Class: Decidim::ImageUploader

Inherits:
ApplicationUploader show all
Includes:
CarrierWave::MiniMagick
Defined in:
app/uploaders/decidim/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Instance Method Summary collapse

Methods inherited from ApplicationUploader

#store_dir

Instance Method Details

#content_type_whitelistObject

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.



13
14
15
16
17
 
# File 'app/uploaders/decidim/image_uploader.rb', line 13

def content_type_whitelist
  [
    %r{image\/}
  ]
end

#extension_white_listObject

Add a white list of extensions which are allowed to be uploaded. For images you might use something like this:



29
30
31
 
# File 'app/uploaders/decidim/image_uploader.rb', line 29

def extension_white_list
  %w(jpg jpeg gif png bmp ico)
end

#max_image_height_or_widthObject 



51
52
53
 
# File 'app/uploaders/decidim/image_uploader.rb', line 51

def max_image_height_or_width
  3840
end

#stripObject

Strips out all embedded information from the image



20
21
22
23
24
25
 
# File 'app/uploaders/decidim/image_uploader.rb', line 20

def strip
  manipulate! do |img|
    img.strip
    img
  end
end

#validate_dimensionsObject

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390



37
38
39
40
41
42
 
# File 'app/uploaders/decidim/image_uploader.rb', line 37

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_sizeObject 



44
45
46
47
48
49
 
# File 'app/uploaders/decidim/image_uploader.rb', line 44

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > Decidim.maximum_attachment_size
    image
  end
end