scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-02-05 14:41:53 +08:00
Code Issues Projects Releases Packages Wiki Activity

Add whitelisting of supported image types [SCI-736]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2016-11-25 16:12:43 +01:00
parent 91ffb232e2
commit 74f6455a8f
3 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/assets_controller.rb
View file

@ -114,7 +114,8 @@ class AssetsController < ApplicationController
fields: s3_post.fields fields: s3_post.fields
}) })
if (asset.file_content_type =~ /^image\//) == 0 if (asset.file_content_type =~
%r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}) == 0
asset.file.options[:styles].each do |style, option| asset.file.options[:styles].each do |style, option|
s3_post = S3_BUCKET.presigned_post( s3_post = S3_BUCKET.presigned_post(
key: asset.file.path(style)[1..-1], key: asset.file.path(style)[1..-1],

3
app/models/asset.rb
View file

@ -138,7 +138,8 @@ class Asset < ActiveRecord::Base
end end
def is_image? def is_image?
!(self.file.content_type =~ /^image/).nil? !(file.content_type =~
%r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}).nil?
end end
def text? def text?

2
config/initializers/constants.rb
View file

@ -201,6 +201,8 @@ class Constants
'text/plain' 'text/plain'
].freeze ].freeze
WHITELISTED_IMAGE_TYPES = ['gif', 'jpeg', 'png', 'svg+xml', 'bmp'].freeze
# Very basic regex to check for validity of emails # Very basic regex to check for validity of emails
BASIC_EMAIL_REGEX = /^[^@]+@[^@]+\.[^@]+$/ BASIC_EMAIL_REGEX = /^[^@]+@[^@]+\.[^@]+$/