search

markevans / dragonfly-s3_data_store

S3 data store for the Dragonfly ruby gem
MIT License
62 stars 58 forks source link

Ignoring url_format and/or not sanitizing image names #25

Open leite opened 8 years ago

leite commented 8 years ago

Hi, nice lib.

Appears to me that this lib is ignoring url_format directive, example:

initializers/dragonfly.rb

require 'dragonfly'
require 'dragonfly/s3_data_store'

Dragonfly.app.configure do
  plugin :imagemagick
  secret "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  url_format "/media/:job/:sha/:name"

  if Rails.env.development? || Rails.env.test?
    datastore :file,
      root_path:   Rails.root.join('public/system/dragonfly', Rails.env),
      server_root: Rails.root.join('public')
  else
    datastore :s3,
      bucket_name:       'xxxxxxx',
      access_key_id:     'xxxxxxxxxxxx',
      secret_access_key: 'xxxxxxxxxxxxxxxxxxxxxxxx',
      url_scheme:        'https'
  end
end

Dragonfly.logger = Rails.logger
Rails.application.middleware.use Dragonfly::Middleware
if defined?(ActiveRecord::Base)
  ActiveRecord::Base.extend Dragonfly::Model
  ActiveRecord::Base.extend Dragonfly::Model::Validations
end

app/models/picture.rb

class Image < ActiveRecord::Base
  dragonfly_accessor :image do
    after_assign do |img|
      img.encode!('jpg', '-filter Lanczos -interlace Plane -quality 80') if img.image?
    end
  end

  validates :image, presence: true
end

While in development everything works as expected, example: When uploading file "roge%C2%A6u%CC%88rio Menezes.jpg" it becomes "[...]/2997bnok9i_rogeurio_menezes.jpg".

But in production (using s3 data store) becomes "[...]//roge¦ürio Menezes.jpg".

To get things working I did the following:

app/models/picture.rb

class Image < ActiveRecord::Base
  before_save :rename
  dragonfly_accessor :image do
    after_assign do |img|
      img.encode!('jpg', '-filter Lanczos -interlace Plane -quality 80') if img.image?
    end
  end

  validates :image, presence: true

  protected
    def rename()
      return unless self.image.present?
      path_obj = Pathname(self.image.name)
      self.image.name = path_obj.sub_ext('').to_s.downcase.strip.gsub(' ', '-').gsub(/[^\w-]/, '') + path_obj.extname
    end
end