paperclip-fix 4.3.7

data/lib/paperclip/thumbnail.rb

@@ -0,0 +1,121 @@
+module Paperclip
+  # Handles thumbnailing images that are uploaded.
+  class Thumbnail < Processor
+
+    attr_accessor :current_geometry, :target_geometry, :format, :whiny, :convert_options,
+                  :source_file_options, :animated, :auto_orient
+
+    # List of formats that we need to preserve animation
+    ANIMATED_FORMATS = %w(gif)
+
+    # Creates a Thumbnail object set to work on the +file+ given. It
+    # will attempt to transform the image into one defined by +target_geometry+
+    # which is a "WxH"-style string. +format+ will be inferred from the +file+
+    # unless specified. Thumbnail creation will raise no errors unless
+    # +whiny+ is true (which it is, by default. If +convert_options+ is
+    # set, the options will be appended to the convert command upon image conversion
+    #
+    # Options include:
+    #
+    #   +geometry+ - the desired width and height of the thumbnail (required)
+    #   +file_geometry_parser+ - an object with a method named +from_file+ that takes an image file and produces its geometry and a +transformation_to+. Defaults to Paperclip::Geometry
+    #   +string_geometry_parser+ - an object with a method named +parse+ that takes a string and produces an object with +width+, +height+, and +to_s+ accessors. Defaults to Paperclip::Geometry
+    #   +source_file_options+ - flags passed to the +convert+ command that influence how the source file is read
+    #   +convert_options+ - flags passed to the +convert+ command that influence how the image is processed
+    #   +whiny+ - whether to raise an error when processing fails. Defaults to true
+    #   +format+ - the desired filename extension
+    #   +animated+ - whether to merge all the layers in the image. Defaults to true
+    def initialize(file, options = {}, attachment = nil)
+      super
+
+      geometry             = options[:geometry].to_s
+      @crop                = geometry[-1,1] == '#'
+      @target_geometry     = options.fetch(:string_geometry_parser, Geometry).parse(geometry)
+      @current_geometry    = options.fetch(:file_geometry_parser, Geometry).from_file(@file)
+      @source_file_options = options[:source_file_options]
+      @convert_options     = options[:convert_options]
+      @whiny               = options.fetch(:whiny, true)
+      @format              = options[:format]
+      @animated            = options.fetch(:animated, true)
+      @auto_orient         = options.fetch(:auto_orient, true)
+      if @auto_orient && @current_geometry.respond_to?(:auto_orient)
+        @current_geometry.auto_orient
+      end
+
+      @source_file_options = @source_file_options.split(/\s+/) if @source_file_options.respond_to?(:split)
+      @convert_options     = @convert_options.split(/\s+/)     if @convert_options.respond_to?(:split)
+
+      @current_format      = File.extname(@file.path)
+      @basename            = File.basename(@file.path, @current_format)
+    end
+
+    # Returns true if the +target_geometry+ is meant to crop.
+    def crop?
+      @crop
+    end
+
+    # Returns true if the image is meant to make use of additional convert options.
+    def convert_options?
+      !@convert_options.nil? && !@convert_options.empty?
+    end
+
+    # Performs the conversion of the +file+ into a thumbnail. Returns the Tempfile
+    # that contains the new image.
+    def make
+      src = @file
+      filename = [@basename, @format ? ".#{@format}" : ""].join
+      dst = TempfileFactory.new.generate(filename)
+
+      begin
+        parameters = []
+        parameters << source_file_options
+        parameters << ":source"
+        parameters << transformation_command
+        parameters << convert_options
+        parameters << ":dest"
+
+        parameters = parameters.flatten.compact.join(" ").strip.squeeze(" ")
+
+        success = convert(parameters, :source => "#{File.expand_path(src.path)}#{'[0]' unless animated?}", :dest => File.expand_path(dst.path))
+      rescue Cocaine::ExitStatusError => e
+        raise Paperclip::Error, "There was an error processing the thumbnail for #{@basename}" if @whiny
+      rescue Cocaine::CommandNotFoundError => e
+        raise Paperclip::Errors::CommandNotFoundError.new("Could not run the `convert` command. Please install ImageMagick.")
+      end
+
+      dst
+    end
+
+    # Returns the command ImageMagick's +convert+ needs to transform the image
+    # into the thumbnail.
+    def transformation_command
+      scale, crop = @current_geometry.transformation_to(@target_geometry, crop?)
+      trans = []
+      trans << "-coalesce" if animated?
+      trans << "-auto-orient" if auto_orient
+      trans << "-resize" << %["#{scale}"] unless scale.nil? || scale.empty?
+      trans << "-crop" << %["#{crop}"] << "+repage" if crop
+      trans << '-layers "optimize"' if animated?
+      trans
+    end
+
+    protected
+
+    # Return true if the format is animated
+    def animated?
+      @animated && (ANIMATED_FORMATS.include?(@format.to_s) || @format.blank?)  && identified_as_animated?
+    end
+
+    # Return true if ImageMagick's +identify+ returns an animated format
+    def identified_as_animated?
+      if @identified_as_animated.nil?
+        @identified_as_animated = ANIMATED_FORMATS.include? identify("-format %m :file", :file => "#{@file.path}[0]").to_s.downcase.strip
+      end
+      @identified_as_animated
+    rescue Cocaine::ExitStatusError => e
+      raise Paperclip::Error, "There was an error running `identify` for #{@basename}" if @whiny
+    rescue Cocaine::CommandNotFoundError => e
+      raise Paperclip::Errors::CommandNotFoundError.new("Could not run the `identify` command. Please install ImageMagick.")
+    end
+  end
+end

data/lib/paperclip/url_generator.rb

@@ -0,0 +1,72 @@
+require 'uri'
+
+module Paperclip
+  class UrlGenerator
+    def initialize(attachment, attachment_options)
+      @attachment = attachment
+      @attachment_options = attachment_options
+    end
+
+    def for(style_name, options)
+      timestamp_as_needed(
+        escape_url_as_needed(
+          @attachment_options[:interpolator].interpolate(most_appropriate_url, @attachment, style_name),
+          options
+      ), options)
+    end
+
+    private
+
+    # This method is all over the place.
+    def default_url
+      if @attachment_options[:default_url].respond_to?(:call)
+        @attachment_options[:default_url].call(@attachment)
+      elsif @attachment_options[:default_url].is_a?(Symbol)
+        @attachment.instance.send(@attachment_options[:default_url])
+      else
+        @attachment_options[:default_url]
+      end
+    end
+
+    def most_appropriate_url
+      if @attachment.original_filename.nil?
+        default_url
+      else
+        @attachment_options[:url]
+      end
+    end
+
+    def timestamp_as_needed(url, options)
+      if options[:timestamp] && timestamp_possible?
+        delimiter_char = url.match(/\?.+=/) ? '&' : '?'
+        "#{url}#{delimiter_char}#{@attachment.updated_at.to_s}"
+      else
+        url
+      end
+    end
+
+    def timestamp_possible?
+      @attachment.respond_to?(:updated_at) && @attachment.updated_at.present?
+    end
+
+    def escape_url_as_needed(url, options)
+      if options[:escape]
+        escape_url(url)
+      else
+        url
+      end
+    end
+
+    def escape_url(url)
+      if url.respond_to?(:escape)
+        url.escape
+      else
+        URI.escape(url).gsub(escape_regex){|m| "%#{m.ord.to_s(16).upcase}" }
+      end
+    end
+
+    def escape_regex
+      /[\?\(\)\[\]\+]/
+    end
+  end
+end

data/lib/paperclip/validators/attachment_content_type_validator.rb

@@ -0,0 +1,88 @@
+module Paperclip
+  module Validators
+    class AttachmentContentTypeValidator < ActiveModel::EachValidator
+      def initialize(options)
+        options[:allow_nil] = true unless options.has_key?(:allow_nil)
+        super
+      end
+
+      def self.helper_method_name
+        :validates_attachment_content_type
+      end
+
+      def validate_each(record, attribute, value)
+        base_attribute = attribute.to_sym
+        attribute = "#{attribute}_content_type".to_sym
+        value = record.send :read_attribute_for_validation, attribute
+
+        return if (value.nil? && options[:allow_nil]) || (value.blank? && options[:allow_blank])
+
+        validate_whitelist(record, attribute, value)
+        validate_blacklist(record, attribute, value)
+
+        if record.errors.include? attribute
+          record.errors[attribute].each do |error|
+            record.errors.add base_attribute, error
+          end
+        end
+      end
+
+      def validate_whitelist(record, attribute, value)
+        if allowed_types.present? && allowed_types.none? { |type| type === value }
+          mark_invalid record, attribute, allowed_types
+        end
+      end
+
+      def validate_blacklist(record, attribute, value)
+        if forbidden_types.present? && forbidden_types.any? { |type| type === value }
+          mark_invalid record, attribute, forbidden_types
+        end
+      end
+
+      def mark_invalid(record, attribute, types)
+        record.errors.add attribute, :invalid, options.merge(:types => types.join(', '))
+      end
+
+      def allowed_types
+        [options[:content_type]].flatten.compact
+      end
+
+      def forbidden_types
+        [options[:not]].flatten.compact
+      end
+
+      def check_validity!
+        unless options.has_key?(:content_type) || options.has_key?(:not)
+          raise ArgumentError, "You must pass in either :content_type or :not to the validator"
+        end
+      end
+    end
+
+    module HelperMethods
+      # Places ActiveModel validations on the content type of the file
+      # assigned. The possible options are:
+      # * +content_type+: Allowed content types.  Can be a single content type
+      #   or an array.  Each type can be a String or a Regexp. It should be
+      #   noted that Internet Explorer uploads files with content_types that you
+      #   may not expect. For example, JPEG images are given image/pjpeg and
+      #   PNGs are image/x-png, so keep that in mind when determining how you
+      #   match.  Allows all by default.
+      # * +not+: Forbidden content types.
+      # * +message+: The message to display when the uploaded file has an invalid
+      #   content type.
+      # * +if+: A lambda or name of an instance method. Validation will only
+      #   be run is this lambda or method returns true.
+      # * +unless+: Same as +if+ but validates if lambda or method returns false.
+      # NOTE: If you do not specify an [attachment]_content_type field on your
+      # model, content_type validation will work _ONLY upon assignment_ and
+      # re-validation after the instance has been reloaded will always succeed.
+      # You'll still need to have a virtual attribute (created by +attr_accessor+)
+      # name +[attachment]_content_type+ to be able to use this validator.
+      def validates_attachment_content_type(*attr_names)
+        options = _merge_attributes(attr_names)
+        validates_with AttachmentContentTypeValidator, options.dup
+        validate_before_processing AttachmentContentTypeValidator, options.dup
+      end
+    end
+  end
+end

data/lib/paperclip/validators/attachment_file_name_validator.rb

@@ -0,0 +1,80 @@
+module Paperclip
+  module Validators
+    class AttachmentFileNameValidator < ActiveModel::EachValidator
+      def initialize(options)
+        options[:allow_nil] = true unless options.has_key?(:allow_nil)
+        super
+      end
+
+      def self.helper_method_name
+        :validates_attachment_file_name
+      end
+
+      def validate_each(record, attribute, value)
+        base_attribute = attribute.to_sym
+        attribute = "#{attribute}_file_name".to_sym
+        value = record.send :read_attribute_for_validation, attribute
+
+        return if (value.nil? && options[:allow_nil]) || (value.blank? && options[:allow_blank])
+
+        validate_whitelist(record, attribute, value)
+        validate_blacklist(record, attribute, value)
+
+        if record.errors.include? attribute
+          record.errors[attribute].each do |error|
+            record.errors.add base_attribute, error
+          end
+        end
+      end
+
+      def validate_whitelist(record, attribute, value)
+        if allowed.present? && allowed.none? { |type| type === value }
+          mark_invalid record, attribute, allowed
+        end
+      end
+
+      def validate_blacklist(record, attribute, value)
+        if forbidden.present? && forbidden.any? { |type| type === value }
+          mark_invalid record, attribute, forbidden
+        end
+      end
+
+      def mark_invalid(record, attribute, patterns)
+        record.errors.add attribute, :invalid, options.merge(:names => patterns.join(', '))
+      end
+
+      def allowed
+        [options[:matches]].flatten.compact
+      end
+
+      def forbidden
+        [options[:not]].flatten.compact
+      end
+
+      def check_validity!
+        unless options.has_key?(:matches) || options.has_key?(:not)
+          raise ArgumentError, "You must pass in either :matches or :not to the validator"
+        end
+      end
+    end
+
+    module HelperMethods
+      # Places ActiveModel validations on the name of the file
+      # assigned. The possible options are:
+      # * +matches+: Allowed filename patterns as Regexps. Can be a single one
+      #   or an array.
+      # * +not+: Forbidden file name patterns, specified the same was as +matches+.
+      # * +message+: The message to display when the uploaded file has an invalid
+      #   name.
+      # * +if+: A lambda or name of an instance method. Validation will only
+      #   be run is this lambda or method returns true.
+      # * +unless+: Same as +if+ but validates if lambda or method returns false.
+      def validates_attachment_file_name(*attr_names)
+        options = _merge_attributes(attr_names)
+        validates_with AttachmentFileNameValidator, options.dup
+        validate_before_processing AttachmentFileNameValidator, options.dup
+      end
+    end
+  end
+end
+

data/lib/paperclip/validators/attachment_file_type_ignorance_validator.rb

@@ -0,0 +1,29 @@
+require 'active_model/validations/presence'
+
+module Paperclip
+  module Validators
+    class AttachmentFileTypeIgnoranceValidator < ActiveModel::EachValidator
+      def validate_each(record, attribute, value)
+        # This doesn't do anything. It's just to mark that you don't care about
+        # the file_names or content_types of your incoming attachments.
+      end
+
+      def self.helper_method_name
+        :do_not_validate_attachment_file_type
+      end
+    end
+
+    module HelperMethods
+      # Places ActiveModel validations on the presence of a file.
+      # Options:
+      # * +if+: A lambda or name of an instance method. Validation will only
+      #   be run if this lambda or method returns true.
+      # * +unless+: Same as +if+ but validates if lambda or method returns false.
+      def do_not_validate_attachment_file_type(*attr_names)
+        options = _merge_attributes(attr_names)
+        validates_with AttachmentFileTypeIgnoranceValidator, options.dup
+      end
+    end
+  end
+end
+

data/lib/paperclip/validators/attachment_presence_validator.rb

@@ -0,0 +1,30 @@
+require 'active_model/validations/presence'
+
+module Paperclip
+  module Validators
+    class AttachmentPresenceValidator < ActiveModel::EachValidator
+      def validate_each(record, attribute, value)
+        if record.send("#{attribute}_file_name").blank?
+          record.errors.add(attribute, :blank, options)
+        end
+      end
+
+      def self.helper_method_name
+        :validates_attachment_presence
+      end
+    end
+
+    module HelperMethods
+      # Places ActiveModel validations on the presence of a file.
+      # Options:
+      # * +if+: A lambda or name of an instance method. Validation will only
+      #   be run if this lambda or method returns true.
+      # * +unless+: Same as +if+ but validates if lambda or method returns false.
+      def validates_attachment_presence(*attr_names)
+        options = _merge_attributes(attr_names)
+        validates_with AttachmentPresenceValidator, options.dup
+        validate_before_processing AttachmentPresenceValidator, options.dup
+      end
+    end
+  end
+end

data/lib/paperclip/validators/attachment_size_validator.rb

@@ -0,0 +1,115 @@
+require 'active_model/validations/numericality'
+
+module Paperclip
+  module Validators
+    class AttachmentSizeValidator < ActiveModel::Validations::NumericalityValidator
+      AVAILABLE_CHECKS = [:less_than, :less_than_or_equal_to, :greater_than, :greater_than_or_equal_to]
+
+      def initialize(options)
+        extract_options(options)
+        super
+      end
+
+      def self.helper_method_name
+        :validates_attachment_size
+      end
+
+      def validate_each(record, attr_name, value)
+        base_attr_name = attr_name
+        attr_name = "#{attr_name}_file_size".to_sym
+        value = record.send(:read_attribute_for_validation, attr_name)
+
+        unless value.blank?
+          options.slice(*AVAILABLE_CHECKS).each do |option, option_value|
+            option_value = option_value.call(record) if option_value.is_a?(Proc)
+            option_value = extract_option_value(option, option_value)
+
+            unless value.send(CHECKS[option], option_value)
+              error_message_key = options[:in] ? :in_between : option
+              [ attr_name, base_attr_name ].each do |error_attr_name|
+                record.errors.add(error_attr_name, error_message_key, filtered_options(value).merge(
+                  :min => min_value_in_human_size(record),
+                  :max => max_value_in_human_size(record),
+                  :count => human_size(option_value)
+                ))
+              end
+            end
+          end
+        end
+      end
+
+      def check_validity!
+        unless (AVAILABLE_CHECKS + [:in]).any? { |argument| options.has_key?(argument) }
+          raise ArgumentError, "You must pass either :less_than, :greater_than, or :in to the validator"
+        end
+      end
+
+      private
+
+      def extract_options(options)
+        if range = options[:in]
+          if !options[:in].respond_to?(:call)
+            options[:less_than_or_equal_to] = range.max
+            options[:greater_than_or_equal_to] = range.min
+          else
+            options[:less_than_or_equal_to] = range
+            options[:greater_than_or_equal_to] = range
+          end
+        end
+      end
+
+      def extract_option_value(option, option_value)
+        if option_value.is_a?(Range)
+          if [:less_than, :less_than_or_equal_to].include?(option)
+            option_value.max
+          else
+            option_value.min
+          end
+        else
+          option_value
+        end
+      end
+
+      def human_size(size)
+        if defined?(ActiveSupport::NumberHelper) # Rails 4.0+
+          ActiveSupport::NumberHelper.number_to_human_size(size)
+        else
+          storage_units_format = I18n.translate(:'number.human.storage_units.format', :locale => options[:locale], :raise => true)
+          unit = I18n.translate(:'number.human.storage_units.units.byte', :locale => options[:locale], :count => size.to_i, :raise => true)
+          storage_units_format.gsub(/%n/, size.to_i.to_s).gsub(/%u/, unit).html_safe
+        end
+      end
+
+      def min_value_in_human_size(record)
+        value = options[:greater_than_or_equal_to] || options[:greater_than]
+        value = value.call(record) if value.respond_to?(:call)
+        value = value.min if value.respond_to?(:min)
+        human_size(value)
+      end
+
+      def max_value_in_human_size(record)
+        value = options[:less_than_or_equal_to] || options[:less_than]
+        value = value.call(record) if value.respond_to?(:call)
+        value = value.max if value.respond_to?(:max)
+        human_size(value)
+      end
+    end
+
+    module HelperMethods
+      # Places ActiveModel validations on the size of the file assigned. The
+      # possible options are:
+      # * +in+: a Range of bytes (i.e. +1..1.megabyte+),
+      # * +less_than+: equivalent to :in => 0..options[:less_than]
+      # * +greater_than+: equivalent to :in => options[:greater_than]..Infinity
+      # * +message+: error message to display, use :min and :max as replacements
+      # * +if+: A lambda or name of an instance method. Validation will only
+      #   be run if this lambda or method returns true.
+      # * +unless+: Same as +if+ but validates if lambda or method returns false.
+      def validates_attachment_size(*attr_names)
+        options = _merge_attributes(attr_names)
+        validates_with AttachmentSizeValidator, options.dup
+        validate_before_processing AttachmentSizeValidator, options.dup
+      end
+    end
+  end
+end

data/lib/paperclip/validators/media_type_spoof_detection_validator.rb

@@ -0,0 +1,27 @@
+require 'active_model/validations/presence'
+
+module Paperclip
+  module Validators
+    class MediaTypeSpoofDetectionValidator < ActiveModel::EachValidator
+      def validate_each(record, attribute, value)
+        adapter = Paperclip.io_adapters.for(value)
+        if Paperclip::MediaTypeSpoofDetector.using(adapter, value.original_filename, value.content_type).spoofed?
+          record.errors.add(attribute, :spoofed_media_type)
+        end
+      end
+    end
+
+    module HelperMethods
+      # Places ActiveModel validations on the presence of a file.
+      # Options:
+      # * +if+: A lambda or name of an instance method. Validation will only
+      #   be run if this lambda or method returns true.
+      # * +unless+: Same as +if+ but validates if lambda or method returns false.
+      def validates_media_type_spoof_detection(*attr_names)
+        options = _merge_attributes(attr_names)
+        validates_with MediaTypeSpoofDetectionValidator, options.dup
+        validate_before_processing MediaTypeSpoofDetectionValidator, options.dup
+      end
+    end
+  end
+end

data/lib/paperclip/validators.rb

@@ -0,0 +1,74 @@
+require 'active_model'
+require 'active_support/concern'
+require 'active_support/core_ext/array/wrap'
+require 'paperclip/validators/attachment_content_type_validator'
+require 'paperclip/validators/attachment_file_name_validator'
+require 'paperclip/validators/attachment_presence_validator'
+require 'paperclip/validators/attachment_size_validator'
+require 'paperclip/validators/media_type_spoof_detection_validator'
+require 'paperclip/validators/attachment_file_type_ignorance_validator'
+
+module Paperclip
+  module Validators
+    extend ActiveSupport::Concern
+
+    included do
+      extend  HelperMethods
+      include HelperMethods
+    end
+
+    ::Paperclip::REQUIRED_VALIDATORS = [AttachmentFileNameValidator, AttachmentContentTypeValidator, AttachmentFileTypeIgnoranceValidator]
+
+    module ClassMethods
+      # This method is a shortcut to validator classes that is in
+      # "Attachment...Validator" format. It is almost the same thing as the
+      # +validates+ method that shipped with Rails, but this is customized to
+      # be using with attachment validators. This is helpful when you're using
+      # multiple attachment validators on a single attachment.
+      #
+      # Example of using the validator:
+      #
+      #   validates_attachment :avatar, :presence => true,
+      #      :content_type => { :content_type => "image/jpg" },
+      #      :size => { :in => 0..10.kilobytes }
+      #
+      def validates_attachment(*attributes)
+        options = attributes.extract_options!.dup
+
+        Paperclip::Validators.constants.each do |constant|
+          if constant.to_s =~ /\AAttachment(.+)Validator\Z/
+            validator_kind = $1.underscore.to_sym
+
+            if options.has_key?(validator_kind)
+              validator_options = options.delete(validator_kind)
+              validator_options = {} if validator_options == true
+              conditional_options = options.slice(:if, :unless)
+              Array.wrap(validator_options).each do |local_options|
+                method_name = Paperclip::Validators.const_get(constant.to_s).helper_method_name
+                send(method_name, attributes, local_options.merge(conditional_options))
+              end
+            end
+          end
+        end
+      end
+
+      def validate_before_processing(validator_class, options)
+        options = options.dup
+        attributes = options.delete(:attributes)
+        attributes.each do |attribute|
+          options[:attributes] = [attribute]
+          create_validating_before_filter(attribute, validator_class, options)
+        end
+      end
+
+      def create_validating_before_filter(attribute, validator_class, options)
+        if_clause = options.delete(:if)
+        unless_clause = options.delete(:unless)
+        send(:"before_#{attribute}_post_process", :if => if_clause, :unless => unless_clause) do |*args|
+          validator_class.new(options.dup).validate(self)
+        end
+      end
+
+    end
+  end
+end

data/lib/paperclip/version.rb

@@ -0,0 +1,3 @@
+module Paperclip
+  VERSION = "4.3.7".freeze unless defined? Paperclip::VERSION
+end