replace the upload type whitelist with a sanitizer

2025-05-22 22:43:33 +08:00 · 2017-05-18 12:13:13 +02:00
parent 8e5b0c79ae
commit 13e489b4ca
4 changed files with 12 additions and 19 deletions
--- a/lib/upload_creator.rb
+++ b/lib/upload_creator.rb
@ -5,10 +5,12 @@ class UploadCreator

  TYPES_CONVERTED_TO_JPEG ||= %i{bmp png}

+  TYPES_TO_CROP ||= %w{avatar card_background custom_emoji profile_background}.each(&:freeze)
+
  WHITELISTED_SVG_ELEMENTS ||= %w{
    circle clippath defs ellipse g line linearGradient path polygon polyline
    radialGradient rect stop svg text textpath tref tspan use
-  }
+  }.each(&:freeze)

  # Available options
  #  - type (string)
@ -177,7 +179,7 @@ class UploadCreator
  end

  def should_crop?
-    Upload::CROPPED_TYPES.include?(@opts[:type])
+    TYPES_TO_CROP.include?(@opts[:type])
  end

  def crop!