pulibrary / orangelight / 00dbc10b-d747-4ad7-b211-7b26d753abbb

coverage: 0.483% (-94.9%) from 95.343%
00dbc10b-d747-4ad7-b211-7b26d753abbb

push

circleci

web-flow 
Merge pull request #5181 from pulibrary/dependabot/bundler/activestorage-7.2.2.2

Bump activestorage from 7.2.2.1 to 7.2.2.2

47 of 9721 relevant lines covered (0.48%)

0.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/lib/orangelight/middleware/no_file_uploads.rb
1 
# frozen_string_literal: true
2 
module Orangelight
×
3 
  module Middleware
×
4 
    # This class is responsible for ensuring that users cannot upload temporary files
5 
    # to the server as part of a multipart/form-data request.
6 
    #
7 
    # While these uploaded files are deleted immediately as part of the request cycle
8 
    # and are not placed in a directory where they can do much harm, they can still
9 
    # trip OIT's malicious files sensors and then they take the server off the network.
10 
    #
11 
    # Since we have no need for these files, we reject them.
12 
    class NoFileUploads
×
13 
      def initialize(app)
×
14 
        @app = app
×
15 
      end
×
16 









17



      def call(env)




×







18



        env['rack.multipart.tempfile_factory'] = lambda { |_filename, _content_type|




×







19



          raise 'Sorry, the catalog does not support file uploads'




×







20



        }




×







21



        app.call env




×







22



      end




×







23












24



        private




×







25












26



          attr_reader :app




×







27



    end




×







28



  end




×







29



end




×





















    

  • 

    •