I don't think it's really necessary, because I can't think of a case
where the application would...

Later we may want to mix in the filenames to UIDs if it proves
necessary, so better to not have ...

Amazon S3 supports multiple deletes in a single HTTP request, so caring
about performance as we ...

The contract is that Storage#open needs to return a valid IO object,
which means it will respond...

S3 for example will by default always set application/octet-stream
Content-Type header. However,...

We also yield the record and the attachment name in the Shrine.validate
block, so that users can...

I was trying to make the plugin, but I was getting errors, and the
internals of Reform were so c...

"Endpoint" is too generic, from the name of the plugin you can't tell
what it does, just that it...

Currently mime type would be saved on processed files (because Tempfiles
don't respond to #conte...

"Content type" referes to the "Content-Type" header, which is whatever
the browser sends in head...

We might later support retries deletions, so we want to keep the name of
the plugin generic enough.

Cached files are now automatically deleted when promoted, and keep_files
plugin receives a new :...

* Fixed parallelize to work with moving

* Fixed logging to not make Shrine#store private (it's ...

I like the minitest/test style assertions, but I really need the
grouping so that I can organize...

Users should make two separate uploaders for models and for forms,
because they will probably wa...

* `#cache` and `#store` accessors aren't necessary, they aren't special
to Shrine itself, but ...

We want to communicate to the users that content type detection provided
by base is not the real...

When your file is cached, attacker can change the metadata in the hidden
field. If a user loads ...

It's causing too many problems, we always have to check if a Hash is a
Rack File or versions, an...

FastImage is the only gem that handles image bombs (a lot of pixels
compressed into small filesi...

When uploading to cache, the URL can easily be deducted from the ID
client side. They're a littl...

ActiveSupport (which is loaded when requiring ActiveRecord) breaks the
recursive #to_json that i...

If the column returns an empty string, it should be interpreted as nil.

We put it outside so that it isn't saved. But then even if you're not
using :return_url you woul...

We also put replacing in `after_save`, because this is when no errors
should happen, and it's al...

It was meant for less copying during processing, but it's never a good
idea to modify the cached...

This Ruby standard library makes dealing with paths much more concise
(no need to call everythin...

Before versions and multiple_files could interfere with logging,
depending if they're loaded bef...

This doesn't actually contain any background deleting logic, but it
can't know which library you...

It shouldn't be in the core, because it isn't particularly useful. It's
still useful for us in t...

It always felt a bit weird, because it was part of the gem but wasn't
part of the plugin system....

No need to have it, and then the versions plugin has to implement it.
`to_json` already makes re...

The concept of moving is already present in storage classes, so it makes
sense to also have it i...

It isn't consistent with other methods, no need to have a bang.

It's easier to read if version name is at the beginning than at the end.

It can now catch invalid URLs, and transform them to Shrine::Error.
Furthermore, it will not swa...

We initially thought that users will only want to process on caching or
on storing. But there ar...

It is possible to create so-called "image bombs", which are small in
filesize but very large in ...

This is a standard measure of size, it could confuse a lot of people if
they see a number in meg...

It was a wrong decision to switch to strings, this was just paranoia for
the Symbols DoS. We now...

People may want to process and store some versions now, and then
continue processing other ones ...

Deleting cache only happens with the "moving" plugin, but then it's part
of "promoting". If a us...

These will usually be result of processing, and are ugly. The default
UUIDs are much prettier.

We switched to strings only because of security paranoia. But actually
the only vulnerable entry...

If we return this inside the data, form submit would save the url into
the database. We don't wa...

We may need this certainty later, that when :location is passed in, it's
guaranteed that the fil...

HTML5 canvas generates data URIs, which we want to allow users to be
able to upload.

Since users can't control which filesizes they accept (like they can in
the attacher), it is goo...

When users are looking at their cache directories, it's much nicer if
there are only folder whic...

Often after uploading images to enpdoint AJAX, users will want to
display the uploaded images. S...

We want to delete the processed files after uploading, so for that we
use our awesome new "move"...

Attackers can simply change the cached hidden field to anything they
like, and we're calling #to...

Some storages may want to implement generating different URLs depending
on options provided. We ...

Previously we were exposed to a DoS vulnerability, where attackers would
be able to simply dupli...

"Uploadie" was just a temporary name until I come up with something
better. I feel really good a...

Some people might have a problem with invalid files staying cached, so
for them we offer this pl...

I believe this is a unique feature compared to other uploading
solutions. When you look at the F...

The linter asserts functionality that Uploadie requires from a storage.
This is expected to be u...

We want to explicitly tell users that `read` needs to respond to two
arguments. We also want to ...

Some websites will return 403 if there is no User-Agent in the request.
open-uri sets "ruby", bu...

This was left over when we thought that it's going to be Uploadie::File,
but it turned out to be...

We already have a dedicated method for this, which prints a nice error
message.

"Soft delete" is referred to when something looks like deleted, but
actually isn't. It's used fo...

We don't want that attackers are able to cause errors to your website
simply by passing somethin...

This plugin adds an endpoint which you can mount and use for
caching/storing files via AJAX. Kud...

If the developer wants to build an event store (a system where each
action is saved as an event,...