| Name |
Last commit
|
Last Update |
|---|---|---|
| .. | ||
| paperclip | ||
| support | ||
| database.yml | ||
| spec_helper.rb |
While using the Paperclip gem, we noticed during some ad-hoc testing that if you do not supply an extension when uploading a file, Paperclip effectively skipped it's spoofing check, which allowed potentially dangerous files to slip through into your application. This addresses that by moving the checks around a little bit and only testing against the extension when there is one.
| Name |
Last commit
|
Last Update |
|---|---|---|
| .. | ||
| paperclip | Loading commit data... | |
| support | Loading commit data... | |
| database.yml | Loading commit data... | |
| spec_helper.rb | Loading commit data... |