Rename media to avoid exposing filename (fixes #207)
parent
cda67241d4
commit
66a20701b7
|
@ -7,7 +7,10 @@ class Api::V1::MediaController < ApiController
|
|||
respond_to :json
|
||||
|
||||
def create
|
||||
@media = MediaAttachment.create!(account: current_user.account, file: params[:file])
|
||||
file = params[:file]
|
||||
# Change so Paperclip won't expose the actual filename
|
||||
file.original_filename = "media" + File.extname(file.original_filename)
|
||||
@media = MediaAttachment.create!(account: current_user.account, file: file)
|
||||
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
|
||||
render json: { error: 'File type of uploaded media could not be verified' }, status: 422
|
||||
rescue Paperclip::Error
|
||||
|
|
|
@ -20,7 +20,18 @@ class Settings::ProfilesController < ApplicationController
|
|||
private
|
||||
|
||||
def account_params
|
||||
params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
|
||||
p = params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
|
||||
if p[:avatar]
|
||||
avatar = p[:avatar]
|
||||
# Change so Paperclip won't expose the actual filename
|
||||
avatar.original_filename = "media" + File.extname(avatar.original_filename)
|
||||
end
|
||||
if p[:header]
|
||||
header = p[:header]
|
||||
# Change so Paperclip won't expose the actual filename
|
||||
header.original_filename = "media" + File.extname(header.original_filename)
|
||||
end
|
||||
p
|
||||
end
|
||||
|
||||
def set_account
|
||||
|
|
Loading…
Reference in New Issue