I want to allow uploading (all possible) image files through a carrierwave uploader.
Unfortunately it's possible that dotfiles such as
.DS_STORE might get passed to the uploader. I tried adding an explicit whitelist to only allow image-formats that I know of, but that didn't help.
%w(jpg jpeg gif png)
Also tried running all the files through a regexp and only allow matches
This also did not work.
Adding a blacklist was no help either
%w(.ds_store .DS_STORE ds_store DS_STORE)
Here's my model
class LocalImage < ActiveRecord::Base
mount_uploader :image_file, ImageUploader
Here's the uploader in question
class ImageUploader < CarrierWave::Uploader::Base
I added the backlist/whitelist definitions and tested them all through (had the server restarted in between to ensure no caching issues). Also tested through the console but the model is always
valid and does not throw an error upon
path = "path_to_file/.DS_STORE"
File.exists?(path) # => true
local_image = LocalImage.new(image_file: File.open(path, 'rb'))
local_image.valid? # => true
local_image.save! # => true
LocalImage.create!(image_file: File.open(path, 'rb'))
# => <LocalImage id: 22325, code: nil, image_id: nil, image_file: ".DS_STORE", created_at: "2018-02-02 11:19:25", updated_at: "2018-02-02 11:19:25", import_filename: ".ds_store">
- Rails 4.2.0
- Carrierwave 0.10.0
- carrierwave_backgrounder 0.4.2
- mini_magick 4.4.0