Paperclip 4.0 and non deactivatable MediaType Spoofing

Paperclip 4 has an enhancement to detect MediaType Spoofing.

I’m with them, security is good and it’s better something like this is integrated.

But it was a change that you cannot turn off and when it does not work, you’ve got to live with it.

In my case:

  • Tests started failing, even when type was correctly set
  • The command that was executed did not work / was not found (did not look deeper into it)
  • SWFUpload and Paperclip and Spoofing Detection did not seem to work together.

So till it can be officially turned off (found an issue where it seems they want to integrate this) i came up with this as an solution:


module SpoofingFix
  def self.included(base)
    base.send :alias_method, :original_spoofed?, :spoofed?
    base.send :alias_method, :spoofed?, :fixed_spoofed?
  end

  def fixed_spoofed?
    false
  end

end

Paperclip::MediaTypeSpoofDetector.send :include, SpoofingFix

We just say it is always unspoofed and so we can work like before 😉

Print Friendly, PDF & Email

Leave a Reply

Time limit is exhausted. Please reload CAPTCHA.