Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Merge pull request from GHSA-9928-3cp5-93fm

Browse source 
* Fix attachments getting processed despite failing content-type validation

* Add a restrictive ImageMagick security policy tailored for Mastodon

* Fix misdetection of MP3 files with large cover art

* Reject unprocessable audio/video files instead of keeping them unchanged
This commit is contained in:
Claire 2023-07-06 15:05:05 +02:00 committed by GitHub
parent 6d8e0fae3e
commit dc8f1fbd97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 80 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
config/initializers/paperclip.rb
View file

@ -153,3 +153,10 @@ unless defined?(Seahorse)
end
end
end
# Set our ImageMagick security policy, but allow admins to override it
ENV['MAGICK_CONFIGURE_PATH'] = begin
imagemagick_config_paths = ENV.fetch('MAGICK_CONFIGURE_PATH', '').split(File::PATH_SEPARATOR)
imagemagick_config_paths << Rails.root.join('config', 'imagemagick').expand_path.to_s
imagemagick_config_paths.join(File::PATH_SEPARATOR)
end