enforce maximum dimensions on uploaded images

anamba · anamba · commit f25ecb5f3e0c · 2017-08-02T06:16:17.000Z
diff --git a/app/controllers/management/cms_controller.rb b/app/controllers/management/cms_controller.rb
@@ -691,7 +691,14 @@ def receive_image
     data = params[:file][:data]
     original_filename = data.original_filename.strip.gsub(/[\?\s\/\:\\]+/, '-').gsub(/^-/, '').gsub(/-$/, '')
     localfile = File.join(target_dir, original_filename)
-    FileUtils.cp(data.tempfile, localfile)
+    
+    im = MiniMagick::Image.open(data.path())
+    if im['dimensions'][0] > CmsImageMaxWidth || im['dimensions'][1] > CmsImageMaxHeight
+      im.resize "#{CmsImageMaxWidth}x#{CmsImageMaxHeight}"
+      im.write(localfile)
+    else
+      FileUtils.cp(data.path(), localfile)
+    end
     
     finish_upload_status "'#{File.basename(localfile)}'"
   end
@@ -715,7 +722,7 @@ def crop_image
     testfile = File.join(target_dir, File.basename(localfile, File.extname(localfile))) + '-croptest' + File.extname(localfile)
     
     # make a smaller version to help with cropping
-    im = MiniMagick::Image.from_file(localfile)
+    im = MiniMagick::Image.open(localfile)
     im.resize "500x400>"
     im.write(testfile)
     File.chmod(0644, testfile)
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
@@ -14,6 +14,9 @@
 UseCmsAccessLevels = false unless defined? UseCmsAccessLevels
 EnableAssetTimestamping = true unless defined? EnableAssetTimestamping
 
+CmsImageMaxWidth = 2500 unless defined? CmsImageMaxWidth
+CmsImageMaxHeight = 2500 unless defined? CmsImageMaxHeight
+
 # CMS gallery setup
 GalleryMaxWidth = 586 unless defined? GalleryMaxWidth
 GalleryMaxHeight = 400 unless defined? GalleryMaxHeight
