mirror of
https://github.com/TryGhost/Ghost.git
synced 2025-02-24 23:48:13 -05:00
fix json db uploads and add checking for subscriber uploads (#241)
closes TryGhost/Ghost#7295 - check json content on db import if type is not specified - ensure file type/extension is being checked in subscriber upload
This commit is contained in:
Austin Burdine
Kevin Ansfield
parent
312308aa98
commit
2306c25839
2 changed files with 80 additions and 17 deletions
|
|
@ -4,6 +4,7 @@ import injectService from 'ember-service/inject';
|
||||||
import computed from 'ember-computed';
|
import computed from 'ember-computed';
|
||||||
import {isBlank} from 'ember-utils';
|
import {isBlank} from 'ember-utils';
|
||||||
import run from 'ember-runloop';
|
import run from 'ember-runloop';
|
||||||
|
import {isEmberArray} from 'ember-array/utils';
|
||||||
|
|
||||||
import { invoke, invokeAction } from 'ember-invoke-action';
|
import { invoke, invokeAction } from 'ember-invoke-action';
|
||||||
import {
|
import {
|
||||||
|
|
@ -21,7 +22,8 @@ export default Component.extend({
|
||||||
labelText: 'Select or drag-and-drop a file',
|
labelText: 'Select or drag-and-drop a file',
|
||||||
url: null,
|
url: null,
|
||||||
paramName: 'file',
|
paramName: 'file',
|
||||||
accept: 'text/csv',
|
accept: ['text/csv'],
|
||||||
|
extensions: ['csv'],
|
||||||
validate: null,
|
validate: null,
|
||||||
|
|
||||||
file: null,
|
file: null,
|
||||||
|
|
@ -74,6 +76,15 @@ export default Component.extend({
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
didReceiveAttrs() {
|
||||||
|
this._super(...arguments);
|
||||||
|
let accept = this.get('accept');
|
||||||
|
let extensions = this.get('extensions');
|
||||||
|
|
||||||
|
this._accept = (!isBlank(accept) && !isEmberArray(accept)) ? accept.split(',') : accept;
|
||||||
|
this._extensions = (!isBlank(extensions) && !isEmberArray(extensions)) ? extensions.split(',') : extensions;
|
||||||
|
},
|
||||||
|
|
||||||
willDestroyElement() {
|
willDestroyElement() {
|
||||||
let listenTo = this.get('listenTo');
|
let listenTo = this.get('listenTo');
|
||||||
|
|
||||||
|
|
@ -187,9 +198,16 @@ export default Component.extend({
|
||||||
},
|
},
|
||||||
|
|
||||||
_defaultValidator(file) {
|
_defaultValidator(file) {
|
||||||
let accept = this.get('accept');
|
let accept = this._accept;
|
||||||
|
|
||||||
if (!isBlank(accept) && file && accept.indexOf(file.type) === -1) {
|
if (isBlank(file.type)) {
|
||||||
|
let [, extension] = (/(?:\.([^.]+))?$/).exec(file.name);
|
||||||
|
let extensions = this._extensions;
|
||||||
|
|
||||||
|
if (!extension || extensions.indexOf(extension.toLowerCase()) === -1) {
|
||||||
|
return new UnsupportedMediaTypeError();
|
||||||
|
}
|
||||||
|
} else if (!isBlank(file.type) && !isBlank(accept) && file && accept.indexOf(file.type) === -1) {
|
||||||
return new UnsupportedMediaTypeError();
|
return new UnsupportedMediaTypeError();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,12 @@
|
||||||
import $ from 'jquery';
|
import $ from 'jquery';
|
||||||
|
import RSVP from 'rsvp';
|
||||||
import Controller from 'ember-controller';
|
import Controller from 'ember-controller';
|
||||||
import injectService from 'ember-service/inject';
|
import injectService from 'ember-service/inject';
|
||||||
import {isBlank} from 'ember-utils';
|
import {isBlank} from 'ember-utils';
|
||||||
import {isEmberArray} from 'ember-array/utils';
|
import {isEmberArray} from 'ember-array/utils';
|
||||||
import {UnsupportedMediaTypeError} from 'ghost-admin/services/ajax';
|
import {UnsupportedMediaTypeError, isUnsupportedMediaTypeError} from 'ghost-admin/services/ajax';
|
||||||
|
|
||||||
|
const {Promise} = RSVP;
|
||||||
|
|
||||||
export default Controller.extend({
|
export default Controller.extend({
|
||||||
uploadButtonText: 'Import',
|
uploadButtonText: 'Import',
|
||||||
|
|
@ -18,30 +21,67 @@ export default Controller.extend({
|
||||||
session: injectService(),
|
session: injectService(),
|
||||||
ajax: injectService(),
|
ajax: injectService(),
|
||||||
|
|
||||||
|
// TODO: convert to ember-concurrency task
|
||||||
|
_validate(file) {
|
||||||
|
// Windows doesn't have mime-types for json files by default, so we
|
||||||
|
// need to have some additional checking
|
||||||
|
if (file.type === '') {
|
||||||
|
// First check file extension so we can early return
|
||||||
|
let [, extension] = (/(?:\.([^.]+))?$/).exec(file.name);
|
||||||
|
|
||||||
|
if (!extension || extension.toLowerCase() !== 'json') {
|
||||||
|
return RSVP.reject(new UnsupportedMediaTypeError());
|
||||||
|
}
|
||||||
|
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
// Extension is correct, so check the contents of the file
|
||||||
|
let reader = new FileReader();
|
||||||
|
|
||||||
|
reader.onload = function () {
|
||||||
|
let {result} = reader;
|
||||||
|
|
||||||
|
try {
|
||||||
|
JSON.parse(result);
|
||||||
|
|
||||||
|
return resolve();
|
||||||
|
} catch (e) {
|
||||||
|
return reject(new UnsupportedMediaTypeError());
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
reader.readAsText(file);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
let accept = this.get('importMimeType');
|
||||||
|
|
||||||
|
if (!isBlank(accept) && file && accept.indexOf(file.type) === -1) {
|
||||||
|
return RSVP.reject(new UnsupportedMediaTypeError());
|
||||||
|
}
|
||||||
|
|
||||||
|
return RSVP.resolve();
|
||||||
|
},
|
||||||
|
|
||||||
actions: {
|
actions: {
|
||||||
onUpload(file) {
|
onUpload(file) {
|
||||||
let formData = new FormData();
|
let formData = new FormData();
|
||||||
let notifications = this.get('notifications');
|
let notifications = this.get('notifications');
|
||||||
let currentUserId = this.get('session.user.id');
|
let currentUserId = this.get('session.user.id');
|
||||||
let dbUrl = this.get('ghostPaths.url').api('db');
|
let dbUrl = this.get('ghostPaths.url').api('db');
|
||||||
let accept = this.get('importMimeType');
|
|
||||||
|
|
||||||
this.set('uploadButtonText', 'Importing');
|
this.set('uploadButtonText', 'Importing');
|
||||||
this.set('importErrors', '');
|
this.set('importErrors', '');
|
||||||
|
|
||||||
if (!isBlank(accept) && file && accept.indexOf(file.type) === -1) {
|
return this._validate(file).then(() => {
|
||||||
this.set('importErrors', [new UnsupportedMediaTypeError()]);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
formData.append('importfile', file);
|
formData.append('importfile', file);
|
||||||
|
|
||||||
this.get('ajax').post(dbUrl, {
|
return this.get('ajax').post(dbUrl, {
|
||||||
data: formData,
|
data: formData,
|
||||||
dataType: 'json',
|
dataType: 'json',
|
||||||
cache: false,
|
cache: false,
|
||||||
contentType: false,
|
contentType: false,
|
||||||
processData: false
|
processData: false
|
||||||
|
});
|
||||||
}).then(() => {
|
}).then(() => {
|
||||||
// Clear the store, so that all the new data gets fetched correctly.
|
// Clear the store, so that all the new data gets fetched correctly.
|
||||||
this.store.unloadAll();
|
this.store.unloadAll();
|
||||||
|
|
@ -50,6 +90,11 @@ export default Controller.extend({
|
||||||
// TODO: keep as notification, add link to view content
|
// TODO: keep as notification, add link to view content
|
||||||
notifications.showNotification('Import successful.', {key: 'import.upload.success'});
|
notifications.showNotification('Import successful.', {key: 'import.upload.success'});
|
||||||
}).catch((response) => {
|
}).catch((response) => {
|
||||||
|
if (isUnsupportedMediaTypeError(response)) {
|
||||||
|
this.set('importErrors', [response]);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (response && response.errors && isEmberArray(response.errors)) {
|
if (response && response.errors && isEmberArray(response.errors)) {
|
||||||
this.set('importErrors', response.errors);
|
this.set('importErrors', response.errors);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue