diff --git a/app/site_files.rb b/app/site_files.rb
index 70a62b75..b9a9253f 100644
--- a/app/site_files.rb
+++ b/app/site_files.rb
@@ -85,9 +85,14 @@ def file_upload_response(error=nil)
end
end
+def require_login_file_upload_ajax
+ file_upload_response 'You are not signed in!' unless signed_in?
+ file_upload_response 'Please contact support.' if banned?
+end
+
post '/site_files/upload' do
if params[:filename]
- require_login_ajax
+ require_login_file_upload_ajax
tempfile = Tempfile.new 'neocities_saving_file'
input = request.body.read
@@ -106,6 +111,13 @@ post '/site_files/upload' do
file_upload_response "Uploaded files were not seen by the server, cancelled. We don't know what's causing this yet. Please contact us so we can help fix it. Thanks!"
end
+ # For migration from original design.. some pages out there won't have the site_id param yet for a while.
+ site = params[:site_id].nil? ? current_site : Site[params[:site_id]]
+
+ unless site.owned_by?(current_site)
+ file_upload_response 'You do not have permission to save this file. Did you sign in as a different user?'
+ end
+
params[:files].each_with_index do |file,i|
dir_name = ''
dir_name = params[:dir] if params[:dir]
@@ -125,22 +137,22 @@ post '/site_files/upload' do
if current_site.file_size_too_large? file[:tempfile].size
file_upload_response "#{file[:filename]} is too large, upload cancelled."
end
- if !current_site.okay_to_upload? file
+ if !site.okay_to_upload? file
file_upload_response %{#{Rack::Utils.escape_html file[:filename]}: file type (or content in file) is only supported by supporter accounts. Why We Do This}
end
end
uploaded_size = params[:files].collect {|f| f[:tempfile].size}.inject{|sum,x| sum + x }
- if current_site.file_size_too_large? uploaded_size
+ if site.file_size_too_large? uploaded_size
file_upload_response "File(s) do not fit in your available free space, upload cancelled."
end
- if current_site.too_many_files? params[:files].length
+ if site.too_many_files? params[:files].length
file_upload_response "Your site has exceeded the maximum number of files, please delete some files first."
end
- results = current_site.store_files params[:files]
+ results = site.store_files params[:files]
file_upload_response
end
diff --git a/app_helpers.rb b/app_helpers.rb
index 0327f3e9..2e9e6d59 100644
--- a/app_helpers.rb
+++ b/app_helpers.rb
@@ -2,11 +2,6 @@ def dashboard_if_signed_in
redirect '/dashboard' if signed_in?
end
-def require_login_ajax
- halt 'You are not logged in!' unless signed_in?
- halt 'Please contact support.' if banned?
-end
-
def csrf_safe?
csrf_token == params[:csrf_token] || csrf_token == request.env['HTTP_X_CSRF_TOKEN']
end
diff --git a/views/site_files/text_editor.erb b/views/site_files/text_editor.erb
index f95300d6..35c439e6 100644
--- a/views/site_files/text_editor.erb
+++ b/views/site_files/text_editor.erb
@@ -120,14 +120,19 @@
if(unsavedChanges == false)
return
$.ajax({
- url: "/site_files/upload?csrf_token=<%= Rack::Utils.escape csrf_token %>&filename=<%= Rack::Utils.escape @filename %>",
+ url: "/site_files/upload?csrf_token=<%= Rack::Utils.escape csrf_token %>&filename=<%= Rack::Utils.escape @filename %>&site_id=<%= current_site.id %>",
data: editor.getValue(),
processData: false,
contentType: false,
type: 'POST',
error: function(jqXHR, textStatus, errorThrown) {
+ var errorMessage = 'There has been an error saving your file, please try again. If it continues to fail, make a copy of the file locally so you don\'t lose your changes!'
+
+ if(jqXHR.responseText)
+ errorMessage += ' ERROR MESSAGE: '+jqXHR.responseText
+
$('#saveButton').tooltip('show')
- $('#editorUpdates span').text('There has been an error saving your file, please try again. If it continues to fail, make a copy of the file locally so you don\'t lose your changes!')
+ $('#editorUpdates span').text(errorMessage)
$('#editorUpdates').fadeIn()
$('#editorUpdates').removeClass('hidden')
},