Browse files


  • Loading branch information...
Jon Yurek
Jon Yurek committed Jan 31, 2014
1 parent c132f6c commit 312126a0a6825dcd24d736e68c08c95d74ed9458
Showing with 43 additions and 1 deletion.
  1. +8 −0 NEWS
  2. +34 −0
  3. +1 −1 lib/paperclip/version.rb
@@ -1,3 +1,11 @@
+New in 4.0.0:
+* Security: Attachments are checked to make sure they're not pulling a fast one.
+* Security: It is now *enforced* that every attachment has a file/mime validation.
+* Bug Fix: Removed a call to IOAdapter#close that was causing issues.
+* Improvement: Added bullets to the 3.5.3 list of changes. Very important.
+* Improcement: Updated the copyright to 2014
New in 3.5.3:
* Improvement: After three long, hard years... we know how to upgrade
@@ -104,6 +104,7 @@ Quick Start
class User < ActiveRecord::Base
attr_accessible :avatar
has_attached_file :avatar, :styles => { :medium => "300x300>", :thumb => "100x100>" }, :default_url => "/images/:style/missing.png"
+ validates_attachment_content_type :avatar, :content_type => /\Aimage\/.*\Z/
@@ -112,6 +113,7 @@ end
class User < ActiveRecord::Base
has_attached_file :avatar, :styles => { :medium => "300x300>", :thumb => "100x100>" }, :default_url => "/images/:style/missing.png"
+ validates_attachment_content_type :avatar, :content_type => /\Aimage\/.*\Z/
@@ -302,6 +304,38 @@ validates_attachment :avatar,
`Paperclip::ContentTypeDetector` will attempt to match a file's extension to an
inferred content_type, regardless of the actual contents of the file.
+Security Validations
+NOTE: Starting at version 4.0.0, all attachments are *required* to include a
+content_type validation, a file_name validation, or to explicitly state that
+they're not going to have either. *Paperclip will raise an error* if you do not
+do this.
+class ActiveRecord::Base
+ has_attached_file :avatar
+# Validate content type
+ validates_attachment_content_type :avatar, :content_type => /\Aimage/
+# Validate filename
+ validates_attachment_file_name :avatar, :matches => [/png\Z/, /jpe?g\Z/]
+# Explicitly do not validate
+ do_not_validate_attachment_file_type :avatar
+This keeps Paperclip secure-by-default, and will prevent people trying to mess
+with your filesystem.
+NOTE: Also starting at version 4.0.0, Paperclip has another validation that
+cannot be turned off. This validation will prevent content type spoofing. That
+is, uploading, say, a PHP document as part of the EXIF tags of a well-formed
+JPEG. This check is limited to the media type (the first part of the MIME type,
+so, 'text' in 'text/plain'). This will prevent HTML documents from being
+uploaded as JPEGs, but will not prevent GIFs from being uploaded with a .jpg
+extension. This validation will only add validation errors to the form. It will
+not cause Errors to be raised.
Global defaults for all your paperclip attachments can be defined by changing the Paperclip::Attachment.default_options Hash, this can be useful for setting your default storage settings per example so you won't have to define them in every has_attached_file definition.
@@ -1,3 +1,3 @@
module Paperclip
- VERSION = "3.5.3" unless defined? Paperclip::VERSION
+ VERSION = "4.0.0" unless defined? Paperclip::VERSION

0 comments on commit 312126a

Please sign in to comment.