Merge pull request #242 from TazeTSchnitzel/media_uri_obfuscation

Rename media to avoid exposing filename (fixes #207)
remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
Eugen 2016-11-24 16:27:32 +01:00 committed by GitHub
commit 7baca3fe4d
3 changed files with 23 additions and 0 deletions

View File

@ -4,6 +4,9 @@ class Api::V1::MediaController < ApiController
before_action -> { doorkeeper_authorize! :write }
before_action :require_user!
include ObfuscateFilename
obfuscate_filename :file
respond_to :json
def create

View File

@ -6,6 +6,10 @@ class Settings::ProfilesController < ApplicationController
before_action :authenticate_user!
before_action :set_account
include ObfuscateFilename
obfuscate_filename [:account, :avatar]
obfuscate_filename [:account, :header]
def show
end

View File

@ -0,0 +1,16 @@
module ObfuscateFilename
extend ActiveSupport::Concern
class_methods do
def obfuscate_filename(*args)
before_action { obfuscate_filename(*args) }
end
end
def obfuscate_filename(path)
file = params.dig(*path)
return if file.nil?
file.original_filename = "media" + File.extname(file.original_filename)
end
end