Detect and prevent image bombs, max. processable dimension 4096^2 (#7229)

2018-04-23 09:16:38 +02:00 · 2018-04-23 09:16:38 +02:00 · 7db7d68136
commit 7db7d68136
parent 3bf6da1ffc
4 changed files with 34 additions and 17 deletions
--- a/app/models/media_attachment.rb
+++ b/app/models/media_attachment.rb
@ -19,8 +19,6 @@
 #  description       :text
 #

-require 'mime/types'
-
 class MediaAttachment < ApplicationRecord
  self.inheritance_column = nil

@ -70,6 +68,8 @@ class MediaAttachment < ApplicationRecord
  validates_attachment_size :file, less_than: LIMIT
  remotable_attachment :file, LIMIT

+  include Attachmentable
+
  validates :account, presence: true
  validates :description, length: { maximum: 420 }, if: :local?

@ -176,9 +176,6 @@ class MediaAttachment < ApplicationRecord

  def set_type_and_extension
    self.type = VIDEO_MIME_TYPES.include?(file_content_type) ? :video : :image
-    extension = appropriate_extension
-    basename  = Paperclip::Interpolations.basename(file, :original)
-    file.instance_write :file_name, [basename, extension].delete_if(&:blank?).join('.')
  end

  def set_meta
@ -223,13 +220,4 @@ class MediaAttachment < ApplicationRecord
      bitrate: movie.bitrate,
    }
  end
-
-  def appropriate_extension
-    mime_type = MIME::Types[file.content_type]
-
-    extensions_for_mime_type = mime_type.empty? ? [] : mime_type.first.extensions
-    original_extension       = Paperclip::Interpolations.extension(file, :original)
-
-    extensions_for_mime_type.include?(original_extension) ? original_extension : extensions_for_mime_type.first
-  end
 end