diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-18 14:11:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-18 14:11:44 +0300 |
commit | 25989ab7ef1a444ed2abd5479f176d58e1d9462a (patch) | |
tree | 271bb24f3c7178f320cb9de0be0833a285327d09 /lib/uploaded_file.rb | |
parent | 9bbb32b29703f3ce33dd35d5101145774b793a6d (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/uploaded_file.rb')
-rw-r--r-- | lib/uploaded_file.rb | 54 |
1 files changed, 36 insertions, 18 deletions
diff --git a/lib/uploaded_file.rb b/lib/uploaded_file.rb index aae542f02ac..424db653fb8 100644 --- a/lib/uploaded_file.rb +++ b/lib/uploaded_file.rb @@ -6,6 +6,7 @@ require "fileutils" class UploadedFile InvalidPathError = Class.new(StandardError) + UnknownSizeError = Class.new(StandardError) # The filename, *not* including the path, of the "uploaded" file attr_reader :original_filename @@ -18,37 +19,50 @@ class UploadedFile attr_reader :remote_id attr_reader :sha256 - - def initialize(path, filename: nil, content_type: "application/octet-stream", sha256: nil, remote_id: nil) - raise InvalidPathError, "#{path} file does not exist" unless ::File.exist?(path) + attr_reader :size + + def initialize(path, filename: nil, content_type: "application/octet-stream", sha256: nil, remote_id: nil, size: nil) + if path.present? + raise InvalidPathError, "#{path} file does not exist" unless ::File.exist?(path) + + @tempfile = File.new(path, 'rb') + @size = @tempfile.size + else + begin + @size = Integer(size) + rescue ArgumentError, TypeError + raise UnknownSizeError, 'Unable to determine file size' + end + end @content_type = content_type - @original_filename = sanitize_filename(filename || path) + @original_filename = sanitize_filename(filename || path || '') @content_type = content_type @sha256 = sha256 @remote_id = remote_id - @tempfile = File.new(path, 'rb') end def self.from_params(params, field, upload_paths) - unless params["#{field}.path"] - raise InvalidPathError, "file is invalid" if params["#{field}.remote_id"] - - return - end - - file_path = File.realpath(params["#{field}.path"]) - - paths = Array(upload_paths) << Dir.tmpdir - unless self.allowed_path?(file_path, paths.compact) - raise InvalidPathError, "insecure path used '#{file_path}'" + path = params["#{field}.path"] + remote_id = params["#{field}.remote_id"] + return if path.blank? && remote_id.blank? + + file_path = nil + if path + file_path = File.realpath(path) + + paths = Array(upload_paths) << Dir.tmpdir + unless self.allowed_path?(file_path, paths.compact) + raise InvalidPathError, "insecure path used '#{file_path}'" + end end UploadedFile.new(file_path, filename: params["#{field}.name"], content_type: params["#{field}.type"] || 'application/octet-stream', sha256: params["#{field}.sha256"], - remote_id: params["#{field}.remote_id"]) + remote_id: remote_id, + size: params["#{field}.size"]) end def self.allowed_path?(file_path, paths) @@ -68,7 +82,11 @@ class UploadedFile end def path - @tempfile.path + @tempfile&.path + end + + def close + @tempfile&.close end alias_method :local_path, :path |