FIX: XML files could be detected as SVG files

FIX: XML files could be detected as SVG files

diff --git a/lib/freedom_patches/fast_image.rb b/lib/freedom_patches/fast_image.rb
new file mode 100644
index 0000000..836791b
--- /dev/null
+++ b/lib/freedom_patches/fast_image.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# Remove when https://github.com/sdsykes/fastimage/pull/115
+# has been merged. Please remove the specs as well.
+class FastImage
+  attr_reader :original_type
+
+  private
+
+  old_parse_type = instance_method(:parse_type)
+
+  define_method(:parse_type) do
+    @original_type = old_parse_type.bind(self).()
+
+    if @original_type == :svg && @stream.peek(2) == "<s"
+      raise UnknownImageType if @stream.peek(4) != "<svg"
+    end
+
+    @original_type
+  end
+end
diff --git a/spec/components/freedom_patches/fast_image_spec.rb b/spec/components/freedom_patches/fast_image_spec.rb
new file mode 100644
index 0000000..f864323
--- /dev/null
+++ b/spec/components/freedom_patches/fast_image_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe FastImage do
+  let(:svg_file) do
+    StringIO.new(<<~SVG)
+      <svg width="100" height="100">
+        <circle cx="50" cy="50" r="40" stroke="green" stroke-width="4" fill="yellow" />
+      </svg>
+    SVG
+  end
+
+  let(:xml_file) do
+    StringIO.new(<<~XML)
+      <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+        <soap:Body>
+          <foo />
+        </soap:Body>
+      </soap:Envelope>
+    XML
+  end
+
+  it "correctly detects SVG" do
+    expect(FastImage.new(svg_file).type).to eq(:svg)
+  end
+
+  it "doesn't detect XML starting with <s as SVG" do
+    expect(FastImage.new(xml_file).type).to be_nil
+  end
+
+  it "still needs to be monkey patched" do
+    expect(FastImage.new(xml_file).original_type).to eq(:svg), <<~MESSAGE
+      The fast_image monkey patch isn't needed anymore.
+      Please remove the following files:
+        * lib/freedom_patches/fast_image.rb
+        * spec/components/freedom_patches/fast_image_spec.rb
+    MESSAGE
+  end
+end

GitHub sha: 69ee94b5

1 Like

This commit appears in #9882 which was approved by eviltrout. It was merged by gschlager.