From 470ba694035f77d41603d2e8c791449cb181b7d9 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sat, 22 Jul 2017 09:38:16 -0500
Subject: [PATCH] Don't need to validate transformations actually

Since they're only ever generated in signed form. Users never have direct access to dictate transformations.
---
 lib/active_storage/variation.rb | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/lib/active_storage/variation.rb b/lib/active_storage/variation.rb
index 7656d73469..f7c81bb99a 100644
--- a/lib/active_storage/variation.rb
+++ b/lib/active_storage/variation.rb
@@ -4,11 +4,6 @@
 class ActiveStorage::Variation
   class_attribute :verifier
 
-  ALLOWED_TRANSFORMATIONS = %i(
-    resize rotate format flip fill monochrome orient quality roll scale sharpen shave shear size thumbnail
-    transparent transpose transverse trim background bordercolor compress crop
-  )
-
   attr_reader :transformations
 
   class << self
@@ -27,8 +22,6 @@ def initialize(transformations)
 
   def transform(image)
     transformations.each do |(method, argument)|
-      next unless eligible_transformation?(method)
-
       if eligible_argument?(argument)
         image.public_send(method, argument)
       else
@@ -42,11 +35,6 @@ def key
   end
 
   private
-    def eligible_transformation?(method)
-      method.to_sym.in?(ALLOWED_TRANSFORMATIONS)
-    end
-
-    # FIXME: Consider whitelisting allowed arguments as well?
     def eligible_argument?(argument)
       argument.present? && argument != true
     end
-- 
GitLab