From bf81c96b79cc80bc4ffb08714a3d3f92e68e254a 2016-05-04 18:05:54 From: Jean-Philippe Lang Date: 2016-05-04 18:05:54 Subject: [PATCH] Make sure we only invoke Imagemagick if this is actually an image (#22721). git-svn-id: http://svn.redmine.org/redmine/trunk@15362 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/Gemfile b/Gemfile index b540802..f359e55 100644 --- a/Gemfile +++ b/Gemfile @@ -14,6 +14,7 @@ gem "protected_attributes" gem "actionpack-action_caching" gem "actionpack-xml_parser" gem "roadie-rails" +gem "mimemagic" # Request at least nokogiri 1.6.7.2 because of security advisories gem "nokogiri", ">= 1.6.7.2" diff --git a/lib/redmine/thumbnail.rb b/lib/redmine/thumbnail.rb index 61e113d..9321c7b 100644 --- a/lib/redmine/thumbnail.rb +++ b/lib/redmine/thumbnail.rb @@ -16,6 +16,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. require 'fileutils' +require 'mimemagic' module Redmine module Thumbnail @@ -27,6 +28,10 @@ module Redmine def self.generate(source, target, size) return nil unless convert_available? unless File.exists?(target) + # Make sure we only invoke Imagemagick if this is actually an image + unless File.open(source) {|f| MimeMagic.by_magic(f).try(:image?)} + return nil + end directory = File.dirname(target) unless File.exists?(directory) FileUtils.mkdir_p directory