SECURITY: force IM decoder based on file extension - part 3

2025-05-22 22:43:33 +08:00 · 2018-07-25 23:55:06 +02:00
parent 800c57c6ab
commit f94aeaf6cf
2 changed files with 10 additions and 10 deletions
--- a/lib/upload_creator.rb
+++ b/lib/upload_creator.rb
@ -140,8 +140,8 @@ class UploadCreator

    OptimizedImage.ensure_safe_paths!(from, to)

-    OptimizedImage.prepend_decoder!(from)
-    OptimizedImage.prepend_decoder!(to)
+    from = OptimizedImage.prepend_decoder!(from)
+    to = OptimizedImage.prepend_decoder!(to)

    begin
      execute_convert(from, to)
@ -220,7 +220,7 @@ class UploadCreator
    path = @file.path

    OptimizedImage.ensure_safe_paths!(path)
-    OptimizedImage.prepend_decoder!(path)
+    path = OptimizedImage.prepend_decoder!(path)

    Discourse::Utils.execute_command('convert', path, '-auto-orient', path)