RubyGems - rails_imager - Versions diffs - 0.0.19 → 0.0.20 - Mend

rails_imager 0.0.19 → 0.0.20

Files changed (7) hide show

checksums.yaml +4 -4
data/app/controllers/rails_imager/images_controller.rb +45 -36
data/app/helpers/rails_imager/images_helper.rb +17 -17
data/lib/rails_imager/config.rb +8 -0
data/lib/rails_imager/version.rb +1 -1
data/lib/rails_imager.rb +11 -2
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fd9b2fe3759e88819d0db1f9b3af5fba8e6d576a
-  data.tar.gz: 39f8ba07520ec430d733ddfefedf5342707ec07c
+  metadata.gz: d8756a05e1d9e4fded390426bb42a4ff85573e86
+  data.tar.gz: 3f9c1935bed9712e465dd604d3f954023ba23150
 SHA512:
-  metadata.gz: 4f1569d9140d97e751f842f2d74e03088c49d2a07e723238b1264c4a69a4caf390340569998427c1580b7c85a379ce932131a58907c6c22dc2d138ab2578af8c
-  data.tar.gz: 137034cb9d007fe284496e1b3c55e2506b3cff718dd8a707836cf30686e729c23d7cc983c7917cf9d60ec9f8b96b769e2ea51f58792d095f651d6a541ee865e8
+  metadata.gz: 80ee5c64d96a0572b3345504d2510fcdd8ac68a90e16de50338a69aca91c6589cb1a5d3dea3e872331d91d7bcbe77c32c966e3e336f7173a8dd1661129bc7ad7
+  data.tar.gz: c4f8bb46f8141d0f14b78908a02b47c2bc61f2d1b450b77701352e5b8755ab0537f2a881d8b1db719818539645d9f8414158629e0da4ba8c6c28c5baa03773d1

data/app/controllers/rails_imager/images_controller.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 class RailsImager::ImagesController < ApplicationController
   PARAMS_ARGS = [:width, :height, :smartsize, :maxwidth, :maxheight, :rounded_corners, :border, :border_color, :force]
   def show
     set_and_validate_parameters
     set_path
@@ -8,29 +8,29 @@ class RailsImager::ImagesController < ApplicationController
     generate_cache_name
     generate_cache if should_generate_cache?
     set_headers
     if not_modified? && !force?
       render :nothing => true, :status => "304 Not Modified"
     else
       send_file @cache_path, :type => "image/png", :disposition => "inline", :filename => "picture.png"
     end
   end
 private
   def set_path
     @path = "#{Rails.public_path}/#{params[:id]}"
     @full_path = File.realpath(@path)
     validate_path
   end
   def set_and_validate_parameters
     @image_params = params[:image] || {}
     @image_params.each do |key, val|
       raise ArgumentError, "Invalid parameter: '#{key}'." unless PARAMS_ARGS.map{ |param| param.to_s }.include?(key)
     end
   end
   def force?
     if @image_params[:force] && @image_params[:force].to_s == "true"
       return true
@@ -38,58 +38,67 @@ private
       return false
     end
   end
   def not_modified?
     if request.headers["HTTP_IF_MODIFIED_SINCE"]
       if_mod_since_time = Datet.in(request.headers["HTTP_IF_MODIFIED_SINCE"]).time
     else
       if_mod_since_time = request.if_modified_since
     end
     if if_mod_since_time && if_mod_since_time.utc.to_s == @mod_time.utc.to_s
       return true
     end
     return false
   end
   def set_headers
     response.last_modified = @mod_time
     if force?
       response.headers["Expires"] = Time.now.httpdate
     else
       response.headers["Expires"] = 2.hours.from_now.httpdate
     end
   end
   def validate_path
-    raise "No such file: '#{@full_path}'." unless File.exists?(@full_path)
-    raise "Image wasn't in the public folder: '#{@full_path}'." unless @full_path.start_with?(File.realpath(Rails.public_path.to_s))
+    allowed_paths = RailsImager.config.allowed_paths
+    allowed = false
+    allowed_paths.each do |allowed_path|
+      if @full_path.start_with?(allowed_path)
+        allowed = true
+        break
+      end
+    end
+    raise ArgumentError, "Image wasn't in an allowed path: '#{@full_path}'." unless allowed
   end
   def generate_cache_name
     @cache_name = ::Knj::Strings.sanitize_filename(@path)
     @cache_name << "__ARGS_"
     PARAMS_ARGS.each do |val|
       next if val.to_s == "force"
       @cache_name << "_#{val}-#{@image_params[val]}"
     end
     @cache_path = "#{cache_directory}/#{@cache_name}"
   end
   def cache_directory
     require "tmpdir"
     cache_path = "#{Dir.tmpdir}/rails-imager-cache"
     Dir.mkdir(cache_path) unless Dir.exists?(cache_path)
     return cache_path
   end
   def should_generate_cache?
     return true if force?
     if File.exists?(@cache_path)
       if File.mtime(@cache_path) < File.mtime(@full_path)
         return true
@@ -100,36 +109,36 @@ private
       return true
     end
   end
   def generate_cache
     @image = ::Magick::Image.read(@full_path).first
     @image.format = "png"
     apply_image_changes
     @image.write(@cache_path)
   end
   #Create a new image-object based on the given image-object and the parameters.
   def apply_image_changes
     @image_width = @image.columns
     @image_height = @image.rows
     if @image_params[:width].to_i > 0
       @width = @image_params[:width].to_i
     else
       @width = @image_width
     end
     if @image_params[:height].to_i > 0
       @height = @image_params[:height].to_i
     else
       @height = @image_height
     end
     calcuate_sizes
     @image = @image.resize(@width, @height) if @width != @image_width || @height != @image_height
     apply_rounded_corners if @image_params[:rounded_corners]
   end
   def calcuate_sizes
     validate_and_set_smartsize if @image_params[:smartsize]
     validate_and_set_max_width
@@ -137,15 +146,15 @@ private
     calculate_missing_width if @image_params[:height] && !@image_params[:width]
     calculate_missing_height if @image_params[:width] && !@image_params[:height]
   end
   def calculate_missing_height
     @height = (@image_height.to_f / (@image_width.to_f / @width.to_f)).to_i
   end
   def calculate_missing_width
     @width = (@image_width.to_f / (@image_height.to_f / @height.to_f)).to_i
   end
   def validate_and_set_smartsize
     if @image_width > @image_height
       @width = @image_params[:smartsize].to_i
@@ -155,39 +164,39 @@ private
       calculate_missing_width
     end
   end
   def validate_and_set_max_width
     if @image_params[:maxwidth]
       maxwidth = @image_params[:maxwidth].to_i
       if @width > maxwidth
         @width = maxwidth
         calculate_missing_height
       end
     end
   end
   def validate_and_set_max_height
     if @image_params[:maxheight]
       maxheight = @image_params[:maxheight].to_i
       if @height > maxheight
         @height = maxheight
         calculate_missing_width
       end
     end
   end
   def apply_rounded_corners
     @image = @image.clone
     @image.format = "png" # Needs PNG format for transparency.
     args = {:img => @image, :radius => @image_params[:rounded_corners].to_i}
     if @image_params[:border] && @image_params[:border_color]
       args[:border] = @image_params[:border].to_i
       args[:border_color] = @image_params[:border_color]
     end
     ::Knj::Image.rounded_corners(args)
   end
 end

data/app/helpers/rails_imager/images_helper.rb CHANGED Viewed

@@ -3,7 +3,7 @@ require "uri"
 module RailsImager::ImagesHelper
   def rails_imager_p(path, args = {})
     path = path_from_arg(path)
     if args.delete(:url)
       newpath = "#{request.protocol}#{request.host_with_port}"
     elsif args.delete(:mailer)
@@ -11,41 +11,41 @@ module RailsImager::ImagesHelper
     else
       newpath = ""
     end
     check_arguments(args)
     newpath << "/rails_imager/images/"
     newpath << path
     if args && args.any?
       newpath << "?"
       newpath << url_encoded_arguments(args)
     end
     return newpath
   end
 private
   def mailer_pre_path
     if ActionMailer::Base.default_url_options[:protocol]
       pre_path = ActionMailer::Base.default_url_options[:protocol]
     else
       pre_path = "http://"
     end
     pre_path << ActionMailer::Base.default_url_options[:host]
     if ActionMailer::Base.default_url_options[:port]
       pre_path << ":#{ActionMailer::Base.default_url_options[:port]}"
     end
     return pre_path
   end
   def url_encoded_arguments(args)
     path = ""
     first = true
     args.each do |key, val|
       if first
@@ -53,24 +53,24 @@ private
       else
         path << "&"
       end
       realkey = "image[#{key}]"
       path << URI.encode(realkey)
       path << "="
       path << URI.encode(val.to_s)
     end
     return path
   end
   def check_arguments(args)
     # Check for invalid parameters.
     args.each do |key, val|
       raise ArgumentError, "Invalid parameter: '#{key}'." unless RailsImager::ImagesController::PARAMS_ARGS.include?(key)
     end
   end
   def path_from_arg(path)
     if path.class.name == "Paperclip::Attachment"
       raise "Paperclip path does not start with public path: #{path.path}" unless path.path.to_s.start_with?(Rails.public_path.to_s)

data/lib/rails_imager/config.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class RailsImager::Config
+  attr_reader :allowed_paths
+  def initialize
+    @allowed_paths = []
+    @allowed_paths << Rails.public_path.to_s if Rails.public_path.to_s.present?
+  end
+end

data/lib/rails_imager/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RailsImager
-  VERSION = "0.0.19"
+  VERSION = "0.0.20"
 end

data/lib/rails_imager.rb CHANGED Viewed

@@ -14,12 +14,21 @@ module RailsImager
     else
       path = "#{File.dirname(__FILE__)}/rails_imager/#{::StringCases.camel_to_snake(name)}.rb"
     end
     if File.exists?(path)
       require path
       return const_get(name) if const_defined?(name)
     end
     super
   end
+  @config = RailsImager::Config.new
+  def self.config
+    if block_given?
+      yield @config
+    else
+      return @config
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_imager
 version: !ruby/object:Gem::Version
-  version: 0.0.19
+  version: 0.0.20
 platform: ruby
 authors:
 - kaspernj
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-07 00:00:00.000000000 Z
+date: 2014-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -154,6 +154,7 @@ files:
 - lib/rails_imager.rb
 - lib/tasks/rails_imager_tasks.rake
 - lib/rails_imager/engine.rb
+- lib/rails_imager/config.rb
 - lib/rails_imager/version.rb
 - MIT-LICENSE
 - Rakefile