paperclip 3.5.2 → 3.5.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ea82fb0a61da2668522387c0791072a70b799a34
+  data.tar.gz: a66594b8fe23229892f4472f38adead04f6eb803
+SHA512:
+  metadata.gz: 61d7b295e78e6403728a1589caf7a835482bf68d47c41720fa1cb594f2e5db0af43abf1015d4407c7f203701301ef611526bbe60f597187f49c7dce10ac5dc41
+  data.tar.gz: d45aeb9b2662ba922d2d2e5a15b350cb23b1a1bc0a682bfd03a5272d74122c8ad19458d12acf041811f84a20a356d06bb1c18c9694a95edf890fbe4fac5a13dc

data/.travis.yml

@@ -4,6 +4,10 @@ rvm:
   - jruby-19mode
   - rbx-19mode
   - 2.0.0
+  - 2.1.0
+
+install:
+  - "bundle install"
 
 before_script: "sudo ntpdate -ub ntp.ubuntu.com pool.ntp.org; true"
 script: "bundle exec rake clean test cucumber"
@@ -12,8 +16,13 @@ gemfile:
   - gemfiles/3.0.gemfile
   - gemfiles/3.1.gemfile
   - gemfiles/3.2.gemfile
+  - gemfiles/4.0.gemfile
 
 matrix:
   allow_failures:
     - rvm: jruby-19mode
     - rvm: rbx-19mode
+
+  exclude:
+      - rvm: 1.9.2
+        gemfile: gemfiles/4.0.gemfile

data/Appraisals

@@ -1,15 +1,15 @@
 appraise "3.0" do
-  gem "rails", "~> 3.0.15"
+  gem "rails", "~> 3.0.20"
   gem "paperclip", :path => "../"
 end
 
 appraise "3.1" do
-  gem "rails", "~> 3.1.6"
+  gem "rails", "~> 3.1.12"
   gem "paperclip", :path => "../"
 end
 
 appraise "3.2" do
-  gem "rails", "~> 3.2.6"
+  gem "rails", "~> 3.2.15"
   gem "paperclip", :path => "../"
 end
 

data/Gemfile

@@ -2,12 +2,7 @@ source "https://rubygems.org"
 
 gemspec
 
-platform :jruby do
-  gem 'jruby-openssl'
-  gem 'activerecord-jdbcsqlite3-adapter'
-end
+gem 'jruby-openssl', :platform => :jruby
+gem 'activerecord-jdbcsqlite3-adapter', :platform => :jruby
 
-platform :ruby do
-  gem 'pry'
-  gem 'pry-debugger'
-end
+gem 'pry', :platform => :ruby

data/NEWS

@@ -1,3 +1,25 @@
+New in 3.5.3:
+
+Improvement: After three long, hard years... we know how to upgrade
+Bug Fix: #expiring_url returns 'missing' urls if nothing is attached
+Improvement: Lots of documentation fixes
+Improvement: Lots of fixes for Ruby warnings
+Improvement: Test the most appropriate Ruby/Rails comobinations on Travis
+Improvement: Delegate more IO methods through IOAdapters
+Improvement: Remove Rails 4 deprecations
+Improvement: Both S3's and Fog's #expiring_url can take a Time or Int
+Bug Fix: Both S3's and Fog's expiring_url respect style when missing the file
+Bug Fix: Timefiles will have a reasonable-length name. They're all MD5 hashes now
+Bug Fix: Don't delete files off S3 when reprocessing due to AWS inconsistencies
+Bug Fix: "swallow_stream" isn't thread dafe. Use :swallow_stderr
+Improvement: Regexps use \A and \Z instead of ^ and $
+Improvement: :s3_credentials can take a lambda as an argument
+Improvement: Search up the class heirarchy for attachments
+Improvement: deep_merge options instead of regular merge
+Bug Fix: Prevent file deletion on transaction rollback
+Test Improvement: Ensure more files are properly closed during tests
+Test Bug Fix: Return the gemfile's syntax to normal
+
 New in 3.5.2:
 
 * Security: Force cocaine to at least 0.5.3 to include a security fix

data/README.md

@@ -88,15 +88,17 @@ For Non-Rails usage:
 
 ```ruby
 class ModuleName < ActiveRecord::Base
-    include Paperclip::Glue
-    ...
+  include Paperclip::Glue
+  ...
 end
 ```
 
 Quick Start
 -----------
 
-In your model:
+### Models
+
+**Rails 3**
 
 ```ruby
 class User < ActiveRecord::Base
@@ -105,7 +107,15 @@ class User < ActiveRecord::Base
 end
 ```
 
-In your migrations:
+**Rails 4**
+
+```ruby
+class User < ActiveRecord::Base
+  has_attached_file :avatar, :styles => { :medium => "300x300>", :thumb => "100x100>" }, :default_url => "/images/:style/missing.png"
+end
+```
+
+### Migrations
 
 ```ruby
 class AddAvatarColumnsToUsers < ActiveRecord::Migration
@@ -121,7 +131,7 @@ end
 
 (Or you can use migration generator: `rails generate paperclip user avatar`)
 
-In your edit and new views:
+### Edit and New Views
 
 ```erb
 <%= form_for @user, :url => users_path, :html => { :multipart => true } do |form| %>
@@ -129,7 +139,9 @@ In your edit and new views:
 <% end %>
 ```
 
-In your controller:
+### Controller
+
+**Rails 3**
 
 ```ruby
 def create
@@ -137,7 +149,24 @@ def create
 end
 ```
 
-In your show view:
+**Rails 4**
+
+```ruby
+def create
+  @user = User.create( user_params )
+end
+
+private
+
+# Use strong_parameters for attribute whitelisting
+# Be sure to update your create() and update() controller methods.
+
+def user_params
+  params.require(:user).permit(:avatar)
+end
+```
+
+### Show View
 
 ```erb
 <%= image_tag @user.avatar.url %>
@@ -145,7 +174,9 @@ In your show view:
 <%= image_tag @user.avatar.url(:thumb) %>
 ```
 
-To detach a file, simply set the attribute to `nil`:
+### Deleting an Attachment
+
+Set the attribute to `nil` and save.
 
 ```ruby
 @user.avatar = nil
@@ -253,6 +284,24 @@ class BooksController < ApplicationController
 end
 ```
 
+**A note on content_type validations and security**
+
+You should ensure that you validate files to be only those MIME types you
+explicitly want to support.  If you don't, you could be open to
+<a href="https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scripting_(OWASP-DV-002)">XSS attacks</a>
+if a user uploads a file with a malicious HTML payload.
+
+If you're only interested in images, restrict your allowed content_types to
+image-y ones:
+
+```ruby
+validates_attachment :avatar,
+  :content_type => { :content_type => ["image/jpg", "image/gif", "image/png"] }
+```
+
+`Paperclip::ContentTypeDetector` will attempt to match a file's extension to an
+inferred content_type, regardless of the actual contents of the file.
+
 Defaults
 --------
 Global defaults for all your paperclip attachments can be defined by changing the Paperclip::Attachment.default_options Hash, this can be useful for setting your default storage settings per example so you won't have to define them in every has_attached_file definition.
@@ -556,7 +605,7 @@ look as follows where a boss will receive a `300x300` thumbnail otherwise a
 
 ```ruby
 class User < ActiveRecord::Base
-  has_attached_file :avatar, :styles => lambda { |attachment| { :thumb => (attachment.instance.boss? ? "300x300>" : "100x100>") }
+  has_attached_file :avatar, :styles => lambda { |attachment| { :thumb => (attachment.instance.boss? ? "300x300>" : "100x100>") } }
 end
 ```
 
@@ -683,11 +732,11 @@ If you'd like to contribute a feature or bugfix: Thanks! To make sure your
 fix/feature has a high chance of being included, please read the following
 guidelines:
 
-1. Ask on the [mailing list](http://groups.google.com/group/paperclip-plugin), or
-   post a new [GitHub Issue](http://github.com/thoughtbot/paperclip/issues).
+1. Post a [pull request](https://github.com/thoughtbot/paperclip/compare/).
 2. Make sure there are tests! We will not accept any patch that is not tested.
    It's a rare time when explicit tests aren't needed. If you have questions
-   about writing tests for paperclip, please ask the mailing list.
+   about writing tests for paperclip, please open a
+   [GitHub issue](https://github.com/thoughtbot/paperclip/issues/new).
 
 Please see `CONTRIBUTING.md` for more details on contributing and running test.
 

data/gemfiles/3.0.gemfile

@@ -4,8 +4,8 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platform=>:jruby
 gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby
-gem "sqlite3", :platform=>:ruby
-gem "rails", "~> 3.0.15"
+gem "pry", :platform=>:ruby
+gem "rails", "~> 3.0.20"
 gem "paperclip", :path=>"../"
 
 gemspec :path=>"../"

data/gemfiles/3.1.gemfile

@@ -4,8 +4,8 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platform=>:jruby
 gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby
-gem "sqlite3", :platform=>:ruby
-gem "rails", "~> 3.1.6"
+gem "pry", :platform=>:ruby
+gem "rails", "~> 3.1.12"
 gem "paperclip", :path=>"../"
 
 gemspec :path=>"../"

data/gemfiles/3.2.gemfile

@@ -4,8 +4,8 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platform=>:jruby
 gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby
-gem "sqlite3", :platform=>:ruby
-gem "rails", "~> 3.2.6"
+gem "pry", :platform=>:ruby
+gem "rails", "~> 3.2.15"
 gem "paperclip", :path=>"../"
 
 gemspec :path=>"../"

data/gemfiles/4.0.gemfile

@@ -4,8 +4,8 @@ source "https://rubygems.org"
 
 gem "jruby-openssl", :platform=>:jruby
 gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby
-gem "sqlite3", :platform=>:ruby
+gem "pry", :platform=>:ruby
 gem "rails", "~> 4.0.0"
 gem "paperclip", :path=>"../"
 
-gemspec :path=>"../"
+gemspec :path=>"../"

data/lib/paperclip.rb

@@ -129,8 +129,9 @@ module Paperclip
     #                       :default_style => :normal
     #     user.avatar.url # => "/avatars/23/normal_me.png"
     # * +keep_old_files+: Keep the existing attachment files (original + resized) from
-    #   being automatically deleted when an attachment is cleared or updated.
-    #   Defaults to +false+.#
+    #   being automatically deleted when an attachment is cleared or updated. Defaults to +false+.
+    # * +preserve_files+: Keep the existing attachment files in all cases, even if the parent 
+    #   record is destroyed. Defaults to +false+.
     # * +whiny+: Will raise an error if Paperclip cannot post_process an uploaded file due
     #   to a command line error. This will override the global setting for this attachment.
     #   Defaults to true.

data/lib/paperclip/attachment.rb

@@ -69,7 +69,7 @@ module Paperclip
       @name              = name
       @instance          = instance
 
-      options = self.class.default_options.merge(options)
+      options = self.class.default_options.deep_merge(options)
 
       @options               = options
       @post_processing       = true
@@ -312,8 +312,12 @@ module Paperclip
     # in the paperclip:refresh rake task and that's it. It will regenerate all
     # thumbnails forcefully, by reobtaining the original file and going through
     # the post-process again.
+    # NOTE: Calling reprocess WILL NOT delete existing files. This is due to
+    # inconsistencies in timing of S3 commands. It's possible that calling
+    # #reprocess! will lose data if the files are not kept.
     def reprocess!(*style_args)
       saved_only_process, @options[:only_process] = @options[:only_process], style_args
+      saved_preserve_files, @options[:preserve_files] = @options[:preserve_files], true
       begin
         assign(self)
         save
@@ -323,6 +327,7 @@ module Paperclip
         false
       ensure
         @options[:only_process] = saved_only_process
+        @options[:preserve_files] = saved_preserve_files
       end
     end
 
@@ -429,10 +434,16 @@ module Paperclip
     def post_process_style(name, style) #:nodoc:
       begin
         raise RuntimeError.new("Style #{name} has no processors defined.") if style.processors.blank?
+        original_file = @queued_for_write[:original]
         @queued_for_write[name] = style.processors.inject(@queued_for_write[:original]) do |file, processor|
-          Paperclip.processor(processor).make(file, style.processor_options, self)
+          new_file = Paperclip.processor(processor).make(file, style.processor_options, self)
+          file.close unless file == original_file
+          new_file
         end
+        unadapted_file = @queued_for_write[name]
         @queued_for_write[name] = Paperclip.io_adapters.for(@queued_for_write[name])
+        unadapted_file.close if unadapted_file.respond_to?(:close)
+        @queued_for_write[name]
       rescue Paperclip::Error => e
         log("An error was received while processing: #{e.inspect}")
         (@errors[:processing] ||= []) << e.message if @options[:whiny]

data/lib/paperclip/attachment_registry.rb

@@ -51,7 +51,9 @@ module Paperclip
     end
 
     def definitions_for(klass)
-      @attachments[klass]
+      klass.ancestors.each_with_object({}) do |ancestor, inherited_definitions|
+        inherited_definitions.merge! @attachments[ancestor]
+      end
     end
   end
 end

data/lib/paperclip/content_type_detector.rb

@@ -46,15 +46,13 @@ module Paperclip
     def empty_file?
       File.exists?(@filename) && File.size(@filename) == 0
     end
+    
+    alias :empty? :empty_file?
 
     def blank_name?
       @filename.nil? || @filename.empty?
     end
 
-    def empty?
-      File.exists?(@filename) && File.size(@filename) == 0
-    end
-
     def possible_types
       MIME::Types.type_for(@filename).collect(&:content_type)
     end

data/lib/paperclip/geometry_detector_factory.rb

@@ -14,9 +14,14 @@ module Paperclip
 
     def geometry_string
       begin
-        silence_stream(STDERR) do
-          Paperclip.run("identify", "-format '%wx%h,%[exif:orientation]' :file", :file => "#{path}[0]")
-        end
+        Paperclip.run(
+          "identify",
+          "-format '%wx%h,%[exif:orientation]' :file", {
+            :file => "#{path}[0]"
+          }, {
+            :swallow_stderr => true
+          }
+        )
       rescue Cocaine::ExitStatusError
         ""
       rescue Cocaine::CommandNotFoundError => e

data/lib/paperclip/has_attached_file.rb

@@ -81,7 +81,7 @@ module Paperclip
       name = @name
       @klass.send(:after_save) { send(name).send(:save) }
       @klass.send(:before_destroy) { send(name).send(:queue_all_for_delete) }
-      @klass.send(:after_destroy) { send(name).send(:flush_deletes) }
+      @klass.send(:after_commit, :on => :destroy) { send(name).send(:flush_deletes) }
     end
 
     def add_paperclip_callbacks

data/lib/paperclip/interpolations.rb

@@ -48,7 +48,7 @@ module Paperclip
     # Returns the interpolated URL. Will raise an error if the url itself
     # contains ":url" to prevent infinite recursion. This interpolation
     # is used in the default :path to ease default specifications.
-    RIGHT_HERE = "#{__FILE__.gsub(%r{^\./}, "")}:#{__LINE__ + 3}"
+    RIGHT_HERE = "#{__FILE__.gsub(%r{\A\./}, "")}:#{__LINE__ + 3}"
     def url attachment, style_name
       raise Errors::InfiniteInterpolationError if caller.any?{|b| b.index(RIGHT_HERE) }
       attachment.url(style_name, :timestamp => false, :escape => false)
@@ -90,7 +90,7 @@ module Paperclip
 
     # Returns the basename of the file. e.g. "file" for "file.jpg"
     def basename attachment, style_name
-      attachment.original_filename.gsub(/#{Regexp.escape(File.extname(attachment.original_filename))}$/, "")
+      attachment.original_filename.gsub(/#{Regexp.escape(File.extname(attachment.original_filename))}\Z/, "")
     end
 
     # Returns the extension of the file. e.g. "jpg" for "file.jpg"
@@ -98,7 +98,7 @@ module Paperclip
     # of the actual extension.
     def extension attachment, style_name
       ((style = attachment.styles[style_name.to_s.to_sym]) && style[:format]) ||
-        File.extname(attachment.original_filename).gsub(/^\.+/, "")
+        File.extname(attachment.original_filename).gsub(/\A\.+/, "")
     end
 
     # Returns an extension based on the content type. e.g. "jpeg" for
@@ -128,7 +128,7 @@ module Paperclip
         # It's possible, though unlikely, that the mime type is not in the
         # database, so just use the part after the '/' in the mime type as the
         # extension.
-        %r{/([^/]*)$}.match(attachment.content_type)[1]
+        %r{/([^/]*)\Z}.match(attachment.content_type)[1]
       end
     end
 

data/lib/paperclip/io_adapters/abstract_adapter.rb

@@ -5,7 +5,7 @@ module Paperclip
     OS_RESTRICTED_CHARACTERS = %r{[/:]}
 
     attr_reader :content_type, :original_filename, :size
-    delegate :close, :closed?, :eof?, :path, :rewind, :unlink, :to => :@tempfile
+    delegate :binmode, :binmode?, :close, :close!, :closed?, :eof?, :path, :rewind, :unlink, :to => :@tempfile
 
     def fingerprint
       @fingerprint ||= Digest::MD5.file(path).to_s