diff --git a/app/controllers/avatar_controller.rb b/app/controllers/avatar_controller.rb index afd206c92..a7c0e7b95 100644 --- a/app/controllers/avatar_controller.rb +++ b/app/controllers/avatar_controller.rb @@ -24,6 +24,7 @@ class AvatarController < ApplicationController else @image_file=params[:filename] end + @temp_file = StringIO.new(@temp_file) end end end @@ -32,7 +33,7 @@ class AvatarController < ApplicationController if @temp_file.size > Setting.upload_avatar_max_size.to_i @status = 1 @msg = l(:error_upload_avatar_to_large, :max_size => number_to_human_size(Setting.upload_avatar_max_size.to_i)) - elsif Trustie::Utils::Image.new(@temp_file.tempfile.path).image? + elsif Trustie::Utils::Image.new(@temp_file).image? diskfile=disk_filename(@source_type,@source_id) @urlfile='/' << File.join("images","avatars",avatar_directory(@source_type),avatar_filename(@source_id,@image_file)) @@ -50,6 +51,7 @@ class AvatarController < ApplicationController md5 = Digest::MD5.new File.open(diskfile, "wb") do |f| if @temp_file.respond_to?(:read) + @temp_file.rewind buffer = "" while (buffer = @temp_file.read(8192)) f.write(buffer) diff --git a/app/controllers/zipdown_controller.rb b/app/controllers/zipdown_controller.rb index 06d69f72e..d9b900833 100644 --- a/app/controllers/zipdown_controller.rb +++ b/app/controllers/zipdown_controller.rb @@ -9,10 +9,14 @@ class ZipdownController < ApplicationController #统一下载功能 def download - begin - send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => params[:filename], :type => detect_content_type(params[:file]) - rescue => e - render file: 'public/no_file_found.html' + if User.current.logged? + begin + send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => params[:filename], :type => detect_content_type(params[:file]) + rescue => e + render file: 'public/no_file_found.html' + end + else + render_403 end end diff --git a/db/schema.rb b/db/schema.rb index e3828b0be..83599c087 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -659,6 +659,16 @@ ActiveRecord::Schema.define(:version => 20150514133640) do add_index "journal_details", ["journal_id"], :name => "journal_details_journal_id" + create_table "journal_details_copy", :force => true do |t| + t.integer "journal_id", :default => 0, :null => false + t.string "property", :limit => 30, :default => "", :null => false + t.string "prop_key", :limit => 30, :default => "", :null => false + t.text "old_value" + t.text "value" + end + + add_index "journal_details_copy", ["journal_id"], :name => "journal_details_journal_id" + create_table "journal_replies", :id => false, :force => true do |t| t.integer "journal_id" t.integer "user_id" diff --git a/lib/trustie/utils/image.rb b/lib/trustie/utils/image.rb index f4ec328b3..7e23e7b66 100644 --- a/lib/trustie/utils/image.rb +++ b/lib/trustie/utils/image.rb @@ -17,21 +17,20 @@ module Trustie end def jpeg?(data) - data[0,4]== 0xff.chr + 0xd8.chr + 0xff.chr + 0xe0.chr + data[0,3]== 0xff.chr + 0xd8.chr + 0xff.chr end def png?(data) data[0,2]==0x89.chr + 80.chr end def image? - begin - f = File.open(@file,'rb') # rb means to read using binary - return false if f.size < 9 - data = f.read(9) # magic numbers are up to 9 bytes - return bitmap?(data) || gif?(data) || jpeg?(data) || png?(data) - ensure - f.close + data = '' + if @file.respond_to?(:read) + data = @file.read(9) + @file.rewind end + return false if data.size < 9 + bitmap?(data) || gif?(data) || jpeg?(data) || png?(data) end def compress(size=300) diff --git a/spec/requests/avatar_request_spec.rb b/spec/requests/avatar_request_spec.rb new file mode 100644 index 000000000..da80e38bf --- /dev/null +++ b/spec/requests/avatar_request_spec.rb @@ -0,0 +1,15 @@ +require 'rails_helper' + +RSpec.describe "avatar request", type: :request do + describe "上传头像" do + let(:user){FactoryGirl.create(:user)} + + it "参数正确,可以成功上传头像" do + data = File.open("#{Rails.root}/spec/fixtures/test.jpg").read + binding.pry + post upload_avatar_path(source_type: 'User', source_id: user.id, filename: 'test.jpg') + expect(response).to have_http_status(:success) + expect(response.body).to include(/\/images\/avatars\/User\//) + end + end +end