diff options
author | vnugent <public@vaughnnugent.com> | 2023-10-14 12:57:11 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2023-10-14 12:57:11 -0400 |
commit | 76e4f83693a7055ef843f4674d2c10f5e45f105e (patch) | |
tree | 50b41ea368003190663877d40d223eb546f6bd18 /back-end/src/Endpoints/ContentEndpoint.cs | |
parent | 4222ba02e0cdfa494592f7134d3c5b8dc56ee03d (diff) |
passthrough file extensions & package updates
Diffstat (limited to 'back-end/src/Endpoints/ContentEndpoint.cs')
-rw-r--r-- | back-end/src/Endpoints/ContentEndpoint.cs | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/back-end/src/Endpoints/ContentEndpoint.cs b/back-end/src/Endpoints/ContentEndpoint.cs index e1e1344..d362eed 100644 --- a/back-end/src/Endpoints/ContentEndpoint.cs +++ b/back-end/src/Endpoints/ContentEndpoint.cs @@ -251,15 +251,22 @@ namespace Content.Publishing.Blog.Admin.Endpoints return VfReturnType.VirtualSkip; } + //Get the first file + FileUpload file = entity.Files[0]; + //Check content length - if (webm.Assert(entity.Files[0].FileData.Length <= MaxContentLength, $"The content length is too long, max length is {MaxContentLength} bytes")) + if (webm.Assert(file.FileData.Length <= MaxContentLength, $"The content length is too long, max length is {MaxContentLength} bytes")) { entity.CloseResponseJson(HttpStatusCode.BadRequest, webm); return VfReturnType.VirtualSkip; } - //Get the first file - FileUpload file = entity.Files[0]; + //the http layer should protect from this but just in case + if(webm.Assert(file.ContentType != ContentType.NonSupported, "The uploaded file is not a supported system content type")) + { + entity.CloseResponseJson(HttpStatusCode.BadRequest, webm); + return VfReturnType.VirtualSkip; + } //Get the channel IChannelContext? channel = await _blogContextManager.GetChannelAsync(channelId, entity.EventCancellation); |