Merge pull request #2126 from bdewater/v4.3

tute · tute · commit 18a427d1b86e · 2016-03-11T15:26:27.000-05:00
Backport fix for excessive logging from media type spoof detector
diff --git a/NEWS b/NEWS
@@ -1,3 +1,5 @@
+* Bug Fix: megabytes of mime-types info in logs when a spoofed media type is detected.
+
 4.3.5 (2/8/2016):
 * Bug Fix: Remove deprecation warnings for v5.0 for now. Will re-add once the version has landed.
 
diff --git a/lib/paperclip/media_type_spoof_detector.rb b/lib/paperclip/media_type_spoof_detector.rb
@@ -12,7 +12,7 @@ def initialize(file, name, content_type)
 
     def spoofed?
       if has_name? && has_extension? && media_type_mismatch? && mapping_override_mismatch?
-        Paperclip.log("Content Type Spoof: Filename #{File.basename(@name)} (#{supplied_content_type} from Headers, #{content_types_from_name} from Extension), content type discovered from file command: #{calculated_content_type}. See documentation to allow this combination.")
+        Paperclip.log("Content Type Spoof: Filename #{File.basename(@name)} (#{supplied_content_type} from Headers, #{content_types_from_name.map(&:to_s)} from Extension), content type discovered from file command: #{calculated_content_type}. See documentation to allow this combination.")
         true
       else
         false
diff --git a/spec/paperclip/media_type_spoof_detector_spec.rb b/spec/paperclip/media_type_spoof_detector_spec.rb
@@ -44,9 +44,18 @@
     end
   end
 
-  it "rejects a file if named .html and is as HTML, but we're told JPG" do
-    file = File.open(fixture_file("empty.html"))
-    assert Paperclip::MediaTypeSpoofDetector.using(file, "empty.html", "image/jpg").spoofed?
+  context "file named .html and is as HTML, but we're told JPG" do
+    let(:file) { File.open(fixture_file("empty.html")) }
+    let(:spoofed?) { Paperclip::MediaTypeSpoofDetector.using(file, "empty.html", "image/jpg").spoofed? }
+
+    it "rejects the file" do
+      assert spoofed?
+    end
+
+    it "logs info about the detected spoof" do
+      Paperclip.expects(:log).with('Content Type Spoof: Filename empty.html (image/jpg from Headers, ["text/html"] from Extension), content type discovered from file command: text/html. See documentation to allow this combination.')
+      spoofed?
+    end
   end
 
   it "does not reject if content_type is empty but otherwise checks out" do

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+* Bug Fix: megabytes of mime-types info in logs when a spoofed media type is detected.`
	`2`	`+`
`1`	`3`	`4.3.5 (2/8/2016):`
`2`	`4`	`* Bug Fix: Remove deprecation warnings for v5.0 for now. Will re-add once the version has landed.`
`3`	`5`