From 3ff64f365c73f9fc8eb92bb2a08ddacfab8acea5 Mon Sep 17 00:00:00 2001 From: f Date: Fri, 23 Aug 2019 15:24:41 -0300 Subject: [PATCH] =?UTF-8?q?validar=20que=20estemos=20subiendo=20im=C3=A1ge?= =?UTF-8?q?nes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 1 + app/models/metadata_image.rb | 14 ++++++++++++++ test/controllers/posts_controller_test.rb | 16 ++++++++++++++++ test/fixtures/files/_logo.png | 1 + test/fixtures/files/logo.png | Bin 0 -> 2001 bytes 5 files changed, 32 insertions(+) create mode 100644 test/fixtures/files/_logo.png create mode 100644 test/fixtures/files/logo.png diff --git a/Dockerfile b/Dockerfile index 4620f54d..e8f69093 100644 --- a/Dockerfile +++ b/Dockerfile @@ -72,6 +72,7 @@ RUN apk add --no-cache yarn RUN apk add --no-cache libgit2 # Instalar foreman para poder correr los servicios RUN gem install --no-document --no-user-install foreman +RUN apk add --no-cache file # Agregar el grupo del servidor web RUN addgroup -g 82 -S www-data diff --git a/app/models/metadata_image.rb b/app/models/metadata_image.rb index 763d4842..6f25ede3 100644 --- a/app/models/metadata_image.rb +++ b/app/models/metadata_image.rb @@ -16,6 +16,7 @@ class MetadataImage < MetadataTemplate super errors << I18n.t('metadata.image.path_required') if path_missing? + errors << I18n.t('metadata.image.not_an_image') unless image? errors.compact! errors.empty? @@ -31,6 +32,19 @@ class MetadataImage < MetadataTemplate value['path'].is_a?(String) end + # Determina si es una imagen antes de subirla + def image? + if value['path'].is_a? ActionDispatch::Http::UploadedFile + `file --mime-type "#{value['path'].tempfile.path}"` + .split(' ') + .last + .chomp + .starts_with? 'image/' + else + true + end + end + # Determina si la ruta es opcional pero deja pasar si la ruta se # especifica def path_optional? diff --git a/test/controllers/posts_controller_test.rb b/test/controllers/posts_controller_test.rb index 254b9280..06fb85e9 100644 --- a/test/controllers/posts_controller_test.rb +++ b/test/controllers/posts_controller_test.rb @@ -117,4 +117,20 @@ class PostsControllerTest < ActionDispatch::IntegrationTest assert_equal 'hola', @post.image.value['description'] end + + test 'no se pueden subir archivos cualquiera' do + patch site_post_url(@site, @post.id), + headers: @authorization, + params: { + post: { + image: { + path: fixture_file_upload('files/_logo.png', 'image/png'), + description: 'hola' + } + } + } + + assert_equal 200, response.status + assert_match I18n.t('metadata.image.not_an_image'), response.body + end end diff --git a/test/fixtures/files/_logo.png b/test/fixtures/files/_logo.png new file mode 100644 index 00000000..aa93b250 --- /dev/null +++ b/test/fixtures/files/_logo.png @@ -0,0 +1 @@ +pwned diff --git a/test/fixtures/files/logo.png b/test/fixtures/files/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..234d6d248ec5a652ce1b660f2a29448900bfe4de GIT binary patch literal 2001 zcmV;?2QK)DP)LIoe~A}j!cbF5A~>T0-xq~wFTJ@&dpjip)&j-c zSIVvzAWm=_BL=av=%H*WsP|1O`#P^B(VCAC-BF4aa&j0>)Ij4owb0ntDN4O?A~R78 zHHlJ!j*lXl%KVd*qMDSP8-o$atW`MUVo$q+=;$?19U-E)jbqo)!jAKd29X9sGI>ZU zO-+>{0?Tl=}Sp=AI>-fSXlCcc+j5s9fa*%Oe8^OOn<;yTa+<@}9 zLV9WvsY2na>LVadNxPvI%<+l|{p>J&C$FP!TOtyH4B`~KBU0w%<+AJ1CPn`B&T<|} zh*7wd?UITRo?DT_5bNWzN&;&4lkTpPr z=2_@XUd##L#lL8jM*hST+wDxGHbf+fKFQ=piLAk>)V{TU%vlP**HgVsYdk8#;SGB< zkG(4ofH;wf)CPzo#0VtQ0;vdbteXR~m0fX;`xSG4)7O}(7x#=!dKqo=N6ev|$wbO= zBI)ZiRh3V~NOit{0;dvnv}dZ(Ak$Vq`z9vRaUzlsWy;O~OkPr&hqf&WAHNf7Y&$9S zoFt0h-UDWp zLZ44EszVe+FU%!<>CyqPn2FQ|h?GojlP+&d;~&cPiC>j@JwS9oV}7StNB8I%&?-~h zza@Y^om_fl&SfG=$uyuGulU>(drZvqPp9_me*4QoT{^rPIS8C+70E6F6o4w^q!lu7mA3F4ww=-_SDFG ziK{`J#6xziR3y~gWlHGn!T-4X1O34S;qd6pZU?O>- zuQ33|S&Lw7x=aJ}wlI@g7{Y;#c>j$-#>M0NV3$rjzw!qqO*7-sh(FP3GILJOUn1G9LJis47T6VkW0?=< zMZ%trj)Ims{LVFgmsmO}QZx;dd@M8~!9;VGG#Zu1KllPf*9;obD5WRd#ep&W|5bS1 zd6|D&nlsfa?04r}yEJk9Mf7xK!`Asqq-~VvyT*7`wl{(v!Mk2vLBE4U1y(fb^Em0( zsRfgcyv>c!}MQ)k^3g%hVWDPNHA( zkjQ=6niuulD;|()Kfm9=C}ecQB=6p)-=%q@`>kofVCY~zMs!&gyEm9~a1H1Q42BoV za1*^5%paU}HIiMpA7l$L^f1|aOj_-aB@aNKhBMee3{OzKaxs>{j`ke2lt-{`$rfU0 z;T0^jQ}?4&mV^0um@ZOAK|!>G?M+*x%i8ipIWQPH_zUxXvJE!M_ElgGVhb@eAd0$x zA#Gfn0p@JB4?_>vCvH~0Sv%Ak%m!j;!EOkY)$-P{br_mx7$PmqqP&)&A53Eu0_Mi& jK~-W?np7q#vN7DhAAy!sSiN@?00000NkvXXu0mjfBwMrq literal 0 HcmV?d00001