fleximage 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/CHANGELOG.rdoc +14 -0
  2. data/VERSION +1 -1
  3. data/fleximage.gemspec +4 -3
  4. data/lib/fleximage/model.rb +28 -6
  5. data/test/rails_root/db/migrate/001_create_photo_files.rb +1 -0
  6. data/test/unit/basic_model_test.rb +7 -1
  7. data/test/unit/image_directory_option_test.rb +2 -0
  8. data/test/unit/magic_columns_test.rb +4 -0
  9. data/test/unit/temp_image_test.rb +6 -0
  10. metadata +6 -2
data/CHANGELOG.rdoc ADDED
@@ -0,0 +1,14 @@
1
+ == fleximage 1.0.2 12-14-2009
2
+
3
+ * Don't prepend RAILS_ROOT to absolute image directory path
4
+ * Added support for an "image_format" magic database column
5
+ * Fixed an issue with saving temp images in Windows
6
+ * Fixed a temp image vulnerability with directory traversal
7
+
8
+ == fleximage 1.0.1 12-13-2009
9
+
10
+ * Now with completely passing tests
11
+
12
+ == fleximage 1.0.0 12-13-2009
13
+
14
+ * Initial gem release.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.1
1
+ 1.0.2
data/fleximage.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{fleximage}
8
- s.version = "1.0.1"
8
+ s.version = "1.0.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
- s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
12
- s.date = %q{2009-12-13}
11
+ s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Koji Ando", "Kouhei Sutou", "Lasse Jansen", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
12
+ s.date = %q{2009-12-14}
13
13
  s.description = %q{Fleximage is a Rails plugin that tries to make image uploading and rendering
14
14
  super easy.
15
15
  }
@@ -19,6 +19,7 @@ super easy.
19
19
  ]
20
20
  s.files = [
21
21
  ".gitignore",
22
+ "CHANGELOG.rdoc",
22
23
  "MIT-LICENSE",
23
24
  "README.rdoc",
24
25
  "Rakefile",
data/lib/fleximage/model.rb CHANGED
@@ -269,10 +269,11 @@ module Fleximage
269
269
  #
270
270
  # @some_image.directory_path #=> /var/www/myapp/uploaded_images/2008/3/30
271
271
  def directory_path
272
- raise 'No image directory was defined, cannot generate path' unless self.class.image_directory
272
+ directory = self.class.image_directory
273
+ raise 'No image directory was defined, cannot generate path' unless directory
273
274
 
274
275
  # base directory
275
- directory = "#{RAILS_ROOT}/#{self.class.image_directory}"
276
+ directory = "#{RAILS_ROOT}/#{directory}" unless /^\// =~ directory
276
277
 
277
278
  # specific creation date based directory suffix.
278
279
  creation = self[:created_at] || self[:created_on]
@@ -287,9 +288,28 @@ module Fleximage
287
288
  #
288
289
  # @some_image.file_path #=> /var/www/myapp/uploaded_images/123.png
289
290
  def file_path
290
- "#{directory_path}/#{id}.#{self.class.image_storage_format}"
291
+ "#{directory_path}/#{id}.#{extension}"
292
+ end
293
+
294
+ # Returns original format of the image if the image_format column exists
295
+ # otherwise returns the globally set format.
296
+ def extension
297
+ if self.respond_to?( :image_format)
298
+ case image_format
299
+ when "JPEG"
300
+ "jpg"
301
+ else
302
+ image_format ? image_format.downcase : self.class.image_storage_format
303
+ end
304
+ else
305
+ self.class.image_storage_format
306
+ end
291
307
  end
292
308
 
309
+ def url_format
310
+ extension.to_sym
311
+ end
312
+
293
313
  # Sets the image file for this record to an uploaded file. This can
294
314
  # be called directly, or passively like from an ActiveRecord mass
295
315
  # assignment.
@@ -405,7 +425,7 @@ module Fleximage
405
425
  # uploaded. Use as a hidden field in your forms to keep an uploaded image when
406
426
  # validation fails and the form needs to be redisplayed
407
427
  def image_file_temp=(file_name)
408
- if !@uploaded_image && file_name && file_name.present?
428
+ if !@uploaded_image && file_name && file_name.present? && file_name !~ %r{\.\./}
409
429
  @image_file_temp = file_name
410
430
  file_path = "#{RAILS_ROOT}/tmp/fleximage/#{file_name}"
411
431
 
@@ -574,7 +594,7 @@ module Fleximage
574
594
  perform_preprocess_operation
575
595
 
576
596
  # Convert to storage format
577
- @uploaded_image.format = self.class.image_storage_format.to_s.upcase
597
+ @uploaded_image.format = self.class.image_storage_format.to_s.upcase unless respond_to?(:image_format)
578
598
 
579
599
  # Write image data to the DB field
580
600
  if self.class.db_store?
@@ -623,6 +643,7 @@ module Fleximage
623
643
  self.image_filename = nil if respond_to?(:image_filename=)
624
644
  self.image_width = nil if respond_to?(:image_width=)
625
645
  self.image_height = nil if respond_to?(:image_height=)
646
+ self.image_format = nil if respond_to?(:image_format=)
626
647
  end
627
648
  end
628
649
 
@@ -635,6 +656,7 @@ module Fleximage
635
656
  end
636
657
  self.image_width = @uploaded_image.columns if self.respond_to?(:image_width=)
637
658
  self.image_height = @uploaded_image.rows if self.respond_to?(:image_height=)
659
+ self.image_format = @uploaded_image.format if self.respond_to?(:image_format=)
638
660
  end
639
661
 
640
662
  # Save the image in the rails tmp directory
@@ -643,7 +665,7 @@ module Fleximage
643
665
  @image_file_temp = Time.now.to_f.to_s.sub('.', '_')
644
666
  path = "#{RAILS_ROOT}/tmp/fleximage"
645
667
  FileUtils.mkdir_p(path)
646
- File.open("#{path}/#{@image_file_temp}", 'w') do |f|
668
+ File.open("#{path}/#{@image_file_temp}", 'wb') do |f|
647
669
  file.rewind
648
670
  f.write file.read
649
671
  end
data/test/rails_root/db/migrate/001_create_photo_files.rb CHANGED
@@ -4,6 +4,7 @@ class CreatePhotoFiles < ActiveRecord::Migration
4
4
  t.string :image_filename
5
5
  t.integer :image_width
6
6
  t.integer :image_height
7
+ t.string :image_format
7
8
 
8
9
  t.timestamps
9
10
  end
data/test/unit/basic_model_test.rb CHANGED
@@ -11,7 +11,6 @@ class FleximageBasicModelTest < Test::Unit::TestCase
11
11
  assert_equal "#{RAILS_ROOT}/public/uploads/#{Time.now.year}/#{Time.now.month}/#{Time.now.day}", p.directory_path
12
12
  end
13
13
 
14
-
15
14
  def test_should_have_correct_file_path_without_creation_date_based_storage
16
15
  PhotoBare.use_creation_date_based_directories = false
17
16
  p = PhotoBare.create(:image_file => files(:photo))
@@ -27,4 +26,11 @@ class FleximageBasicModelTest < Test::Unit::TestCase
27
26
  ensure
28
27
  PhotoBare.use_creation_date_based_directories = true
29
28
  end
29
+
30
+ def test_should_not_prepend_rails_root_to_absolute_path
31
+ PhotoBare.image_directory = '/tmp'
32
+ PhotoBare.use_creation_date_based_directories = false
33
+ p = PhotoBare.create(:image_file => files(:photo))
34
+ assert_equal '/tmp', p.directory_path
35
+ end
30
36
  end
data/test/unit/image_directory_option_test.rb CHANGED
@@ -2,12 +2,14 @@ require File.dirname(__FILE__) + '/../../test/test_helper'
2
2
 
3
3
  class FleximageImageDirectoryOptionTest < Test::Unit::TestCase
4
4
  def test_should_store_in_default_image_directory
5
+ PhotoBare.use_creation_date_based_directories = true
5
6
  p = PhotoBare.create(:image_file => files(:photo))
6
7
  assert_match %r{public/uploads/\d+/\d+/\d+/\d+}, p.file_path
7
8
  assert File.exists?(p.file_path)
8
9
  end
9
10
 
10
11
  def test_should_set_image_directory
12
+ PhotoBare.use_creation_date_based_directories = true
11
13
  PhotoBare.image_directory = 'public/uploads/foo'
12
14
  p = PhotoBare.create(:image_file => files(:photo))
13
15
  assert_match %r{public/uploads/foo/\d+/\d+/\d+/\d+}, p.file_path
data/test/unit/magic_columns_test.rb CHANGED
@@ -6,6 +6,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
6
6
  assert_equal 'photo.jpg', p.image_filename
7
7
  assert_equal 1024, p.image_height
8
8
  assert_equal 768, p.image_width
9
+ assert_equal 'JPEG', p.image_format
10
+ assert_equal 'jpg', p.extension
9
11
  end
10
12
 
11
13
  def test_should_save_data_in_magic_columns_from_url
@@ -13,6 +15,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
13
15
  assert_equal files(:web_photo), p.image_filename
14
16
  assert_equal 110, p.image_height
15
17
  assert_equal 276, p.image_width
18
+ assert_equal 'GIF', p.image_format
19
+ assert_equal 'gif', p.extension
16
20
  rescue SocketError
17
21
  print '!'
18
22
  end
data/test/unit/temp_image_test.rb CHANGED
@@ -14,4 +14,10 @@ class FleximageTempImageTest < Test::Unit::TestCase
14
14
  assert File.exists?(a2.file_path)
15
15
  assert !File.exists?("#{RAILS_ROOT}/tmp/fleximage/#{temp_file_path}")
16
16
  end
17
+
18
+ def test_should_prevent_directory_traversal_attacks
19
+ a1 = Avatar.new(:image_file_temp => '../fleximage/photo.jpg')
20
+ assert !a1.save
21
+ assert_equal nil, a1.image_file_temp
22
+ end
17
23
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fleximage
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alex Wayne
@@ -9,6 +9,9 @@ authors:
9
9
  - JJ Buckley
10
10
  - Jason Lee
11
11
  - Joshua Abbott
12
+ - Koji Ando
13
+ - Kouhei Sutou
14
+ - Lasse Jansen
12
15
  - "Lo\xC3\xAFc Guitaut"
13
16
  - Martin Vielsmaier
14
17
  - Squeegy
@@ -17,7 +20,7 @@ autorequire:
17
20
  bindir: bin
18
21
  cert_chain: []
19
22
 
20
- date: 2009-12-13 00:00:00 -08:00
23
+ date: 2009-12-14 00:00:00 -08:00
21
24
  default_executable:
22
25
  dependencies:
23
26
  - !ruby/object:Gem::Dependency
@@ -63,6 +66,7 @@ extra_rdoc_files:
63
66
  - README.rdoc
64
67
  files:
65
68
  - .gitignore
69
+ - CHANGELOG.rdoc
66
70
  - MIT-LICENSE
67
71
  - README.rdoc
68
72
  - Rakefile