From 4cc044087e420457f1e7f2a111f6b0931bef10f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janko=20Marohni=C4=87?= <janko.marohnic@gmail.com>
Date: Wed, 24 Jul 2024 18:48:04 +0200
Subject: [PATCH] Revert "Don't allow calling Kernel methods via loader/saver
 options"

It doesn't fully resolve the security vulnerability, and there is no
point in only partially resolving it.

See https://github.com/janko/image_processing/issues/100

This reverts commit aed5b80cd739eb3164c2f165ee1a9bdd392acc79.
---
 CHANGELOG.md                        |  2 --
 lib/image_processing/mini_magick.rb |  6 +++---
 test/mini_magick_test.rb            | 20 --------------------
 3 files changed, 3 insertions(+), 25 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84123c0..6443119 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,5 @@
 ## HEAD
 
-* [minimagick] Don't allow calling Kernel options via `loader`/`saver` options (@janko)
-
 * Add `#cover` that allows one to resize an image to cover a given width and height without cropping
   the excess. (@brendon)
 
diff --git a/lib/image_processing/mini_magick.rb b/lib/image_processing/mini_magick.rb
index 6d1e1a5..079f257 100644
--- a/lib/image_processing/mini_magick.rb
+++ b/lib/image_processing/mini_magick.rb
@@ -223,9 +223,9 @@ def disallow_split_layers!(destination_path)
         def apply_options(magick, define: {}, **options)
           options.each do |option, value|
             case value
-            when true, nil then magick.public_send(option)
-            when false     then magick.public_send(option).+
-            else                magick.public_send(option, *value)
+            when true, nil then magick.send(option)
+            when false     then magick.send(option).+
+            else                magick.send(option, *value)
             end
           end
 
diff --git a/test/mini_magick_test.rb b/test/mini_magick_test.rb
index 6d82bf3..3af93c4 100644
--- a/test/mini_magick_test.rb
+++ b/test/mini_magick_test.rb
@@ -174,26 +174,6 @@
     assert_dimensions [600, 800], result
   end
 
-  it "doesn't allow calling Kernel methods via loader/saver options" do
-    error = assert_raises(MiniMagick::Error) do
-      ImageProcessing::MiniMagick
-        .source(@portrait)
-        .loader(system: "touch test/malicious.txt")
-        .call
-    end
-
-    assert_match "unrecognized option `-system'", error.message
-
-    error = assert_raises(MiniMagick::Error) do
-      ImageProcessing::MiniMagick
-        .source(@portrait)
-        .saver(system: "touch test/malicious.txt")
-        .call
-    end
-
-    assert_match "unrecognized option `-system'", error.message
-  end
-
   describe ".valid_image?" do
     it "returns true for correct images" do
       assert ImageProcessing::MiniMagick.valid_image?(@portrait)