Browse Source

Merge pull request #242 from TazeTSchnitzel/media_uri_obfuscation

Rename media to avoid exposing filename (fixes #207)
closed-social-v3
Eugen 8 years ago
committed by GitHub
parent
commit
7baca3fe4d
3 changed files with 23 additions and 0 deletions
  1. +3
    -0
      app/controllers/api/v1/media_controller.rb
  2. +4
    -0
      app/controllers/settings/profiles_controller.rb
  3. +16
    -0
      app/models/concerns/obfuscate_filename.rb

+ 3
- 0
app/controllers/api/v1/media_controller.rb View File

@ -4,6 +4,9 @@ class Api::V1::MediaController < ApiController
before_action -> { doorkeeper_authorize! :write } before_action -> { doorkeeper_authorize! :write }
before_action :require_user! before_action :require_user!
include ObfuscateFilename
obfuscate_filename :file
respond_to :json respond_to :json
def create def create

+ 4
- 0
app/controllers/settings/profiles_controller.rb View File

@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :set_account before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
def show def show
end end

+ 16
- 0
app/models/concerns/obfuscate_filename.rb View File

@ -0,0 +1,16 @@
module ObfuscateFilename
extend ActiveSupport::Concern
class_methods do
def obfuscate_filename(*args)
before_action { obfuscate_filename(*args) }
end
end
def obfuscate_filename(path)
file = params.dig(*path)
return if file.nil?
file.original_filename = "media" + File.extname(file.original_filename)
end
end

Loading…
Cancel
Save