scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-02-05 22:44:22 +08:00
Code Issues Projects Releases Packages Wiki Activity

Improve regexp for image whitelisting [SCI-736]

Browse source
This commit is contained in:
Oleksii Kriuchykhin 2016-11-28 10:08:54 +01:00
parent 74f6455a8f
commit cc0aab2e59
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/assets_controller.rb
View file

@ -114,8 +114,9 @@ class AssetsController < ApplicationController
fields: s3_post.fields fields: s3_post.fields
}) })
if (asset.file_content_type =~ condition = %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}}
%r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}) == 0
if condition === asset.file_content_type
asset.file.options[:styles].each do |style, option| asset.file.options[:styles].each do |style, option|
s3_post = S3_BUCKET.presigned_post( s3_post = S3_BUCKET.presigned_post(
key: asset.file.path(style)[1..-1], key: asset.file.path(style)[1..-1],

4
app/models/asset.rb
View file

@ -138,8 +138,8 @@ class Asset < ActiveRecord::Base
end end
def is_image? def is_image?
!(file.content_type =~ %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}} ===
%r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}).nil? file.content_type
end end
def text? def text?