Improve regexp for image whitelisting [SCI-736]

2025-02-05 22:44:22 +08:00 · 2016-11-28 10:08:54 +01:00 · 2016-11-28 10:08:54 +01:00 · cc0aab2e59
commit cc0aab2e59
parent 74f6455a8f
2 changed files with 5 additions and 4 deletions
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@ -114,8 +114,9 @@ class AssetsController < ApplicationController
      fields: s3_post.fields
    })

-    if (asset.file_content_type =~
-      %r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}) == 0
+    condition = %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}}
+
+    if condition === asset.file_content_type
      asset.file.options[:styles].each do |style, option|
        s3_post = S3_BUCKET.presigned_post(
          key: asset.file.path(style)[1..-1],
--- a/app/models/asset.rb
+++ b/app/models/asset.rb
@ -138,8 +138,8 @@ class Asset < ActiveRecord::Base
  end

  def is_image?
-    !(file.content_type =~
-      %r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}).nil?
+    %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}} ===
+      file.content_type
  end

  def text?