FIX: ensure we remove tempfiles from disk when creating an upload

FIX: ensure we remove tempfiles from disk when creating an upload

Follow-up to 46d12c5ad3e8116bdc8e1662e55a4e63ed32dfb9

diff --git a/lib/upload_creator.rb b/lib/upload_creator.rb
index 632d7a7..0a0c8d4 100644
--- a/lib/upload_creator.rb
+++ b/lib/upload_creator.rb
@@ -143,7 +143,9 @@ class UploadCreator
       @upload
     end
   ensure
-    @file&.close
+    if @file
+      @file.respond_to?(:close!) ? @file.close! : @file.close
+    end
   end
 
   def extract_image_info!
@@ -197,11 +199,11 @@ class UploadCreator
     keep_jpeg &&= (filesize - new_size) > MIN_CONVERT_TO_JPEG_BYTES_SAVED
 
     if keep_jpeg
-      @file.close
+      @file.respond_to?(:close!) ? @file.close! : @file.close
       @file = jpeg_tempfile
       extract_image_info!
     else
-      jpeg_tempfile&.close
+      jpeg_tempfile.close!
     end
   end
 
@@ -230,16 +232,21 @@ class UploadCreator
       original_size = filesize
       down_tempfile = Tempfile.new(["down", ".#{@image_info.type}"])
 
+      from = @file.path
+      to = down_tempfile.path
+
+      OptimizedImage.ensure_safe_paths!(from, to)
+
       OptimizedImage.downsize(
-        @file.path,
-        down_tempfile.path,
+        from,
+        to,
         "50%",
         filename: @filename,
         allow_animation: allow_animation,
         raise_on_error: true
       )
 
-      @file.close
+      @file.respond_to?(:close!) ? @file.close! : @file.close
       @file = down_tempfile
 
       extract_image_info!

GitHub sha: 9a81cb9e

1 Like