before_action -> { doorkeeper_authorize! :write }
before_action :require_user!
+ include ObfuscateFilename
+ obfuscate_filename :file
+
respond_to :json
def create
- file = params[:file]
- # Change so Paperclip won't expose the actual filename
- file.original_filename = "media" + File.extname(file.original_filename)
- @media = MediaAttachment.create!(account: current_user.account, file: file)
+ @media = MediaAttachment.create!(account: current_user.account, file: params[:file])
rescue Paperclip::Errors::NotIdentifiedByImageMagickError
render json: { error: 'File type of uploaded media could not be verified' }, status: 422
rescue Paperclip::Error
before_action :authenticate_user!
before_action :set_account
+ include ObfuscateFilename
+ obfuscate_filename [:account, :avatar]
+ obfuscate_filename [:account, :header]
+
def show
end
private
def account_params
- p = params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
- if p[:avatar]
- avatar = p[:avatar]
- # Change so Paperclip won't expose the actual filename
- avatar.original_filename = "media" + File.extname(avatar.original_filename)
- end
- if p[:header]
- header = p[:header]
- # Change so Paperclip won't expose the actual filename
- header.original_filename = "media" + File.extname(header.original_filename)
- end
- p
+ params.require(:account).permit(:display_name, :note, :avatar, :header, :silenced)
end
def set_account
--- /dev/null
+module ObfuscateFilename
+ extend ActiveSupport::Concern
+
+ class_methods do
+ def obfuscate_filename(*args)
+ before_action { obfuscate_filename(*args) }
+ end
+ end
+
+ def obfuscate_filename(path)
+ file = params.dig(*path)
+ return if file.nil?
+
+ file.original_filename = "media" + File.extname(file.original_filename)
+ end
+end
cat aescling's git repositories / mastodon.git / commitdiff