The provided regular expression is using multiline anchors (^ or $)

Question

I trying to write a Image validation format that makes sure url ends with either .png, .jpg or .gif .

class Product < ActiveRecord::Base

  mount_uploader :image_url

  validates :title, :presence => true,
            :uniqueness => true
  validates :image_url, :presence => true,
                        :format => {
                           :with => %r{\.(gif|jpg|png)$}i,
                           :message => 'must be a URL for GIF, JPG or PNG image.'
                        }
end

But when i start my server. seeing this:

The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option?

Answer 1

^ and $ are both line anchors. If a user were to pass in a string with http://www.foo.com/bar.png\nfoo_bar_baz!, then your regex is going say that the input is valid because it will match .png to the newline, which is not what you want.

Change your regex above to be %r{\.(gif|jpg|png)\z}i instead. The \z is an end of string anchor, which is what you want instead of the end of line anchor.

There are some great answers on another, very similar question: Difference between \A \z and ^ $ in Ruby regular expressions.