From 3524a93cfb0a9255281b096bf5e9e68938d68a34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Tue, 2 Apr 2013 11:38:15 +0200 Subject: [PATCH] prevent users from uploading files other than images --- .../discourse/views/composer_view.js | 29 +++++++++++-------- config/locales/client.en.yml | 3 +- config/locales/client.fr.yml | 3 +- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/app/assets/javascripts/discourse/views/composer_view.js b/app/assets/javascripts/discourse/views/composer_view.js index 0f1932109b7..0a3d9a06048 100644 --- a/app/assets/javascripts/discourse/views/composer_view.js +++ b/app/assets/javascripts/discourse/views/composer_view.js @@ -276,35 +276,40 @@ Discourse.ComposerView = Discourse.View.extend({ formData: { topic_id: 1234 } }); - var addImages = function (e, data) { - // can only upload one image at a time + var addFiles = function (e, data) { + // can only upload one file at a time if (data.files.length > 1) { bootbox.alert(Em.String.i18n('post.errors.upload_too_many_images')); return false; } else if (data.files.length > 0) { - // check image size + // check file size var fileSizeInKB = data.files[0].size / 1024; if (fileSizeInKB > Discourse.SiteSettings.max_upload_size_kb) { bootbox.alert(Em.String.i18n('post.errors.upload_too_large', { max_size_kb: Discourse.SiteSettings.max_upload_size_kb })); return false; - } else { - // reset upload status - _this.setProperties({ - uploadProgress: 0, - loadingImage: true - }); - return true; } + // check that the uploaded file is an image + // TODO: we should provide support for other types of file + if (data.files[0].type.indexOf('image/') !== 0) { + bootbox.alert(Em.String.i18n('post.errors.only_images_are_supported')); + return false; + } + // everything is fine, reset upload status + _this.setProperties({ + uploadProgress: 0, + loadingImage: true + }); + return true; } // we need to return true here, otherwise it prevents the default paste behavior return true; }; // paste - $uploadTarget.on('fileuploadpaste', addImages); + $uploadTarget.on('fileuploadpaste', addFiles); // drop - $uploadTarget.on('fileuploaddrop', addImages); + $uploadTarget.on('fileuploaddrop', addFiles); // send $uploadTarget.on('fileuploadsend', function (e, data) { diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml index bde01d8efa4..754d31956c8 100644 --- a/config/locales/client.en.yml +++ b/config/locales/client.en.yml @@ -561,7 +561,8 @@ en: edit: "Sorry, there was an error editing your post. Please try again." upload: "Sorry, there was an error uploading that file. Please try again." upload_too_large: "Sorry, the file you are trying to upload is too big (maximum size is {{max_size_kb}}kb), please resize it and try again." - upload_too_many_images: "Sorry, but you can only upload one image at a time." + upload_too_many_images: "Sorry, you can only upload one image at a time." + only_images_are_supported: "Sorry, only images uploading is supported." abandon: "Are you sure you want to abandon your post?" diff --git a/config/locales/client.fr.yml b/config/locales/client.fr.yml index f7da6789444..4178b75e88a 100644 --- a/config/locales/client.fr.yml +++ b/config/locales/client.fr.yml @@ -565,7 +565,8 @@ fr: edit: "Désolé, il y a eu une erreur lors de l'édition de votre message. Merci de réessayer." upload: "Désolé, il y a eu une erreur lors de l'envoi du fichier. Merci de réessayer." upload_too_large: "Désolé, le fichier que vous êtes en train d'envoyer est trop grand (maximum {{max_size_kb}}Kb). Merci de le redimensionner et de réessayer." - upload_too_many_images: "Désolé, mais vous ne pouvez envoyer qu'une seule image à la fois." + upload_too_many_images: "Désolé, vous ne pouvez envoyer qu'une seule image à la fois." + only_images_are_supported: "Désolé, seulement l'envoi d'image est supporté." abandon: "Voulez-vous vraiment abandonner ce message ?"