Skip to content
Snippets Groups Projects
Commit cefef2c5 authored by Alyssa Ross's avatar Alyssa Ross Committed by Andrea Faulds
Browse files

Extract filename obfuscation into module

parent 7161f913
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/controllers/api/v1/media_controller.rb
+ 4
4
View file @ cefef2c5
...@@ -4,13 +4,13 @@ class Api::V1::MediaController < ApiController ...@@ -4,13 +4,13 @@ class Api::V1::MediaController < ApiController
before_action -> { doorkeeper_authorize! :write } before_action -> { doorkeeper_authorize! :write }
before_action :require_user! before_action :require_user!
include ObfuscateFilename
obfuscate_filename :file
respond_to :json respond_to :json
def create def create
file = params[:file] @media = MediaAttachment.create!(account: current_user.account, file: params[:file])
# Change so Paperclip won't expose the actual filename
file.original_filename = "media" + File.extname(file.original_filename)
@media = MediaAttachment.create!(account: current_user.account, file: file)
rescue Paperclip::Errors::NotIdentifiedByImageMagickError rescue Paperclip::Errors::NotIdentifiedByImageMagickError
render json: { error: 'File type of uploaded media could not be verified' }, status: 422 render json: { error: 'File type of uploaded media could not be verified' }, status: 422
rescue Paperclip::Error rescue Paperclip::Error
......
app/controllers/settings/profiles_controller.rb
+ 5
12
View file @ cefef2c5
...@@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController ...@@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :set_account before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
def show def show
end end
...@@ -20,18 +24,7 @@ class Settings::ProfilesController < ApplicationController ...@@ -20,18 +24,7 @@ class Settings::ProfilesController < ApplicationController
private private
def account_params def account_params
p = params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced) params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
if p[:avatar]
avatar = p[:avatar]
# Change so Paperclip won't expose the actual filename
avatar.original_filename = "media" + File.extname(avatar.original_filename)
end
if p[:header]
header = p[:header]
# Change so Paperclip won't expose the actual filename
header.original_filename = "media" + File.extname(header.original_filename)
end
p
end end
def set_account def set_account
......
app/models/concerns/obfuscate_filename.rb 0 → 100644
+ 16
0
View file @ cefef2c5
module ObfuscateFilename
extend ActiveSupport::Concern
class_methods do
def obfuscate_filename(*args)
before_action { obfuscate_filename(*args) }
end
end
def obfuscate_filename(path)
file = params.dig(*path)
return if file.nil?
file.original_filename = "media" + File.extname(file.original_filename)
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment