From 76e4f83693a7055ef843f4674d2c10f5e45f105e Mon Sep 17 00:00:00 2001 From: vnugent Date: Sat, 14 Oct 2023 12:57:11 -0400 Subject: passthrough file extensions & package updates --- back-end/src/Endpoints/ContentEndpoint.cs | 13 ++++++++++--- back-end/src/Model/ContentManager.cs | 26 ++++++++++++++++++-------- 2 files changed, 28 insertions(+), 11 deletions(-) (limited to 'back-end') diff --git a/back-end/src/Endpoints/ContentEndpoint.cs b/back-end/src/Endpoints/ContentEndpoint.cs index e1e1344..d362eed 100644 --- a/back-end/src/Endpoints/ContentEndpoint.cs +++ b/back-end/src/Endpoints/ContentEndpoint.cs @@ -251,15 +251,22 @@ namespace Content.Publishing.Blog.Admin.Endpoints return VfReturnType.VirtualSkip; } + //Get the first file + FileUpload file = entity.Files[0]; + //Check content length - if (webm.Assert(entity.Files[0].FileData.Length <= MaxContentLength, $"The content length is too long, max length is {MaxContentLength} bytes")) + if (webm.Assert(file.FileData.Length <= MaxContentLength, $"The content length is too long, max length is {MaxContentLength} bytes")) { entity.CloseResponseJson(HttpStatusCode.BadRequest, webm); return VfReturnType.VirtualSkip; } - //Get the first file - FileUpload file = entity.Files[0]; + //the http layer should protect from this but just in case + if(webm.Assert(file.ContentType != ContentType.NonSupported, "The uploaded file is not a supported system content type")) + { + entity.CloseResponseJson(HttpStatusCode.BadRequest, webm); + return VfReturnType.VirtualSkip; + } //Get the channel IChannelContext? channel = await _blogContextManager.GetChannelAsync(channelId, entity.EventCancellation); diff --git a/back-end/src/Model/ContentManager.cs b/back-end/src/Model/ContentManager.cs index b5fc385..dc289fa 100644 --- a/back-end/src/Model/ContentManager.cs +++ b/back-end/src/Model/ContentManager.cs @@ -100,7 +100,7 @@ namespace Content.Publishing.Blog.Admin.Model Length = length, FileName = fileName, //File path from ct - FilePath = GetFileNameFromType(fileId, ct) + FilePath = GetFileNameFromTypeOrExtension(fileId, ct, fileName) }; } @@ -194,7 +194,7 @@ namespace Content.Publishing.Blog.Admin.Model FileName = $"Content for post {postId}", Id = postId, Length = 0, - FilePath = GetFileNameFromType(postId, ContentType.Html), + FilePath = GetFileNameFromTypeOrExtension(postId, ContentType.Html, null), }; //Get the content index @@ -287,14 +287,24 @@ namespace Content.Publishing.Blog.Admin.Model return $"{context.ContentDir}/{meta.FilePath}"; } - private static string GetFileNameFromType(string fileId, ContentType type) + private static string GetFileNameFromTypeOrExtension(string fileId, ContentType type, string? fileName) { - //Create file path from its id and file extension - return type switch + if(Path.HasExtension(fileName)) { - ContentType.Javascript => $"{fileId}.js", - _ => $"{fileId}.{type.ToString().ToLowerInvariant()}", - }; + string extension = Path.GetExtension(fileName); + return $"{fileId}{extension}"; + } + else + { + //Create file path from its id and file extension + string extension = type switch + { + ContentType.Javascript => ".js", + _ => type.ToString().ToLowerInvariant(), + }; + + return $"{fileId}.{extension}"; + } } } } -- cgit