Merge pull request from GHSA-9928-3cp5-93fm
* Fix attachments getting processed despite failing content-type validation * Add a restrictive ImageMagick security policy tailored for Mastodon * Fix misdetection of MP3 files with large cover art * Reject unprocessable audio/video files instead of keeping them unchanged
This commit is contained in:
		| @@ -22,15 +22,14 @@ module Attachmentable | ||||
|  | ||||
|   included do | ||||
|     def self.has_attached_file(name, options = {}) # rubocop:disable Naming/PredicateName | ||||
|       options = { validate_media_type: false }.merge(options) | ||||
|       super(name, options) | ||||
|       send(:"before_#{name}_post_process") do | ||||
|  | ||||
|       send(:"before_#{name}_validate") do | ||||
|         attachment = send(name) | ||||
|         check_image_dimension(attachment) | ||||
|         set_file_content_type(attachment) | ||||
|         obfuscate_file_name(attachment) | ||||
|         set_file_extension(attachment) | ||||
|         Paperclip::Validators::MediaTypeSpoofDetectionValidator.new(attributes: [name]).validate(self) | ||||
|       end | ||||
|     end | ||||
|   end | ||||
|   | ||||
		Reference in New Issue
	
	Block a user