Files · 7eb664f21ba1cbcaf2510b46055878241eb8c5b2 · ikcrm_common / paperclip

Check for spoofing of files without an extension · 7eb664f2

While using the Paperclip gem, we noticed during some ad-hoc testing
that if you do not supply an extension when uploading a file, Paperclip
effectively skipped it's spoofing check, which allowed potentially
dangerous files to slip through into your application.

This addresses that by moving the checks around a little bit and only
testing against the extension when there is one.

committed May 25, 2018

7eb664f2

Name	Last commit	Last Update
.github		Loading commit data...
features		Loading commit data...
gemfiles		Loading commit data...
lib		Loading commit data...
shoulda_macros		Loading commit data...
spec		Loading commit data...
.codeclimate.yml		Loading commit data...
.gitignore		Loading commit data...
.hound.yml		Loading commit data...
.rubocop.yml		Loading commit data...
.travis.yml		Loading commit data...
Appraisals		Loading commit data...
CONTRIBUTING.md		Loading commit data...
Gemfile		Loading commit data...
LICENSE		Loading commit data...
MIGRATING-ES.md		Loading commit data...
MIGRATING.md		Loading commit data...
NEWS		Loading commit data...
README.md		Loading commit data...
RELEASING.md		Loading commit data...
Rakefile		Loading commit data...
UPGRADING		Loading commit data...
paperclip.gemspec		Loading commit data...

README.md