fleximage 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.rdoc +14 -0
- data/VERSION +1 -1
- data/fleximage.gemspec +4 -3
- data/lib/fleximage/model.rb +28 -6
- data/test/rails_root/db/migrate/001_create_photo_files.rb +1 -0
- data/test/unit/basic_model_test.rb +7 -1
- data/test/unit/image_directory_option_test.rb +2 -0
- data/test/unit/magic_columns_test.rb +4 -0
- data/test/unit/temp_image_test.rb +6 -0
- metadata +6 -2
data/CHANGELOG.rdoc
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
== fleximage 1.0.2 12-14-2009
|
2
|
+
|
3
|
+
* Don't prepend RAILS_ROOT to absolute image directory path
|
4
|
+
* Added support for an "image_format" magic database column
|
5
|
+
* Fixed an issue with saving temp images in Windows
|
6
|
+
* Fixed a temp image vulnerability with directory traversal
|
7
|
+
|
8
|
+
== fleximage 1.0.1 12-13-2009
|
9
|
+
|
10
|
+
* Now with completely passing tests
|
11
|
+
|
12
|
+
== fleximage 1.0.0 12-13-2009
|
13
|
+
|
14
|
+
* Initial gem release.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.2
|
data/fleximage.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{fleximage}
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.2"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
-
s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
|
12
|
-
s.date = %q{2009-12-
|
11
|
+
s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Koji Ando", "Kouhei Sutou", "Lasse Jansen", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
|
12
|
+
s.date = %q{2009-12-14}
|
13
13
|
s.description = %q{Fleximage is a Rails plugin that tries to make image uploading and rendering
|
14
14
|
super easy.
|
15
15
|
}
|
@@ -19,6 +19,7 @@ super easy.
|
|
19
19
|
]
|
20
20
|
s.files = [
|
21
21
|
".gitignore",
|
22
|
+
"CHANGELOG.rdoc",
|
22
23
|
"MIT-LICENSE",
|
23
24
|
"README.rdoc",
|
24
25
|
"Rakefile",
|
data/lib/fleximage/model.rb
CHANGED
@@ -269,10 +269,11 @@ module Fleximage
|
|
269
269
|
#
|
270
270
|
# @some_image.directory_path #=> /var/www/myapp/uploaded_images/2008/3/30
|
271
271
|
def directory_path
|
272
|
-
|
272
|
+
directory = self.class.image_directory
|
273
|
+
raise 'No image directory was defined, cannot generate path' unless directory
|
273
274
|
|
274
275
|
# base directory
|
275
|
-
directory = "#{RAILS_ROOT}/#{
|
276
|
+
directory = "#{RAILS_ROOT}/#{directory}" unless /^\// =~ directory
|
276
277
|
|
277
278
|
# specific creation date based directory suffix.
|
278
279
|
creation = self[:created_at] || self[:created_on]
|
@@ -287,9 +288,28 @@ module Fleximage
|
|
287
288
|
#
|
288
289
|
# @some_image.file_path #=> /var/www/myapp/uploaded_images/123.png
|
289
290
|
def file_path
|
290
|
-
"#{directory_path}/#{id}.#{
|
291
|
+
"#{directory_path}/#{id}.#{extension}"
|
292
|
+
end
|
293
|
+
|
294
|
+
# Returns original format of the image if the image_format column exists
|
295
|
+
# otherwise returns the globally set format.
|
296
|
+
def extension
|
297
|
+
if self.respond_to?( :image_format)
|
298
|
+
case image_format
|
299
|
+
when "JPEG"
|
300
|
+
"jpg"
|
301
|
+
else
|
302
|
+
image_format ? image_format.downcase : self.class.image_storage_format
|
303
|
+
end
|
304
|
+
else
|
305
|
+
self.class.image_storage_format
|
306
|
+
end
|
291
307
|
end
|
292
308
|
|
309
|
+
def url_format
|
310
|
+
extension.to_sym
|
311
|
+
end
|
312
|
+
|
293
313
|
# Sets the image file for this record to an uploaded file. This can
|
294
314
|
# be called directly, or passively like from an ActiveRecord mass
|
295
315
|
# assignment.
|
@@ -405,7 +425,7 @@ module Fleximage
|
|
405
425
|
# uploaded. Use as a hidden field in your forms to keep an uploaded image when
|
406
426
|
# validation fails and the form needs to be redisplayed
|
407
427
|
def image_file_temp=(file_name)
|
408
|
-
if !@uploaded_image && file_name && file_name.present?
|
428
|
+
if !@uploaded_image && file_name && file_name.present? && file_name !~ %r{\.\./}
|
409
429
|
@image_file_temp = file_name
|
410
430
|
file_path = "#{RAILS_ROOT}/tmp/fleximage/#{file_name}"
|
411
431
|
|
@@ -574,7 +594,7 @@ module Fleximage
|
|
574
594
|
perform_preprocess_operation
|
575
595
|
|
576
596
|
# Convert to storage format
|
577
|
-
@uploaded_image.format = self.class.image_storage_format.to_s.upcase
|
597
|
+
@uploaded_image.format = self.class.image_storage_format.to_s.upcase unless respond_to?(:image_format)
|
578
598
|
|
579
599
|
# Write image data to the DB field
|
580
600
|
if self.class.db_store?
|
@@ -623,6 +643,7 @@ module Fleximage
|
|
623
643
|
self.image_filename = nil if respond_to?(:image_filename=)
|
624
644
|
self.image_width = nil if respond_to?(:image_width=)
|
625
645
|
self.image_height = nil if respond_to?(:image_height=)
|
646
|
+
self.image_format = nil if respond_to?(:image_format=)
|
626
647
|
end
|
627
648
|
end
|
628
649
|
|
@@ -635,6 +656,7 @@ module Fleximage
|
|
635
656
|
end
|
636
657
|
self.image_width = @uploaded_image.columns if self.respond_to?(:image_width=)
|
637
658
|
self.image_height = @uploaded_image.rows if self.respond_to?(:image_height=)
|
659
|
+
self.image_format = @uploaded_image.format if self.respond_to?(:image_format=)
|
638
660
|
end
|
639
661
|
|
640
662
|
# Save the image in the rails tmp directory
|
@@ -643,7 +665,7 @@ module Fleximage
|
|
643
665
|
@image_file_temp = Time.now.to_f.to_s.sub('.', '_')
|
644
666
|
path = "#{RAILS_ROOT}/tmp/fleximage"
|
645
667
|
FileUtils.mkdir_p(path)
|
646
|
-
File.open("#{path}/#{@image_file_temp}", '
|
668
|
+
File.open("#{path}/#{@image_file_temp}", 'wb') do |f|
|
647
669
|
file.rewind
|
648
670
|
f.write file.read
|
649
671
|
end
|
@@ -11,7 +11,6 @@ class FleximageBasicModelTest < Test::Unit::TestCase
|
|
11
11
|
assert_equal "#{RAILS_ROOT}/public/uploads/#{Time.now.year}/#{Time.now.month}/#{Time.now.day}", p.directory_path
|
12
12
|
end
|
13
13
|
|
14
|
-
|
15
14
|
def test_should_have_correct_file_path_without_creation_date_based_storage
|
16
15
|
PhotoBare.use_creation_date_based_directories = false
|
17
16
|
p = PhotoBare.create(:image_file => files(:photo))
|
@@ -27,4 +26,11 @@ class FleximageBasicModelTest < Test::Unit::TestCase
|
|
27
26
|
ensure
|
28
27
|
PhotoBare.use_creation_date_based_directories = true
|
29
28
|
end
|
29
|
+
|
30
|
+
def test_should_not_prepend_rails_root_to_absolute_path
|
31
|
+
PhotoBare.image_directory = '/tmp'
|
32
|
+
PhotoBare.use_creation_date_based_directories = false
|
33
|
+
p = PhotoBare.create(:image_file => files(:photo))
|
34
|
+
assert_equal '/tmp', p.directory_path
|
35
|
+
end
|
30
36
|
end
|
@@ -2,12 +2,14 @@ require File.dirname(__FILE__) + '/../../test/test_helper'
|
|
2
2
|
|
3
3
|
class FleximageImageDirectoryOptionTest < Test::Unit::TestCase
|
4
4
|
def test_should_store_in_default_image_directory
|
5
|
+
PhotoBare.use_creation_date_based_directories = true
|
5
6
|
p = PhotoBare.create(:image_file => files(:photo))
|
6
7
|
assert_match %r{public/uploads/\d+/\d+/\d+/\d+}, p.file_path
|
7
8
|
assert File.exists?(p.file_path)
|
8
9
|
end
|
9
10
|
|
10
11
|
def test_should_set_image_directory
|
12
|
+
PhotoBare.use_creation_date_based_directories = true
|
11
13
|
PhotoBare.image_directory = 'public/uploads/foo'
|
12
14
|
p = PhotoBare.create(:image_file => files(:photo))
|
13
15
|
assert_match %r{public/uploads/foo/\d+/\d+/\d+/\d+}, p.file_path
|
@@ -6,6 +6,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
|
|
6
6
|
assert_equal 'photo.jpg', p.image_filename
|
7
7
|
assert_equal 1024, p.image_height
|
8
8
|
assert_equal 768, p.image_width
|
9
|
+
assert_equal 'JPEG', p.image_format
|
10
|
+
assert_equal 'jpg', p.extension
|
9
11
|
end
|
10
12
|
|
11
13
|
def test_should_save_data_in_magic_columns_from_url
|
@@ -13,6 +15,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
|
|
13
15
|
assert_equal files(:web_photo), p.image_filename
|
14
16
|
assert_equal 110, p.image_height
|
15
17
|
assert_equal 276, p.image_width
|
18
|
+
assert_equal 'GIF', p.image_format
|
19
|
+
assert_equal 'gif', p.extension
|
16
20
|
rescue SocketError
|
17
21
|
print '!'
|
18
22
|
end
|
@@ -14,4 +14,10 @@ class FleximageTempImageTest < Test::Unit::TestCase
|
|
14
14
|
assert File.exists?(a2.file_path)
|
15
15
|
assert !File.exists?("#{RAILS_ROOT}/tmp/fleximage/#{temp_file_path}")
|
16
16
|
end
|
17
|
+
|
18
|
+
def test_should_prevent_directory_traversal_attacks
|
19
|
+
a1 = Avatar.new(:image_file_temp => '../fleximage/photo.jpg')
|
20
|
+
assert !a1.save
|
21
|
+
assert_equal nil, a1.image_file_temp
|
22
|
+
end
|
17
23
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fleximage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alex Wayne
|
@@ -9,6 +9,9 @@ authors:
|
|
9
9
|
- JJ Buckley
|
10
10
|
- Jason Lee
|
11
11
|
- Joshua Abbott
|
12
|
+
- Koji Ando
|
13
|
+
- Kouhei Sutou
|
14
|
+
- Lasse Jansen
|
12
15
|
- "Lo\xC3\xAFc Guitaut"
|
13
16
|
- Martin Vielsmaier
|
14
17
|
- Squeegy
|
@@ -17,7 +20,7 @@ autorequire:
|
|
17
20
|
bindir: bin
|
18
21
|
cert_chain: []
|
19
22
|
|
20
|
-
date: 2009-12-
|
23
|
+
date: 2009-12-14 00:00:00 -08:00
|
21
24
|
default_executable:
|
22
25
|
dependencies:
|
23
26
|
- !ruby/object:Gem::Dependency
|
@@ -63,6 +66,7 @@ extra_rdoc_files:
|
|
63
66
|
- README.rdoc
|
64
67
|
files:
|
65
68
|
- .gitignore
|
69
|
+
- CHANGELOG.rdoc
|
66
70
|
- MIT-LICENSE
|
67
71
|
- README.rdoc
|
68
72
|
- Rakefile
|