diff --git a/app/controllers/avatar_controller.rb b/app/controllers/avatar_controller.rb index b6efaef0c..a7c0e7b95 100644 --- a/app/controllers/avatar_controller.rb +++ b/app/controllers/avatar_controller.rb @@ -24,48 +24,58 @@ class AvatarController < ApplicationController else @image_file=params[:filename] end + @temp_file = StringIO.new(@temp_file) end end end if @temp_file && (@temp_file.size > 0) - diskfile=disk_filename(@source_type,@source_id) - @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file)) + if @temp_file.size > Setting.upload_avatar_max_size.to_i + @status = 1 + @msg = l(:error_upload_avatar_to_large, :max_size => number_to_human_size(Setting.upload_avatar_max_size.to_i)) + elsif Trustie::Utils::Image.new(@temp_file).image? + diskfile=disk_filename(@source_type,@source_id) + @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file)) - # 用户头像上传时进行特别处理 - if @source_type == 'User' - diskfile += "temp" - @urlfile += "temp" - end - - logger.info("Saving avatar '#{diskfile}' (#{@temp_file.size} bytes)") - path = File.dirname(diskfile) - unless File.directory?(path) - FileUtils.mkdir_p(path) - end - md5 = Digest::MD5.new - File.open(diskfile, "wb") do |f| - if @temp_file.respond_to?(:read) - buffer = "" - while (buffer = @temp_file.read(8192)) - f.write(buffer) - md5.update(buffer) - end - else - f.write(@temp_file) - md5.update(@temp_file) + # 用户头像上传时进行特别处理 + if @source_type == 'User' + diskfile += "temp" + @urlfile += "temp" end + + logger.info("Saving avatar '#{diskfile}' (#{@temp_file.size} bytes)") + path = File.dirname(diskfile) + unless File.directory?(path) + FileUtils.mkdir_p(path) + end + md5 = Digest::MD5.new + File.open(diskfile, "wb") do |f| + if @temp_file.respond_to?(:read) + @temp_file.rewind + buffer = "" + while (buffer = @temp_file.read(8192)) + f.write(buffer) + md5.update(buffer) + end + else + f.write(@temp_file) + md5.update(@temp_file) + end + end + + Trustie::Utils::Image.new(diskfile,true).compress(300) + @status = 0 + @msg = '' + else + @status = 2 + @msg = l(:not_valid_image_file) end -# self.digest = md5.hexdigest end @temp_file = nil - image = Trustie::Utils::Image.new(diskfile,true) - image.compress(300) - respond_to do |format| format.json{ - render :inline => "#{@urlfile.to_s}?#{Time.now.to_i}",:content_type => 'text/html' + render :inline => {status: @status, message:@msg, url:"#{@urlfile.to_s}?#{Time.now.to_i}"}.to_json,:content_type => 'text/html' return } format.js diff --git a/app/controllers/zipdown_controller.rb b/app/controllers/zipdown_controller.rb index 06d69f72e..d9b900833 100644 --- a/app/controllers/zipdown_controller.rb +++ b/app/controllers/zipdown_controller.rb @@ -9,10 +9,14 @@ class ZipdownController < ApplicationController #统一下载功能 def download - begin - send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => params[:filename], :type => detect_content_type(params[:file]) - rescue => e - render file: 'public/no_file_found.html' + if User.current.logged? + begin + send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => params[:filename], :type => detect_content_type(params[:file]) + rescue => e + render file: 'public/no_file_found.html' + end + else + render_403 end end diff --git a/lib/trustie/utils/image.rb b/lib/trustie/utils/image.rb index f4ec328b3..7e23e7b66 100644 --- a/lib/trustie/utils/image.rb +++ b/lib/trustie/utils/image.rb @@ -17,21 +17,20 @@ module Trustie end def jpeg?(data) - data[0,4]== 0xff.chr + 0xd8.chr + 0xff.chr + 0xe0.chr + data[0,3]== 0xff.chr + 0xd8.chr + 0xff.chr end def png?(data) data[0,2]==0x89.chr + 80.chr end def image? - begin - f = File.open(@file,'rb') # rb means to read using binary - return false if f.size < 9 - data = f.read(9) # magic numbers are up to 9 bytes - return bitmap?(data) || gif?(data) || jpeg?(data) || png?(data) - ensure - f.close + data = '' + if @file.respond_to?(:read) + data = @file.read(9) + @file.rewind end + return false if data.size < 9 + bitmap?(data) || gif?(data) || jpeg?(data) || png?(data) end def compress(size=300) diff --git a/spec/requests/avatar_request_spec.rb b/spec/requests/avatar_request_spec.rb new file mode 100644 index 000000000..da80e38bf --- /dev/null +++ b/spec/requests/avatar_request_spec.rb @@ -0,0 +1,15 @@ +require 'rails_helper' + +RSpec.describe "avatar request", type: :request do + describe "上传头像" do + let(:user){FactoryGirl.create(:user)} + + it "参数正确,可以成功上传头像" do + data = File.open("#{Rails.root}/spec/fixtures/test.jpg").read + binding.pry + post upload_avatar_path(source_type: 'User', source_id: user.id, filename: 'test.jpg') + expect(response).to have_http_status(:success) + expect(response.body).to include(/\/images\/avatars\/User\//) + end + end +end