Class: Rack::SecureUpload::Middleware
- Inherits:
-
Object
- Object
- Rack::SecureUpload::Middleware
- Includes:
- Utility
- Defined in:
- lib/rack/secure_upload/middleware.rb
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app, scanners, options = {}) ⇒ Middleware
constructor
A new instance of Middleware.
Methods included from Utility
Constructor Details
#initialize(app, scanners, options = {}) ⇒ Middleware
Returns a new instance of Middleware.
10 11 12 13 14 15 16 17 |
# File 'lib/rack/secure_upload/middleware.rb', line 10 def initialize(app, scanners, = {}) @app = app @scanners = [scanners].flatten.map { |scanner| scanner.is_a?(Symbol) ? Rack::SecureUpload::Scanner.const_get(camelize(scanner.to_s)).new : scanner } @scanners.each do |scanner| scanner.setup end @options = end |
Instance Method Details
#call(env) ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/rack/secure_upload/middleware.rb', line 19 def call(env) params = Rack::Multipart.parse_multipart(env) if params && !params.empty? traverse(params) do |value| next unless [Tempfile, File].any?{ |klass| value.is_a?(klass) } unless scan value.path fallback = @options[:fallback] if fallback.respond_to?(:call) return fallback.call(env, params, value.path) elsif fallback.to_s == 'raise' raise InsecureFileError, "The uploaded file \"#{value.path}\" is insecure!" else return [406, {'content-type' => 'text/plain; charset=UTF-8'}, ['Insecure File(s) are found!']] end end end end @app.call(env) end |