github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-03 19:39:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: force IM decoder based on file extension - part 2

Browse Source
This commit is contained in:
Régis Hanol
2018-07-25 23:08:02 +02:00
parent 4bf3bf6786
commit 800c57c6ab
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/optimized_image.rb
View File

@ -123,7 +123,7 @@ class OptimizedImage < ActiveRecord::Base
def self.prepend_decoder!(path)
extension = File.extname(path)[1..-1]
raise Discourse::InvalidAccess unless extension[IM_DECODERS]
"#{extension}:#{path}"
path = "#{extension}:#{path}"
end
def self.thumbnail_or_resize