Class: Decidim::ImageUploader

Inherits:
ApplicationUploader show all
Defined in:
decidim-core/app/uploaders/decidim/image_uploader.rb

Overview

This class deals with uploading hero images to ParticipatoryProcesses.

Instance Method Summary collapse

Methods inherited from ApplicationUploader

#downloader, #manipulate!, #provider, #store_dir

Instance Method Details

#content_type_allowlistObject

CarrierWave automatically calls this method and validates the content type fo the temp file to match against any of these options.


11
12
13
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 11

def content_type_allowlist
  extension_allowlist.map { |ext| "image/#{ext}" }
end

#dimensions_infoObject

Fetches info about different versions, their processors and dimensions


24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 24

def dimensions_info
  if versions.any?
    versions.transform_values do |info|
      {
        processor: info.processors[0][0],
        dimensions: info.processors[0][1]
      }
    end
  else
    processors.map do |info|
      [:default, { processor: info[0], dimensions: info[1] }]
    end.to_h
  end
end

#extension_allowlistObject

Add a white list of extensions which are allowed to be uploaded. For images you might use something like this:


41
42
43
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 41

def extension_allowlist
  Decidim.organization_settings(model).upload_allowed_file_extensions_image
end

#max_image_height_or_widthObject


63
64
65
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 63

def max_image_height_or_width
  3840
end

#stripObject

Strips out all embedded information from the image


16
17
18
19
20
21
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 16

def strip
  manipulate! do |img|
    img.strip
    img
  end
end

#validate_dimensionsObject

A simple check to avoid DoS with maliciously crafted images, or just to avoid reckless users that upload gigapixels images.

See hackerone.com/reports/390


49
50
51
52
53
54
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 49

def validate_dimensions
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
    image
  end
end

#validate_sizeObject


56
57
58
59
60
61
# File 'decidim-core/app/uploaders/decidim/image_uploader.rb', line 56

def validate_size
  manipulate! do |image|
    validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > maximum_upload_size
    image
  end
end