Skip to content
This repository has been archived by the owner on Jul 13, 2023. It is now read-only.

Don't allow trailing newlines in various checks. #2266

Merged
merged 1 commit into from
Aug 17, 2016
Merged

Don't allow trailing newlines in various checks. #2266

merged 1 commit into from
Aug 17, 2016

Conversation

benpickles
Copy link
Contributor

@benpickles benpickles commented Jul 27, 2016
edited
Loading

There's a subtle difference between what \Z and \z consider the "end of string" which is that the uppercase version allows a single trailing newline:

/\Afoo\Z/.match("foo\n")
# => #<MatchData "foo">

/\Afoo\Z/.match("foo\n\n")
# => nil

/\Afoo\z/.match("foo\n")
# => nil

The current usage of \Z / \z in the project can be discovered with:

$ git grep -iI "\\\z"

I've left the Cucumber steps alone as changing them makes adding the has_attached_file line fail.

@benpickles
Don't allow trailing newlines in various checks.
2a9b18e 
There's a subtle difference between what `\Z` and `\z` consider the "end
of string" which is that the uppercase version allows a single trailing
newline:

```
/\Afoo\Z/.match("foo\n")

/\Afoo\Z/.match("foo\n\n")

/\Afoo\z/.match("foo\n")
```
houndci-bot
houndci-bot reviewed Jul 27, 2016
View reviewed changes
spec/paperclip/validators_spec.rb
@@ -31,8 +31,8 @@
before do
rebuild_class
Dummy.validates_attachment :avatar, file_type_ignorance: true, file_name: [
{ matches: /\A.*\.jpe?g\Z/i, message: :invalid_extension },
{ matches: /\A.{,8}\..+\Z/i, message: [:too_long, count: 8] },
{ matches: /\A.*\.jpe?g\z/i, message: :invalid_extension },
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use 2 spaces for indentation in an array, relative to the start of the line where the left square bracket is.

@tute
Copy link
Contributor

tute commented Jul 28, 2016

Thanks! Why do we not want to allow for the new line character? Can there be a situation in which the headers do come with that character, and we don't process them properly after this change?

@tute
Copy link
Contributor

tute commented Aug 16, 2016

ping @benpickles. Thanks!

@benpickles
Copy link
Contributor Author

Sorry! This totally slipped my mind.

Yes you're right that's where the risk lies in this pull request - though no tests fail and I haven't encountered any issues. I haven't exhaustively confirmed all the code paths that spit out mine types (in fact I haven't investigated any :p) but I think I'm right in saying that the change that could cause unexpected consequences is in the validation suggested to users in the README and not in the library itself - no wait, here's one.

Either way the rest of the changes are probably what was originally intended in that a subdomain or file path cannot include newlines - so this could prevent potentially difficult-to-debug user error (though I imagine nobody has ever encountered this!).

@tute tute merged commit f1ed066 into thoughtbot:master Aug 17, 2016
@tute
Copy link
Contributor

tute commented Aug 17, 2016

Thanks!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benpickles @tute @houndci-bot