scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-03 20:48:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: handle active storage preview error for password protected pdfs (#11888)

Browse Source 
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
This commit is contained in:
Vishnu Narayanan
2025-08-11 12:41:37 +05:30
committed by GitHub
parent f3bc2476fc
commit 6cab741392
4 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/slack_uploads_controller.rb
View File

@@ -17,7 +17,12 @@ class SlackUploadsController < ApplicationController
end end
def blob_url def blob_url
url_for(@blob.representation(resize_to_fill: [250, nil])) # Only generate representations for images
if @blob.content_type.start_with?('image/')
url_for(@blob.representation(resize_to_fill: [250, nil]))
else
url_for(@blob)
end
end end
def avatar_url def avatar_url

8
app/models/attachment.rb
View File

@@ -60,11 +60,9 @@ class Attachment < ApplicationRecord
end end
def thumb_url def thumb_url
if file.attached? && file.representable? return '' unless file.attached? && image?
url_for(file.representation(resize_to_fill: [250, nil]))
else url_for(file.representation(resize_to_fill: [250, nil]))
''
end
end end
def with_attached_file? def with_attached_file?

3
config/application.rb
View File

@@ -61,6 +61,9 @@ module Chatwoot
# https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 # https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
# FIX ME : fixes breakage of installation config. we need to migrate. # FIX ME : fixes breakage of installation config. we need to migrate.
config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess] config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess]
# Disable PDF/video preview generation as we don't use them
config.active_storage.previewers = []
end end
def self.config def self.config

16
spec/models/attachment_spec.rb
View File

@@ -68,6 +68,22 @@ RSpec.describe Attachment do
end end
end end
describe 'thumb_url' do
it 'returns empty string for non-image attachments' do
attachment = message.attachments.new(account_id: message.account_id, file_type: :file)
attachment.file.attach(io: StringIO.new('fake pdf'), filename: 'test.pdf', content_type: 'application/pdf')
expect(attachment.thumb_url).to eq('')
end
it 'generates thumb_url for image attachments' do
attachment = message.attachments.create!(account_id: message.account_id, file_type: :image)
attachment.file.attach(io: StringIO.new('fake image'), filename: 'test.jpg', content_type: 'image/jpeg')
expect(attachment.thumb_url).to be_present
end
end
describe 'meta data handling' do describe 'meta data handling' do
let(:message) { create(:message) } let(:message) { create(:message) }