diff options
author | Alexis Reigel <mail@koffeinfrei.org> | 2017-09-27 15:03:49 +0200 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2018-06-05 16:20:20 +0200 |
commit | 85a8e6f26a8fa0ea9f430f0094fb14706bfd2991 (patch) | |
tree | 4afb34773410769406e292b19ba21892a45fd001 | |
parent | 822023c64ccab23cfdacb42e191dcec4f812adfd (diff) | |
download | gitlab-ce-85a8e6f26a8fa0ea9f430f0094fb14706bfd2991.tar.gz |
whitelist allowed file types for custom favicons
-rw-r--r-- | app/uploaders/favicon_uploader.rb | 4 | ||||
-rw-r--r-- | config/locales/carrierwave.en.yml | 14 | ||||
-rw-r--r-- | spec/features/admin/admin_appearance_spec.rb | 6 |
3 files changed, 24 insertions, 0 deletions
diff --git a/app/uploaders/favicon_uploader.rb b/app/uploaders/favicon_uploader.rb index d64fa5b1609..d3debc16fa9 100644 --- a/app/uploaders/favicon_uploader.rb +++ b/app/uploaders/favicon_uploader.rb @@ -33,6 +33,10 @@ class FaviconUploader < AttachmentUploader end end + def extension_whitelist + UploaderHelper::IMAGE_EXT + end + private def status_favicon(status_name) diff --git a/config/locales/carrierwave.en.yml b/config/locales/carrierwave.en.yml new file mode 100644 index 00000000000..12619226460 --- /dev/null +++ b/config/locales/carrierwave.en.yml @@ -0,0 +1,14 @@ +en: + errors: + messages: + carrierwave_processing_error: failed to be processed + carrierwave_integrity_error: is not of an allowed file type + carrierwave_download_error: could not be downloaded + extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}" + extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}" + content_type_whitelist_error: "You are not allowed to upload %{content_type} files" + content_type_blacklist_error: "You are not allowed to upload %{content_type} files" + rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?" + mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}" + min_size_error: "File size should be greater than %{min_size}" + max_size_error: "File size should be less than %{max_size}" diff --git a/spec/features/admin/admin_appearance_spec.rb b/spec/features/admin/admin_appearance_spec.rb index 556aa10d226..ffffd14752e 100644 --- a/spec/features/admin/admin_appearance_spec.rb +++ b/spec/features/admin/admin_appearance_spec.rb @@ -108,6 +108,12 @@ feature 'Admin Appearance' do expect(page).not_to have_css('//img[data-src$="/status_skipped_dk.ico"]') expect(page).not_to have_css('//img[data-src$="/status_success_dk.ico"]') expect(page).not_to have_css('//img[data-src$="/status_warning_dk.ico"]') + + # allowed file types + attach_file(:appearance_favicon, Rails.root.join('spec', 'fixtures', 'sanitized.svg')) + click_button 'Save' + + expect(page).to have_content 'Favicon You are not allowed to upload "svg" files, allowed types: png, jpg, jpeg, gif, bmp, tiff, ico' end def expect_custom_sign_in_appearance(appearance) |