !ruby/object:Gem::Version
|
|
27
|
-
segments:
|
|
28
|
-
- 0
|
|
29
23
|
version: "0"
|
|
30
24
|
type: :development
|
|
31
25
|
prerelease: false
|
|
@@ -37,8 +31,6 @@ dependencies:
|
|
|
37
31
|
requirements:
|
|
38
32
|
- - ">="
|
|
39
33
|
- !ruby/object:Gem::Version
|
|
40
|
-
segments:
|
|
41
|
-
- 0
|
|
42
34
|
version: "0"
|
|
43
35
|
type: :development
|
|
44
36
|
prerelease: false
|
|
@@ -50,10 +42,6 @@ dependencies:
|
|
|
50
42
|
requirements:
|
|
51
43
|
- - "="
|
|
52
44
|
- !ruby/object:Gem::Version
|
|
53
|
-
segments:
|
|
54
|
-
- 0
|
|
55
|
-
- 8
|
|
56
|
-
- 5
|
|
57
45
|
version: 0.8.5
|
|
58
46
|
type: :development
|
|
59
47
|
prerelease: false
|
|
@@ -65,8 +53,6 @@ dependencies:
|
|
|
65
53
|
requirements:
|
|
66
54
|
- - ">="
|
|
67
55
|
- !ruby/object:Gem::Version
|
|
68
|
-
segments:
|
|
69
|
-
- 0
|
|
70
56
|
version: "0"
|
|
71
57
|
type: :development
|
|
72
58
|
prerelease: false
|
|
@@ -78,10 +64,6 @@ dependencies:
|
|
|
78
64
|
requirements:
|
|
79
65
|
- - ">="
|
|
80
66
|
- !ruby/object:Gem::Version
|
|
81
|
-
segments:
|
|
82
|
-
- 0
|
|
83
|
-
- 5
|
|
84
|
-
- 0
|
|
85
67
|
version: 0.5.0
|
|
86
68
|
type: :development
|
|
87
69
|
prerelease: false
|
|
@@ -93,9 +75,6 @@ dependencies:
|
|
|
93
75
|
requirements:
|
|
94
76
|
- - ~>
|
|
95
77
|
- !ruby/object:Gem::Version
|
|
96
|
-
segments:
|
|
97
|
-
- 1
|
|
98
|
-
- 4
|
|
99
78
|
version: "1.4"
|
|
100
79
|
type: :development
|
|
101
80
|
prerelease: false
|
|
@@ -107,10 +86,6 @@ dependencies:
|
|
|
107
86
|
requirements:
|
|
108
87
|
- - "="
|
|
109
88
|
- !ruby/object:Gem::Version
|
|
110
|
-
segments:
|
|
111
|
-
- 2
|
|
112
|
-
- 1
|
|
113
|
-
- 4
|
|
114
89
|
version: 2.1.4
|
|
115
90
|
type: :development
|
|
116
91
|
prerelease: false
|
|
@@ -122,8 +97,6 @@ dependencies:
|
|
|
122
97
|
requirements:
|
|
123
98
|
- - ">="
|
|
124
99
|
- !ruby/object:Gem::Version
|
|
125
|
-
segments:
|
|
126
|
-
- 0
|
|
127
100
|
version: "0"
|
|
128
101
|
type: :development
|
|
129
102
|
prerelease: false
|
|
@@ -135,12 +108,6 @@ dependencies:
|
|
|
135
108
|
requirements:
|
|
136
109
|
- - "="
|
|
137
110
|
- !ruby/object:Gem::Version
|
|
138
|
-
segments:
|
|
139
|
-
- 1
|
|
140
|
-
- 5
|
|
141
|
-
- 0
|
|
142
|
-
- beta
|
|
143
|
-
- 2
|
|
144
111
|
version: 1.5.0.beta.2
|
|
145
112
|
type: :development
|
|
146
113
|
prerelease: false
|
|
@@ -152,9 +119,6 @@ dependencies:
|
|
|
152
119
|
requirements:
|
|
153
120
|
- - ~>
|
|
154
121
|
- !ruby/object:Gem::Version
|
|
155
|
-
segments:
|
|
156
|
-
- 1
|
|
157
|
-
- 1
|
|
158
122
|
version: "1.1"
|
|
159
123
|
type: :development
|
|
160
124
|
prerelease: false
|
|
@@ -166,8 +130,6 @@ dependencies:
|
|
|
166
130
|
requirements:
|
|
167
131
|
- - ">="
|
|
168
132
|
- !ruby/object:Gem::Version
|
|
169
|
-
segments:
|
|
170
|
-
- 0
|
|
171
133
|
version: "0"
|
|
172
134
|
type: :development
|
|
173
135
|
prerelease: false
|
|
@@ -179,10 +141,6 @@ dependencies:
|
|
|
179
141
|
requirements:
|
|
180
142
|
- - "="
|
|
181
143
|
- !ruby/object:Gem::Version
|
|
182
|
-
segments:
|
|
183
|
-
- 3
|
|
184
|
-
- 0
|
|
185
|
-
- 3
|
|
186
144
|
version: 3.0.3
|
|
187
145
|
type: :development
|
|
188
146
|
prerelease: false
|
|
@@ -194,8 +152,6 @@ dependencies:
|
|
|
194
152
|
requirements:
|
|
195
153
|
- - ">="
|
|
196
154
|
- !ruby/object:Gem::Version
|
|
197
|
-
segments:
|
|
198
|
-
- 0
|
|
199
155
|
version: "0"
|
|
200
156
|
type: :development
|
|
201
157
|
prerelease: false
|
|
@@ -207,9 +163,6 @@ dependencies:
|
|
|
207
163
|
requirements:
|
|
208
164
|
- - ~>
|
|
209
165
|
- !ruby/object:Gem::Version
|
|
210
|
-
segments:
|
|
211
|
-
- 1
|
|
212
|
-
- 3
|
|
213
166
|
version: "1.3"
|
|
214
167
|
type: :development
|
|
215
168
|
prerelease: false
|
|
@@ -221,8 +174,6 @@ dependencies:
|
|
|
221
174
|
requirements:
|
|
222
175
|
- - ">="
|
|
223
176
|
- !ruby/object:Gem::Version
|
|
224
|
-
segments:
|
|
225
|
-
- 0
|
|
226
177
|
version: "0"
|
|
227
178
|
type: :development
|
|
228
179
|
prerelease: false
|
|
@@ -234,8 +185,6 @@ dependencies:
|
|
|
234
185
|
requirements:
|
|
235
186
|
- - ">="
|
|
236
187
|
- !ruby/object:Gem::Version
|
|
237
|
-
segments:
|
|
238
|
-
- 0
|
|
239
188
|
version: "0"
|
|
240
189
|
type: :development
|
|
241
190
|
prerelease: false
|
|
@@ -247,10 +196,6 @@ dependencies:
|
|
|
247
196
|
requirements:
|
|
248
197
|
- - "="
|
|
249
198
|
- !ruby/object:Gem::Version
|
|
250
|
-
segments:
|
|
251
|
-
- 2
|
|
252
|
-
- 12
|
|
253
|
-
- 2
|
|
254
199
|
version: 2.12.2
|
|
255
200
|
type: :development
|
|
256
201
|
prerelease: false
|
|
@@ -262,10 +207,6 @@ dependencies:
|
|
|
262
207
|
requirements:
|
|
263
208
|
- - "="
|
|
264
209
|
- !ruby/object:Gem::Version
|
|
265
|
-
segments:
|
|
266
|
-
- 1
|
|
267
|
-
- 3
|
|
268
|
-
- 0
|
|
269
210
|
version: 1.3.0
|
|
270
211
|
type: :development
|
|
271
212
|
prerelease: false
|
|
@@ -277,8 +218,6 @@ dependencies:
|
|
|
277
218
|
requirements:
|
|
278
219
|
- - ">="
|
|
279
220
|
- !ruby/object:Gem::Version
|
|
280
|
-
segments:
|
|
281
|
-
- 0
|
|
282
221
|
version: "0"
|
|
283
222
|
type: :runtime
|
|
284
223
|
prerelease: false
|
|
@@ -464,21 +403,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
464
403
|
requirements:
|
|
465
404
|
- - ">="
|
|
466
405
|
- !ruby/object:Gem::Version
|
|
467
|
-
segments:
|
|
468
|
-
- 0
|
|
469
406
|
version: "0"
|
|
470
407
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
471
408
|
none: false
|
|
472
409
|
requirements:
|
|
473
410
|
- - ">="
|
|
474
411
|
- !ruby/object:Gem::Version
|
|
475
|
-
segments:
|
|
476
|
-
- 0
|
|
477
412
|
version: "0"
|
|
478
413
|
requirements: []
|
|
479
414
|
|
|
480
415
|
rubyforge_project:
|
|
481
|
-
rubygems_version: 1.
|
|
416
|
+
rubygems_version: 1.5.2
|
|
482
417
|
signing_key:
|
|
483
418
|
specification_version: 3
|
|
484
419
|
summary: Dragonfly is an on-the-fly Rack-based image handling framework. It is suitable for use with Rails, Sinatra and other web frameworks. Although it's mainly used for images, it can handle any content type.
|