consul/grecia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added image content type validation to only allowing jpg images.

Browse Source
This commit is contained in:
Senén Rodero Rodríguez
2017-06-14 13:10:43 +02:00
parent 7b88e63136
commit 4f5a552486
4 changed files with 27 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/models/budget/investment.rb
View File

@@ -17,6 +17,8 @@ class Budget
acts_as_paranoid column: :hidden_at acts_as_paranoid column: :hidden_at
include ActsAsParanoidAliases include ActsAsParanoidAliases
has_attached_file :image, styles: { large: "600x600>", medium: "300x300>", thumb: "100x100>" }
belongs_to :author, -> { with_hidden }, class_name: 'User', foreign_key: 'author_id' belongs_to :author, -> { with_hidden }, class_name: 'User', foreign_key: 'author_id'
belongs_to :heading belongs_to :heading
belongs_to :group belongs_to :group
@@ -28,9 +30,6 @@ class Budget
has_many :comments, as: :commentable has_many :comments, as: :commentable
has_many :milestones has_many :milestones
has_attached_file :image, styles: { large: "600x600>" ,medium: "300x300>", thumb: "100x100>" }
validates_attachment_content_type :image, content_type: /\Aimage\/.*\z/
validates :title, presence: true validates :title, presence: true
validates :author, presence: true validates :author, presence: true
validates :description, presence: true validates :description, presence: true
@@ -41,6 +40,7 @@ class Budget
validates :title, length: { in: 4..Budget::Investment.title_max_length } validates :title, length: { in: 4..Budget::Investment.title_max_length }
validates :description, length: { maximum: Budget::Investment.description_max_length } validates :description, length: { maximum: Budget::Investment.description_max_length }
validates :terms_of_service, acceptance: { allow_nil: false }, on: :create validates :terms_of_service, acceptance: { allow_nil: false }, on: :create
validates_attachment :image, content_type: { content_type: ["image/jpeg"] }
scope :sort_by_confidence_score, -> { reorder(confidence_score: :desc, id: :desc) } scope :sort_by_confidence_score, -> { reorder(confidence_score: :desc, id: :desc) }
scope :sort_by_ballots, -> { reorder(ballot_lines_count: :desc, id: :desc) } scope :sort_by_ballots, -> { reorder(ballot_lines_count: :desc, id: :desc) }

BIN
spec/fixtures/files/logo_header.gif vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 401 B

BIN
spec/fixtures/files/logo_header.jpg vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

24
spec/models/budget/investment_spec.rb
View File

@@ -29,6 +29,30 @@ describe Budget::Investment do
end end
end end
describe "#image" do
describe "extesion" do
it "should not be valid with '.png' extension" do
investment.image = File.new("spec/fixtures/files/logo_header.png")
expect(investment).to_not be_valid
end
it "should not be valid with '.gif' extension" do
investment.image = File.new("spec/fixtures/files/logo_header.gif")
expect(investment).to_not be_valid
end
it "should be valid with '.jpg' extension" do
investment.image = File.new("spec/fixtures/files/logo_header.jpg")
expect(investment).to be_valid
end
end
end
it "sanitizes description" do it "sanitizes description" do
investment.description = "<script>alert('danger');</script>" investment.description = "<script>alert('danger');</script>"
investment.valid? investment.valid?