Class: Decidim::ImageUploader

Inherits:
ApplicationUploader show all
Includes:
CarrierWave::MiniMagick
Defined in:
app/uploaders/decidim/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Instance Method Summary collapse

Methods inherited from ApplicationUploader

#store_dir

Instance Method Details

#content_type_whitelistObject

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.



12
13
14
15
16
 
# File 'app/uploaders/decidim/image_uploader.rb', line 12

def content_type_whitelist
  [
    %r{image\/}
  ]
end

#max_image_height_or_widthObject 



36
37
38
 
# File 'app/uploaders/decidim/image_uploader.rb', line 36

def max_image_height_or_width
  3840
end

#validate_dimensionsObject

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390



22
23
24
25
26
27
 
# File 'app/uploaders/decidim/image_uploader.rb', line 22

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_sizeObject 



29
30
31
32
33
34
 
# File 'app/uploaders/decidim/image_uploader.rb', line 29

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > Decidim.maximum_attachment_size
    image
  end
end