]> git.openstreetmap.org Git - rails.git/blobdiff - lib/gpx.rb
Validate URLs against supply-chain attacks
[rails.git] / lib / gpx.rb
index d0607233a2d7f4f108ce35f0b86122c71956a0c3..274ece7d9a3160e6eba8f194fcbe6eb7956bffbc 100644 (file)
@@ -22,7 +22,7 @@ module GPX
           elsif reader.name == "ele" && point
             point.altitude = reader.read_string.to_f
           elsif reader.name == "time" && point
-            point.timestamp = Time.parse(reader.read_string)
+            point.timestamp = Time.parse(reader.read_string).utc
           end
         when XML::Reader::TYPE_END_ELEMENT
           if reader.name == "trkpt" && point && point.valid?
@@ -44,13 +44,13 @@ module GPX
       @tracksegs = 0
 
       begin
-        Archive::Reader.open_filename(@file).each_entry_with_data do |_entry, data|
-          parse_file(XML::Reader.string(data), &block)
+        Archive::Reader.open_filename(@file).each_entry_with_data do |entry, data|
+          parse_file(XML::Reader.string(data), &block) if entry.regular?
         end
       rescue Archive::Error
         io = ::File.open(@file)
 
-        case MimeMagic.by_magic(io)&.type
+        case Marcel::MimeType.for(io)
         when "application/gzip" then io = Zlib::GzipReader.open(@file)
         when "application/x-bzip" then io = Bzip2::FFI::Reader.open(@file)
         end
@@ -121,7 +121,7 @@ module GPX
 
       output = StringIO.new
       image.export(output)
-      output.read
+      output
     end
 
     def icon(min_lat, min_lon, max_lat, max_lon)
@@ -161,7 +161,7 @@ module GPX
         end
       end
 
-      image.gif
+      StringIO.new(image.gif)
     end
   end