diff options
Diffstat (limited to 'lib/uploaded_file.rb')
-rw-r--r-- | lib/uploaded_file.rb | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/lib/uploaded_file.rb b/lib/uploaded_file.rb index aae542f02ac..cfd866f97ab 100644 --- a/lib/uploaded_file.rb +++ b/lib/uploaded_file.rb @@ -18,16 +18,23 @@ class UploadedFile attr_reader :remote_id attr_reader :sha256 + attr_reader :size - def initialize(path, filename: nil, content_type: "application/octet-stream", sha256: nil, remote_id: nil) - raise InvalidPathError, "#{path} file does not exist" unless ::File.exist?(path) + def initialize(path, filename: nil, content_type: "application/octet-stream", sha256: nil, remote_id: nil, size: nil) + if remote_id.blank? + raise InvalidPathError, "#{path} file does not exist" unless ::File.exist?(path) + + @tempfile = File.new(path, 'rb') + @size = @tempfile.size + else + @size = size + end @content_type = content_type @original_filename = sanitize_filename(filename || path) @content_type = content_type @sha256 = sha256 @remote_id = remote_id - @tempfile = File.new(path, 'rb') end def self.from_params(params, field, upload_paths) @@ -37,18 +44,25 @@ class UploadedFile return end - file_path = File.realpath(params["#{field}.path"]) + file_path = nil + + if params["#{field}.path"] + file_path = File.realpath(params["#{field}.path"]) - paths = Array(upload_paths) << Dir.tmpdir - unless self.allowed_path?(file_path, paths.compact) - raise InvalidPathError, "insecure path used '#{file_path}'" + paths = Array(upload_paths) << Dir.tmpdir + unless self.allowed_path?(file_path, paths.compact) + raise InvalidPathError, "insecure path used '#{file_path}'" + end + else + raise InvalidPathError, "file is invalid" if params["#{field}.remote_id"].blank? end UploadedFile.new(file_path, filename: params["#{field}.name"], content_type: params["#{field}.type"] || 'application/octet-stream', sha256: params["#{field}.sha256"], - remote_id: params["#{field}.remote_id"]) + remote_id: params["#{field}.remote_id"], + size: params["#{field}.size"]) end def self.allowed_path?(file_path, paths) |