Commit 981fb513 by Jon Yurek and Nathan Walls Committed by Jon Yurek

Adds a 'validate_media_type' option, default: true

Many people have complained that the Media Type Spoof Detection does not
work properly for their files. While whitelisting is available for some
files, it's not a general solution. This option leaves the "secure by
default" of the media checker in place, but allows people to turn it off
completely if they so choose.
parent 3ec2599d
......@@ -31,6 +31,7 @@ module Paperclip
:use_default_time_zone => true,
:use_timestamp => true,
:whiny => Paperclip.options[:whiny] || Paperclip.options[:whiny_thumbnails],
:media_check => true,
:check_validity_before_processing => true
}
end
......
......@@ -79,9 +79,11 @@ module Paperclip
end
def add_required_validations
name = @name
@klass.validates_media_type_spoof_detection name,
:if => ->(instance){ instance.send(name).dirty? }
if @options[:validate_media_type] != false
name = @name
@klass.validates_media_type_spoof_detection name,
:if => ->(instance){ instance.send(name).dirty? }
end
end
def add_active_record_callbacks
......
......@@ -41,6 +41,14 @@ describe Paperclip::HasAttachedFile do
it 'defines the Paperclip-specific callbacks' do
assert_adding_attachment('avatar').defines_callback('define_paperclip_callbacks')
end
it 'does not define a media_type check if told not to' do
assert_adding_attachment('avatar').does_not_set_up_media_type_check_validation
end
it 'does define a media_type check if told to' do
assert_adding_attachment('avatar').sets_up_media_type_check_validation
end
end
private
......@@ -99,6 +107,22 @@ describe Paperclip::HasAttachedFile do
expect(a_class).to have_received(callback_name.to_sym)
end
def does_not_set_up_media_type_check_validation
a_class = stub_class
Paperclip::HasAttachedFile.define_on(a_class, @attachment_name, { validate_media_type: false })
expect(a_class).to have_received(:validates_media_type_spoof_detection).never
end
def sets_up_media_type_check_validation
a_class = stub_class
Paperclip::HasAttachedFile.define_on(a_class, @attachment_name, { validate_media_type: true })
expect(a_class).to have_received(:validates_media_type_spoof_detection)
end
private
def stub_class
......
......@@ -4,7 +4,7 @@ describe 'Metaclasses' do
context "A meta-class of dummy" do
if active_support_version >= "4.1" || ruby_version < "2.1"
before do
rebuild_model("Dummy")
rebuild_model
reset_class("Dummy")
end
......
......@@ -16,6 +16,11 @@ describe Paperclip::Validators::MediaTypeSpoofDetectionValidator do
assert Dummy.validators_on(:avatar).any?{ |validator| validator.kind == :media_type_spoof_detection }
end
it "is not on the attachment when explicitly rejected" do
rebuild_model validate_media_type: false
assert Dummy.validators_on(:avatar).none?{ |validator| validator.kind == :media_type_spoof_detection }
end
it "returns default error message for spoofed media type" do
build_validator
file = File.new(fixture_file("5k.png"), "rb")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment