diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-09 15:06:13 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-09 15:06:13 +0300 |
commit | 0a850868dfb85086cba8320cee9dac4657dcae6c (patch) | |
tree | 40d17228fe23d9db7b861fe2a20d024d64c50323 /lib/gitlab/file_type_detection.rb | |
parent | 3744bcc0d10d24104e39985b6833a0ec51791c0a (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/file_type_detection.rb')
-rw-r--r-- | lib/gitlab/file_type_detection.rb | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/lib/gitlab/file_type_detection.rb b/lib/gitlab/file_type_detection.rb index 7137720f204..ca78d49f99b 100644 --- a/lib/gitlab/file_type_detection.rb +++ b/lib/gitlab/file_type_detection.rb @@ -26,11 +26,13 @@ module Gitlab # on IE >= 9. # http://archive.sublimevideo.info/20150912/docs.sublimevideo.net/troubleshooting.html SAFE_VIDEO_EXT = %w[mp4 m4v mov webm ogv].freeze + SAFE_AUDIO_EXT = %w[mp3 oga ogg spx wav].freeze # These extension types can contain dangerous code and should only be embedded inline with # proper filtering. They should always be tagged as "Content-Disposition: attachment", not "inline". DANGEROUS_IMAGE_EXT = %w[svg].freeze DANGEROUS_VIDEO_EXT = [].freeze # None, yet + DANGEROUS_AUDIO_EXT = [].freeze # None, yet def image? extension_match?(SAFE_IMAGE_EXT) @@ -40,8 +42,12 @@ module Gitlab extension_match?(SAFE_VIDEO_EXT) end - def image_or_video? - image? || video? + def audio? + extension_match?(SAFE_AUDIO_EXT) + end + + def embeddable? + image? || video? || audio? end def dangerous_image? @@ -52,8 +58,12 @@ module Gitlab extension_match?(DANGEROUS_VIDEO_EXT) end - def dangerous_image_or_video? - dangerous_image? || dangerous_video? + def dangerous_audio? + extension_match?(DANGEROUS_AUDIO_EXT) + end + + def dangerous_embeddable? + dangerous_image? || dangerous_video? || dangerous_audio? end private |