fleximage 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/CHANGELOG.rdoc ADDED
@@ -0,0 +1,14 @@
1
+ == fleximage 1.0.2 12-14-2009
2
+
3
+ * Don't prepend RAILS_ROOT to absolute image directory path
4
+ * Added support for an "image_format" magic database column
5
+ * Fixed an issue with saving temp images in Windows
6
+ * Fixed a temp image vulnerability with directory traversal
7
+
8
+ == fleximage 1.0.1 12-13-2009
9
+
10
+ * Now with completely passing tests
11
+
12
+ == fleximage 1.0.0 12-13-2009
13
+
14
+ * Initial gem release.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.1
1
+ 1.0.2
data/fleximage.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{fleximage}
8
- s.version = "1.0.1"
8
+ s.version = "1.0.2"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
- s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
12
- s.date = %q{2009-12-13}
11
+ s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Koji Ando", "Kouhei Sutou", "Lasse Jansen", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
12
+ s.date = %q{2009-12-14}
13
13
  s.description = %q{Fleximage is a Rails plugin that tries to make image uploading and rendering
14
14
  super easy.
15
15
  }
@@ -19,6 +19,7 @@ super easy.
19
19
  ]
20
20
  s.files = [
21
21
  ".gitignore",
22
+ "CHANGELOG.rdoc",
22
23
  "MIT-LICENSE",
23
24
  "README.rdoc",
24
25
  "Rakefile",
@@ -269,10 +269,11 @@ module Fleximage
269
269
  #
270
270
  # @some_image.directory_path #=> /var/www/myapp/uploaded_images/2008/3/30
271
271
  def directory_path
272
- raise 'No image directory was defined, cannot generate path' unless self.class.image_directory
272
+ directory = self.class.image_directory
273
+ raise 'No image directory was defined, cannot generate path' unless directory
273
274
 
274
275
  # base directory
275
- directory = "#{RAILS_ROOT}/#{self.class.image_directory}"
276
+ directory = "#{RAILS_ROOT}/#{directory}" unless /^\// =~ directory
276
277
 
277
278
  # specific creation date based directory suffix.
278
279
  creation = self[:created_at] || self[:created_on]
@@ -287,9 +288,28 @@ module Fleximage
287
288
  #
288
289
  # @some_image.file_path #=> /var/www/myapp/uploaded_images/123.png
289
290
  def file_path
290
- "#{directory_path}/#{id}.#{self.class.image_storage_format}"
291
+ "#{directory_path}/#{id}.#{extension}"
292
+ end
293
+
294
+ # Returns original format of the image if the image_format column exists
295
+ # otherwise returns the globally set format.
296
+ def extension
297
+ if self.respond_to?( :image_format)
298
+ case image_format
299
+ when "JPEG"
300
+ "jpg"
301
+ else
302
+ image_format ? image_format.downcase : self.class.image_storage_format
303
+ end
304
+ else
305
+ self.class.image_storage_format
306
+ end
291
307
  end
292
308
 
309
+ def url_format
310
+ extension.to_sym
311
+ end
312
+
293
313
  # Sets the image file for this record to an uploaded file. This can
294
314
  # be called directly, or passively like from an ActiveRecord mass
295
315
  # assignment.
@@ -405,7 +425,7 @@ module Fleximage
405
425
  # uploaded. Use as a hidden field in your forms to keep an uploaded image when
406
426
  # validation fails and the form needs to be redisplayed
407
427
  def image_file_temp=(file_name)
408
- if !@uploaded_image && file_name && file_name.present?
428
+ if !@uploaded_image && file_name && file_name.present? && file_name !~ %r{\.\./}
409
429
  @image_file_temp = file_name
410
430
  file_path = "#{RAILS_ROOT}/tmp/fleximage/#{file_name}"
411
431
 
@@ -574,7 +594,7 @@ module Fleximage
574
594
  perform_preprocess_operation
575
595
 
576
596
  # Convert to storage format
577
- @uploaded_image.format = self.class.image_storage_format.to_s.upcase
597
+ @uploaded_image.format = self.class.image_storage_format.to_s.upcase unless respond_to?(:image_format)
578
598
 
579
599
  # Write image data to the DB field
580
600
  if self.class.db_store?
@@ -623,6 +643,7 @@ module Fleximage
623
643
  self.image_filename = nil if respond_to?(:image_filename=)
624
644
  self.image_width = nil if respond_to?(:image_width=)
625
645
  self.image_height = nil if respond_to?(:image_height=)
646
+ self.image_format = nil if respond_to?(:image_format=)
626
647
  end
627
648
  end
628
649
 
@@ -635,6 +656,7 @@ module Fleximage
635
656
  end
636
657
  self.image_width = @uploaded_image.columns if self.respond_to?(:image_width=)
637
658
  self.image_height = @uploaded_image.rows if self.respond_to?(:image_height=)
659
+ self.image_format = @uploaded_image.format if self.respond_to?(:image_format=)
638
660
  end
639
661
 
640
662
  # Save the image in the rails tmp directory
@@ -643,7 +665,7 @@ module Fleximage
643
665
  @image_file_temp = Time.now.to_f.to_s.sub('.', '_')
644
666
  path = "#{RAILS_ROOT}/tmp/fleximage"
645
667
  FileUtils.mkdir_p(path)
646
- File.open("#{path}/#{@image_file_temp}", 'w') do |f|
668
+ File.open("#{path}/#{@image_file_temp}", 'wb') do |f|
647
669
  file.rewind
648
670
  f.write file.read
649
671
  end
@@ -4,6 +4,7 @@ class CreatePhotoFiles < ActiveRecord::Migration
4
4
  t.string :image_filename
5
5
  t.integer :image_width
6
6
  t.integer :image_height
7
+ t.string :image_format
7
8
 
8
9
  t.timestamps
9
10
  end
@@ -11,7 +11,6 @@ class FleximageBasicModelTest < Test::Unit::TestCase
11
11
  assert_equal "#{RAILS_ROOT}/public/uploads/#{Time.now.year}/#{Time.now.month}/#{Time.now.day}", p.directory_path
12
12
  end
13
13
 
14
-
15
14
  def test_should_have_correct_file_path_without_creation_date_based_storage
16
15
  PhotoBare.use_creation_date_based_directories = false
17
16
  p = PhotoBare.create(:image_file => files(:photo))
@@ -27,4 +26,11 @@ class FleximageBasicModelTest < Test::Unit::TestCase
27
26
  ensure
28
27
  PhotoBare.use_creation_date_based_directories = true
29
28
  end
29
+
30
+ def test_should_not_prepend_rails_root_to_absolute_path
31
+ PhotoBare.image_directory = '/tmp'
32
+ PhotoBare.use_creation_date_based_directories = false
33
+ p = PhotoBare.create(:image_file => files(:photo))
34
+ assert_equal '/tmp', p.directory_path
35
+ end
30
36
  end
@@ -2,12 +2,14 @@ require File.dirname(__FILE__) + '/../../test/test_helper'
2
2
 
3
3
  class FleximageImageDirectoryOptionTest < Test::Unit::TestCase
4
4
  def test_should_store_in_default_image_directory
5
+ PhotoBare.use_creation_date_based_directories = true
5
6
  p = PhotoBare.create(:image_file => files(:photo))
6
7
  assert_match %r{public/uploads/\d+/\d+/\d+/\d+}, p.file_path
7
8
  assert File.exists?(p.file_path)
8
9
  end
9
10
 
10
11
  def test_should_set_image_directory
12
+ PhotoBare.use_creation_date_based_directories = true
11
13
  PhotoBare.image_directory = 'public/uploads/foo'
12
14
  p = PhotoBare.create(:image_file => files(:photo))
13
15
  assert_match %r{public/uploads/foo/\d+/\d+/\d+/\d+}, p.file_path
@@ -6,6 +6,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
6
6
  assert_equal 'photo.jpg', p.image_filename
7
7
  assert_equal 1024, p.image_height
8
8
  assert_equal 768, p.image_width
9
+ assert_equal 'JPEG', p.image_format
10
+ assert_equal 'jpg', p.extension
9
11
  end
10
12
 
11
13
  def test_should_save_data_in_magic_columns_from_url
@@ -13,6 +15,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
13
15
  assert_equal files(:web_photo), p.image_filename
14
16
  assert_equal 110, p.image_height
15
17
  assert_equal 276, p.image_width
18
+ assert_equal 'GIF', p.image_format
19
+ assert_equal 'gif', p.extension
16
20
  rescue SocketError
17
21
  print '!'
18
22
  end
@@ -14,4 +14,10 @@ class FleximageTempImageTest < Test::Unit::TestCase
14
14
  assert File.exists?(a2.file_path)
15
15
  assert !File.exists?("#{RAILS_ROOT}/tmp/fleximage/#{temp_file_path}")
16
16
  end
17
+
18
+ def test_should_prevent_directory_traversal_attacks
19
+ a1 = Avatar.new(:image_file_temp => '../fleximage/photo.jpg')
20
+ assert !a1.save
21
+ assert_equal nil, a1.image_file_temp
22
+ end
17
23
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fleximage
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alex Wayne
@@ -9,6 +9,9 @@ authors:
9
9
  - JJ Buckley
10
10
  - Jason Lee
11
11
  - Joshua Abbott
12
+ - Koji Ando
13
+ - Kouhei Sutou
14
+ - Lasse Jansen
12
15
  - "Lo\xC3\xAFc Guitaut"
13
16
  - Martin Vielsmaier
14
17
  - Squeegy
@@ -17,7 +20,7 @@ autorequire:
17
20
  bindir: bin
18
21
  cert_chain: []
19
22
 
20
- date: 2009-12-13 00:00:00 -08:00
23
+ date: 2009-12-14 00:00:00 -08:00
21
24
  default_executable:
22
25
  dependencies:
23
26
  - !ruby/object:Gem::Dependency
@@ -63,6 +66,7 @@ extra_rdoc_files:
63
66
  - README.rdoc
64
67
  files:
65
68
  - .gitignore
69
+ - CHANGELOG.rdoc
66
70
  - MIT-LICENSE
67
71
  - README.rdoc
68
72
  - Rakefile