Adds a 'validate_media_type' option, default: true

Many people have complained that the Media Type Spoof Detection does not
work properly for their files. While whitelisting is available for some
files, it's not a general solution. This option leaves the "secure by
default" of the media checker in place, but allows people to turn it off
completely if they so choose.

lib/paperclip/attachment.rb

@@ -31,6 +31,7 @@ module Paperclip
         :use_default_time_zone => true,
         :use_timestamp         => true,
         :whiny                 => Paperclip.options[:whiny] || Paperclip.options[:whiny_thumbnails],
+        :media_check           => true,
         :check_validity_before_processing => true
       }
     end

lib/paperclip/has_attached_file.rb

@@ -79,9 +79,11 @@ module Paperclip
     end
 
     def add_required_validations
-      name = @name
-      @klass.validates_media_type_spoof_detection name,
-        :if => ->(instance){ instance.send(name).dirty? }
+      if @options[:validate_media_type] != false
+        name = @name
+        @klass.validates_media_type_spoof_detection name,
+          :if => ->(instance){ instance.send(name).dirty? }
+      end
     end
 
     def add_active_record_callbacks

spec/paperclip/has_attached_file_spec.rb

@@ -41,6 +41,14 @@ describe Paperclip::HasAttachedFile do
     it 'defines the Paperclip-specific callbacks' do
       assert_adding_attachment('avatar').defines_callback('define_paperclip_callbacks')
     end
+
+    it 'does not define a media_type check if told not to' do
+      assert_adding_attachment('avatar').does_not_set_up_media_type_check_validation
+    end
+
+    it 'does define a media_type check if told to' do
+      assert_adding_attachment('avatar').sets_up_media_type_check_validation
+    end
   end
 
   private
@@ -99,6 +107,22 @@ describe Paperclip::HasAttachedFile do
       expect(a_class).to have_received(callback_name.to_sym)
     end
 
+    def does_not_set_up_media_type_check_validation
+      a_class = stub_class
+
+      Paperclip::HasAttachedFile.define_on(a_class, @attachment_name, { validate_media_type: false })
+
+      expect(a_class).to have_received(:validates_media_type_spoof_detection).never
+    end
+
+    def sets_up_media_type_check_validation
+      a_class = stub_class
+
+      Paperclip::HasAttachedFile.define_on(a_class, @attachment_name, { validate_media_type: true })
+
+      expect(a_class).to have_received(:validates_media_type_spoof_detection)
+    end
+
     private
 
     def stub_class

spec/paperclip/meta_class_spec.rb

@@ -4,7 +4,7 @@ describe 'Metaclasses' do
   context "A meta-class of dummy" do
     if active_support_version >= "4.1" || ruby_version < "2.1"
       before do
-        rebuild_model("Dummy")
+        rebuild_model
         reset_class("Dummy")
       end
 

spec/paperclip/validators/media_type_spoof_detection_validator_spec.rb

@@ -16,6 +16,11 @@ describe Paperclip::Validators::MediaTypeSpoofDetectionValidator do
     assert Dummy.validators_on(:avatar).any?{ |validator| validator.kind == :media_type_spoof_detection }
   end
 
+  it "is not on the attachment when explicitly rejected" do
+    rebuild_model validate_media_type: false
+    assert Dummy.validators_on(:avatar).none?{ |validator| validator.kind == :media_type_spoof_detection }
+  end
+
   it "returns default error message for spoofed media type" do
     build_validator
     file = File.new(fixture_file("5k.png"), "rb")