From e2e0e23763f81a5074b438e5819196e5e6c25ac1 Mon Sep 17 00:00:00 2001 From: Robert Haines Date: Sat, 22 Jan 2022 07:34:00 +0000 Subject: [PATCH] Remove `File::add_buffer` from the API. Its functionality is now replicated in `File::open_buffer` but in a more secure way. --- lib/zip/file.rb | 12 ++---------- test/file_test.rb | 2 +- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/lib/zip/file.rb b/lib/zip/file.rb index 1aa3457..d080d6d 100644 --- a/lib/zip/file.rb +++ b/lib/zip/file.rb @@ -126,19 +126,11 @@ module Zip end end - # Same as #open. But outputs data to a buffer instead of a file - def add_buffer - io = ::StringIO.new - zf = ::Zip::File.new(io, create: true, buffer: true) - yield zf - zf.write_buffer(io) - end - # Like #open, but reads zip archive contents from a String or open IO # stream, and outputs data to a buffer. # (This can be used to extract data from a # downloaded zip archive without first saving it to disk.) - def open_buffer(io, **options) + def open_buffer(io = ::StringIO.new, create: false, **options) unless IO_METHODS.map { |method| io.respond_to?(method) }.all? || io.kind_of?(String) raise 'Zip::File.open_buffer expects a String or IO-like argument' \ "(responds to #{IO_METHODS.join(', ')}). Found: #{io.class}" @@ -149,7 +141,7 @@ module Zip # https://github.com/rubyzip/rubyzip/issues/119 io.binmode if io.respond_to?(:binmode) - zf = ::Zip::File.new(io, create: true, buffer: true, **options) + zf = ::Zip::File.new(io, create: create, buffer: true, **options) return zf unless block_given? yield zf diff --git a/test/file_test.rb b/test/file_test.rb index 6476e79..c8be3db 100644 --- a/test/file_test.rb +++ b/test/file_test.rb @@ -16,7 +16,7 @@ class ZipFileTest < MiniTest::Test def test_create_from_scratch_to_buffer comment = 'a short comment' - buffer = ::Zip::File.add_buffer do |zf| + buffer = ::Zip::File.open_buffer(create: true) do |zf| zf.get_output_stream('myFile') { |os| os.write 'myFile contains just this' } zf.mkdir('dir1') zf.comment = comment