Skip to content

P
paperclip
Switch branch/tag
  1. 24 Aug, 2015 1 commit
  3. 18 Jun, 2015 1 commit
  5. 17 Jun, 2015 1 commit
  7. 05 Jun, 2015 2 commits
    • Release v4.3.0 :tada: · ecdd5427 
      For the full details of what is included in this release, check out NEWS.

[fixes #1875]
      maclover7 committed
    • Fix a possible security issue with spoofing · 9aee4112 
      Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this.

There is an issue where if an HTML file is uploaded with a .html
extension, but the content type is listed as being `image/jpeg`, this
will bypass a validation checking for images. But it will also pass the
spoof check, because a file named .html and containing actual HTML
passes the spoof check.

This change makes it so that we also check the supplied content type. So
even if the file contains HTML and ends with .html, it doesn't match the
content type of `image/jpeg` and so it fails.
      Jon Yurek committed
  9. 23 Dec, 2014 1 commit
  11. 09 Dec, 2014 1 commit
  13. 08 Jul, 2014 1 commit
  15. 22 Feb, 2014 1 commit
  17. 21 Feb, 2014 1 commit
  19. 07 Feb, 2014 2 commits
  21. 31 Jan, 2014 1 commit
  23. 24 Jan, 2014 2 commits
  25. 22 Oct, 2013 1 commit
  27. 31 Jul, 2013 1 commit
  29. 19 Jul, 2013 1 commit
  31. 17 May, 2013 1 commit
  33. 22 Feb, 2013 1 commit
  35. 27 Nov, 2012 1 commit
  37. 31 Oct, 2012 1 commit
  39. 14 Sep, 2012 1 commit
  41. 07 Sep, 2012 1 commit
    • Bump to 3.2.0 · 26f44c6d 
      * Bug fix: Use the new correct Amazon S3 encryption header.
* Bug fix: The rake task respects the updated_at column.
* Bug fix: Strip newline from content type.
* Feature: Fog file visibility can be specified per style.
* Feature: Autonatically rotate images.
* Feature: Reduce class-oriented programming of the attachment definitions.
      Mike Burns committed
  43. 21 Jul, 2012 1 commit
    • Bump to 3.1.4 · 70f0f1fe 
      Happy pi release!

      3.141592653589793238462643383279
    5028841971693993751058209749445923
   07816406286208998628034825342117067
   9821    48086         5132
  823      06647        09384
 46        09550        58223
 17        25359        4081
           2848         1117
           4502         8410
           2701         9385
          21105        55964
          46229        48954
          9303         81964
          4288         10975
         66593         34461
        284756         48233
        78678          31652        71
       2019091         456485       66
      9234603           48610454326648
     2133936            0726024914127
     3724587             00660631558
     817488               152092096
      Prem Sichanugrist committed
  45. 13 Jul, 2012 1 commit
  47. 18 Jun, 2012 1 commit
  49. 16 Jun, 2012 1 commit
  51. 15 Jun, 2012 1 commit
  53. 05 May, 2012 1 commit
  55. 04 May, 2012 3 commits
  57. 20 Apr, 2012 1 commit
  59. 03 Apr, 2012 1 commit
  61. 09 Mar, 2012 1 commit
    • Change the default :url and :path to avoid conflicts. Closes #727. · 26f4d409 
      The new default :path and :include include the name of the model and
also nests the model ID under a series of subdirectories, improving
filesystem access speed when more than 1024 models have saved
attachments.

The easiest way to upgrade is to add an explicit :url and :path to your
has_attached_file calls:

    has_attached_file :avatar,
      :path => ":rails_root/public/system/:attachment/:id/:style/:filename",
      :url => "/system/:attachment/:id/:style/:filename"
      Mike Burns committed
  63. 24 Feb, 2012 1 commit
  65. 10 Feb, 2012 1 commit
  67. 27 Jan, 2012 1 commit
  69. 13 Jan, 2012 1 commit