diff --git a/app/site_files.rb b/app/site_files.rb index 28047c75..f0d7cdba 100644 --- a/app/site_files.rb +++ b/app/site_files.rb @@ -39,7 +39,7 @@ post '/site_files/create' do extname = File.extname name - unless extname.match /^\.#{Site::EDITABLE_FILE_EXT}/i + unless extname.empty? || extname.match(/^\.#{Site::EDITABLE_FILE_EXT}/i) flash[:error] = "Must be an text editable file type (#{Site::VALID_EDITABLE_EXTENSIONS.join(', ')})." redirect redirect_uri end diff --git a/models/site.rb b/models/site.rb index bd718849..7aa4ac6e 100644 --- a/models/site.rb +++ b/models/site.rb @@ -754,11 +754,12 @@ class Site < Sequel::Model end def self.valid_file_mime_type_and_ext?(mime_type, extname) - unless (Site::VALID_MIME_TYPES.include?(mime_type) || mime_type =~ /text/ || mime_type =~ /inode\/x-empty/) && - Site::VALID_EXTENSIONS.include?(extname.sub(/^./, '').downcase) - return false + valid_mime_type = Site::VALID_MIME_TYPES.include?(mime_type) || mime_type =~ /text/ || mime_type =~ /inode\/x-empty/ + valid_extension = Site::VALID_EXTENSIONS.include?(extname.sub(/^./, '').downcase) + unless valid_extension + return true if mime_type =~ /text/ || mime_type == 'application/json' end - true + valid_mime_type && valid_extension end def self.valid_file_type?(uploaded_file) @@ -1264,7 +1265,7 @@ class Site < Sequel::Model file[:is_html] = !(extname.match(HTML_REGEX)).nil? file[:is_image] = !(file[:ext].match IMAGE_REGEX).nil? - file[:is_editable] = !(file[:ext].match EDITABLE_FILE_EXT).nil? + file[:is_editable] = !(file[:ext].match EDITABLE_FILE_EXT).nil? || file[:ext].empty? file end diff --git a/tests/files/json-file b/tests/files/json-file new file mode 100644 index 00000000..40c54eee --- /dev/null +++ b/tests/files/json-file @@ -0,0 +1 @@ +{"Paul Frazee":"is hereby eternally memorialized in this test, and will forever be known for only this contribution to western civilization"} \ No newline at end of file diff --git a/tests/files/testjpeg b/tests/files/testjpeg new file mode 100644 index 00000000..507b769b Binary files /dev/null and b/tests/files/testjpeg differ diff --git a/tests/files/text-file b/tests/files/text-file new file mode 100644 index 00000000..1cf9ef97 --- /dev/null +++ b/tests/files/text-file @@ -0,0 +1 @@ +This is a text file. \ No newline at end of file diff --git a/tests/site_file_tests.rb b/tests/site_file_tests.rb index 786dada7..2a7dadfb 100644 --- a/tests/site_file_tests.rb +++ b/tests/site_file_tests.rb @@ -401,6 +401,22 @@ describe 'site_files' do _(@site.site_changed).must_equal false end + it 'allows non-extension filename upload if it is a text or JSON file' do + uploaded_files = [Rack::Test::UploadedFile.new('./tests/files/text-file', 'text/plain'), Rack::Test::UploadedFile.new('./tests/files/json-file', 'application/json')] + + uploaded_files.each do |file| + upload file.original_filename => file + _(last_response.body).must_match /successfully uploaded/i + _(File.exists?(@site.files_path(file.original_filename))).must_equal true + username, path = PurgeCacheWorker.jobs.last['args'] + _(username).must_equal @site.username + _(path).must_equal '/'+file.original_filename + end + + upload 'testjpeg' => Rack::Test::UploadedFile.new('./tests/files/testjpeg', 'image/jpeg') + _(last_response.body).must_match /invalid_file_type/i + end + it 'works with square bracket filename' do uploaded_file = Rack::Test::UploadedFile.new('./tests/files/te[s]t.jpg', 'image/jpeg') upload 'te[s]t.jpg' => uploaded_file