From 2b67a0fa8035221e3a77ad78bbc1b032b7ecf058 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Bellet Date: Wed, 20 Jul 2022 17:26:44 +0200 Subject: [PATCH] Specify a list of content-types Then remove specific image format that aren't handled by a web browser (such as `image/x+xcf)` + List allowed image formats for enterprises and groups --- app/models/enterprise.rb | 4 ++-- app/models/enterprise_group.rb | 4 ++-- app/models/spree/image.rb | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/models/enterprise.rb b/app/models/enterprise.rb index 461f08f919..2a991dbc68 100644 --- a/app/models/enterprise.rb +++ b/app/models/enterprise.rb @@ -84,8 +84,8 @@ class Enterprise < ApplicationRecord has_one_attached :promo_image has_one_attached :terms_and_conditions - validates :logo, content_type: %r{\Aimage/.*\Z} - validates :promo_image, content_type: %r{\Aimage/.*\Z} + validates :logo, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml)\Z} + validates :promo_image, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml)\Z} validates :terms_and_conditions, content_type: { in: "application/pdf", message: I18n.t(:enterprise_terms_and_conditions_type_error), diff --git a/app/models/enterprise_group.rb b/app/models/enterprise_group.rb index dcce2ab192..60d2516890 100644 --- a/app/models/enterprise_group.rb +++ b/app/models/enterprise_group.rb @@ -28,8 +28,8 @@ class EnterpriseGroup < ApplicationRecord has_one_attached :logo has_one_attached :promo_image - validates :logo, content_type: %r{\Aimage/.*\Z} - validates :promo_image, content_type: %r{\Aimage/.*\Z} + validates :logo, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml)\Z} + validates :promo_image, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml)\Z} scope :by_position, -> { order('position ASC') } scope :on_front_page, -> { where(on_front_page: true) } diff --git a/app/models/spree/image.rb b/app/models/spree/image.rb index 761fc62807..25eca61bf8 100644 --- a/app/models/spree/image.rb +++ b/app/models/spree/image.rb @@ -11,7 +11,7 @@ module Spree has_one_attached :attachment - validates :attachment, attached: true, content_type: %r{\Aimage/.*\Z} + validates :attachment, attached: true, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml)\Z} validate :no_attachment_errors def variant(name)