1
0
mirror of https://github.com/mastodon/mastodon synced 2024-11-28 06:48:28 +09:00

Extract filename obfuscation into module

This commit is contained in:
Alyssa Ross 2016-11-23 23:31:38 +00:00 committed by Andrea Faulds
parent 7161f91313
commit cefef2c571
3 changed files with 25 additions and 16 deletions

View File

@ -4,13 +4,13 @@ class Api::V1::MediaController < ApiController
before_action -> { doorkeeper_authorize! :write } before_action -> { doorkeeper_authorize! :write }
before_action :require_user! before_action :require_user!
include ObfuscateFilename
obfuscate_filename :file
respond_to :json respond_to :json
def create def create
file = params[:file] @media = MediaAttachment.create!(account: current_user.account, file: params[:file])
# Change so Paperclip won't expose the actual filename
file.original_filename = "media" + File.extname(file.original_filename)
@media = MediaAttachment.create!(account: current_user.account, file: file)
rescue Paperclip::Errors::NotIdentifiedByImageMagickError rescue Paperclip::Errors::NotIdentifiedByImageMagickError
render json: { error: 'File type of uploaded media could not be verified' }, status: 422 render json: { error: 'File type of uploaded media could not be verified' }, status: 422
rescue Paperclip::Error rescue Paperclip::Error

View File

@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :set_account before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
def show def show
end end
@ -20,18 +24,7 @@ class Settings::ProfilesController < ApplicationController
private private
def account_params def account_params
p = params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced) params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
if p[:avatar]
avatar = p[:avatar]
# Change so Paperclip won't expose the actual filename
avatar.original_filename = "media" + File.extname(avatar.original_filename)
end
if p[:header]
header = p[:header]
# Change so Paperclip won't expose the actual filename
header.original_filename = "media" + File.extname(header.original_filename)
end
p
end end
def set_account def set_account

View File

@ -0,0 +1,16 @@
module ObfuscateFilename
extend ActiveSupport::Concern
class_methods do
def obfuscate_filename(*args)
before_action { obfuscate_filename(*args) }
end
end
def obfuscate_filename(path)
file = params.dig(*path)
return if file.nil?
file.original_filename = "media" + File.extname(file.original_filename)
end
end