fleximage 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +14 -0
- data/VERSION +1 -1
- data/fleximage.gemspec +4 -3
- data/lib/fleximage/model.rb +28 -6
- data/test/rails_root/db/migrate/001_create_photo_files.rb +1 -0
- data/test/unit/basic_model_test.rb +7 -1
- data/test/unit/image_directory_option_test.rb +2 -0
- data/test/unit/magic_columns_test.rb +4 -0
- data/test/unit/temp_image_test.rb +6 -0
- metadata +6 -2
data/CHANGELOG.rdoc
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
== fleximage 1.0.2 12-14-2009
|
2
|
+
|
3
|
+
* Don't prepend RAILS_ROOT to absolute image directory path
|
4
|
+
* Added support for an "image_format" magic database column
|
5
|
+
* Fixed an issue with saving temp images in Windows
|
6
|
+
* Fixed a temp image vulnerability with directory traversal
|
7
|
+
|
8
|
+
== fleximage 1.0.1 12-13-2009
|
9
|
+
|
10
|
+
* Now with completely passing tests
|
11
|
+
|
12
|
+
== fleximage 1.0.0 12-13-2009
|
13
|
+
|
14
|
+
* Initial gem release.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.2
|
data/fleximage.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{fleximage}
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.2"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
-
s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
|
12
|
-
s.date = %q{2009-12-
|
11
|
+
s.authors = ["Alex Wayne", "Andrew White", "JJ Buckley", "Jason Lee", "Joshua Abbott", "Koji Ando", "Kouhei Sutou", "Lasse Jansen", "Lo\303\257c Guitaut", "Martin Vielsmaier", "Squeegy", "Vannoy"]
|
12
|
+
s.date = %q{2009-12-14}
|
13
13
|
s.description = %q{Fleximage is a Rails plugin that tries to make image uploading and rendering
|
14
14
|
super easy.
|
15
15
|
}
|
@@ -19,6 +19,7 @@ super easy.
|
|
19
19
|
]
|
20
20
|
s.files = [
|
21
21
|
".gitignore",
|
22
|
+
"CHANGELOG.rdoc",
|
22
23
|
"MIT-LICENSE",
|
23
24
|
"README.rdoc",
|
24
25
|
"Rakefile",
|
data/lib/fleximage/model.rb
CHANGED
@@ -269,10 +269,11 @@ module Fleximage
|
|
269
269
|
#
|
270
270
|
# @some_image.directory_path #=> /var/www/myapp/uploaded_images/2008/3/30
|
271
271
|
def directory_path
|
272
|
-
|
272
|
+
directory = self.class.image_directory
|
273
|
+
raise 'No image directory was defined, cannot generate path' unless directory
|
273
274
|
|
274
275
|
# base directory
|
275
|
-
directory = "#{RAILS_ROOT}/#{
|
276
|
+
directory = "#{RAILS_ROOT}/#{directory}" unless /^\// =~ directory
|
276
277
|
|
277
278
|
# specific creation date based directory suffix.
|
278
279
|
creation = self[:created_at] || self[:created_on]
|
@@ -287,9 +288,28 @@ module Fleximage
|
|
287
288
|
#
|
288
289
|
# @some_image.file_path #=> /var/www/myapp/uploaded_images/123.png
|
289
290
|
def file_path
|
290
|
-
"#{directory_path}/#{id}.#{
|
291
|
+
"#{directory_path}/#{id}.#{extension}"
|
292
|
+
end
|
293
|
+
|
294
|
+
# Returns original format of the image if the image_format column exists
|
295
|
+
# otherwise returns the globally set format.
|
296
|
+
def extension
|
297
|
+
if self.respond_to?( :image_format)
|
298
|
+
case image_format
|
299
|
+
when "JPEG"
|
300
|
+
"jpg"
|
301
|
+
else
|
302
|
+
image_format ? image_format.downcase : self.class.image_storage_format
|
303
|
+
end
|
304
|
+
else
|
305
|
+
self.class.image_storage_format
|
306
|
+
end
|
291
307
|
end
|
292
308
|
|
309
|
+
def url_format
|
310
|
+
extension.to_sym
|
311
|
+
end
|
312
|
+
|
293
313
|
# Sets the image file for this record to an uploaded file. This can
|
294
314
|
# be called directly, or passively like from an ActiveRecord mass
|
295
315
|
# assignment.
|
@@ -405,7 +425,7 @@ module Fleximage
|
|
405
425
|
# uploaded. Use as a hidden field in your forms to keep an uploaded image when
|
406
426
|
# validation fails and the form needs to be redisplayed
|
407
427
|
def image_file_temp=(file_name)
|
408
|
-
if !@uploaded_image && file_name && file_name.present?
|
428
|
+
if !@uploaded_image && file_name && file_name.present? && file_name !~ %r{\.\./}
|
409
429
|
@image_file_temp = file_name
|
410
430
|
file_path = "#{RAILS_ROOT}/tmp/fleximage/#{file_name}"
|
411
431
|
|
@@ -574,7 +594,7 @@ module Fleximage
|
|
574
594
|
perform_preprocess_operation
|
575
595
|
|
576
596
|
# Convert to storage format
|
577
|
-
@uploaded_image.format = self.class.image_storage_format.to_s.upcase
|
597
|
+
@uploaded_image.format = self.class.image_storage_format.to_s.upcase unless respond_to?(:image_format)
|
578
598
|
|
579
599
|
# Write image data to the DB field
|
580
600
|
if self.class.db_store?
|
@@ -623,6 +643,7 @@ module Fleximage
|
|
623
643
|
self.image_filename = nil if respond_to?(:image_filename=)
|
624
644
|
self.image_width = nil if respond_to?(:image_width=)
|
625
645
|
self.image_height = nil if respond_to?(:image_height=)
|
646
|
+
self.image_format = nil if respond_to?(:image_format=)
|
626
647
|
end
|
627
648
|
end
|
628
649
|
|
@@ -635,6 +656,7 @@ module Fleximage
|
|
635
656
|
end
|
636
657
|
self.image_width = @uploaded_image.columns if self.respond_to?(:image_width=)
|
637
658
|
self.image_height = @uploaded_image.rows if self.respond_to?(:image_height=)
|
659
|
+
self.image_format = @uploaded_image.format if self.respond_to?(:image_format=)
|
638
660
|
end
|
639
661
|
|
640
662
|
# Save the image in the rails tmp directory
|
@@ -643,7 +665,7 @@ module Fleximage
|
|
643
665
|
@image_file_temp = Time.now.to_f.to_s.sub('.', '_')
|
644
666
|
path = "#{RAILS_ROOT}/tmp/fleximage"
|
645
667
|
FileUtils.mkdir_p(path)
|
646
|
-
File.open("#{path}/#{@image_file_temp}", '
|
668
|
+
File.open("#{path}/#{@image_file_temp}", 'wb') do |f|
|
647
669
|
file.rewind
|
648
670
|
f.write file.read
|
649
671
|
end
|
@@ -11,7 +11,6 @@ class FleximageBasicModelTest < Test::Unit::TestCase
|
|
11
11
|
assert_equal "#{RAILS_ROOT}/public/uploads/#{Time.now.year}/#{Time.now.month}/#{Time.now.day}", p.directory_path
|
12
12
|
end
|
13
13
|
|
14
|
-
|
15
14
|
def test_should_have_correct_file_path_without_creation_date_based_storage
|
16
15
|
PhotoBare.use_creation_date_based_directories = false
|
17
16
|
p = PhotoBare.create(:image_file => files(:photo))
|
@@ -27,4 +26,11 @@ class FleximageBasicModelTest < Test::Unit::TestCase
|
|
27
26
|
ensure
|
28
27
|
PhotoBare.use_creation_date_based_directories = true
|
29
28
|
end
|
29
|
+
|
30
|
+
def test_should_not_prepend_rails_root_to_absolute_path
|
31
|
+
PhotoBare.image_directory = '/tmp'
|
32
|
+
PhotoBare.use_creation_date_based_directories = false
|
33
|
+
p = PhotoBare.create(:image_file => files(:photo))
|
34
|
+
assert_equal '/tmp', p.directory_path
|
35
|
+
end
|
30
36
|
end
|
@@ -2,12 +2,14 @@ require File.dirname(__FILE__) + '/../../test/test_helper'
|
|
2
2
|
|
3
3
|
class FleximageImageDirectoryOptionTest < Test::Unit::TestCase
|
4
4
|
def test_should_store_in_default_image_directory
|
5
|
+
PhotoBare.use_creation_date_based_directories = true
|
5
6
|
p = PhotoBare.create(:image_file => files(:photo))
|
6
7
|
assert_match %r{public/uploads/\d+/\d+/\d+/\d+}, p.file_path
|
7
8
|
assert File.exists?(p.file_path)
|
8
9
|
end
|
9
10
|
|
10
11
|
def test_should_set_image_directory
|
12
|
+
PhotoBare.use_creation_date_based_directories = true
|
11
13
|
PhotoBare.image_directory = 'public/uploads/foo'
|
12
14
|
p = PhotoBare.create(:image_file => files(:photo))
|
13
15
|
assert_match %r{public/uploads/foo/\d+/\d+/\d+/\d+}, p.file_path
|
@@ -6,6 +6,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
|
|
6
6
|
assert_equal 'photo.jpg', p.image_filename
|
7
7
|
assert_equal 1024, p.image_height
|
8
8
|
assert_equal 768, p.image_width
|
9
|
+
assert_equal 'JPEG', p.image_format
|
10
|
+
assert_equal 'jpg', p.extension
|
9
11
|
end
|
10
12
|
|
11
13
|
def test_should_save_data_in_magic_columns_from_url
|
@@ -13,6 +15,8 @@ class FleximageMagicColumnsTest < Test::Unit::TestCase
|
|
13
15
|
assert_equal files(:web_photo), p.image_filename
|
14
16
|
assert_equal 110, p.image_height
|
15
17
|
assert_equal 276, p.image_width
|
18
|
+
assert_equal 'GIF', p.image_format
|
19
|
+
assert_equal 'gif', p.extension
|
16
20
|
rescue SocketError
|
17
21
|
print '!'
|
18
22
|
end
|
@@ -14,4 +14,10 @@ class FleximageTempImageTest < Test::Unit::TestCase
|
|
14
14
|
assert File.exists?(a2.file_path)
|
15
15
|
assert !File.exists?("#{RAILS_ROOT}/tmp/fleximage/#{temp_file_path}")
|
16
16
|
end
|
17
|
+
|
18
|
+
def test_should_prevent_directory_traversal_attacks
|
19
|
+
a1 = Avatar.new(:image_file_temp => '../fleximage/photo.jpg')
|
20
|
+
assert !a1.save
|
21
|
+
assert_equal nil, a1.image_file_temp
|
22
|
+
end
|
17
23
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fleximage
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alex Wayne
|
@@ -9,6 +9,9 @@ authors:
|
|
9
9
|
- JJ Buckley
|
10
10
|
- Jason Lee
|
11
11
|
- Joshua Abbott
|
12
|
+
- Koji Ando
|
13
|
+
- Kouhei Sutou
|
14
|
+
- Lasse Jansen
|
12
15
|
- "Lo\xC3\xAFc Guitaut"
|
13
16
|
- Martin Vielsmaier
|
14
17
|
- Squeegy
|
@@ -17,7 +20,7 @@ autorequire:
|
|
17
20
|
bindir: bin
|
18
21
|
cert_chain: []
|
19
22
|
|
20
|
-
date: 2009-12-
|
23
|
+
date: 2009-12-14 00:00:00 -08:00
|
21
24
|
default_executable:
|
22
25
|
dependencies:
|
23
26
|
- !ruby/object:Gem::Dependency
|
@@ -63,6 +66,7 @@ extra_rdoc_files:
|
|
63
66
|
- README.rdoc
|
64
67
|
files:
|
65
68
|
- .gitignore
|
69
|
+
- CHANGELOG.rdoc
|
66
70
|
- MIT-LICENSE
|
67
71
|
- README.rdoc
|
68
72
|
- Rakefile
|