LBRYCommunity/spee.ch
1
0
Fork 0
Code Issues 95 Pull requests 2 Projects Releases 4 Packages Wiki Activity

added check for file name in publish requests

Browse source
This commit is contained in:
bill bittner 2018-07-04 17:02:43 -07:00
parent 57c08fd3ad
commit 93d23a3721
2 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
server/controllers/api/claim/publish/parsePublishApiRequestFiles.js
View file

@ -12,9 +12,18 @@ const parsePublishApiRequestFiles = ({file, thumbnail}) => {
throw new Error('no file type found');
}
if (!file.size) {
throw new Error('no file type found');
throw new Error('no file size found');
}
// validate the file name
if (!file.name) {
throw new Error('no file name found');
}
if (file.name.indexOf('.') < 0) {
throw new Error('no file extension found in file name');
}
if (file.name.indexOf('.') === 0) {
throw new Error('file name cannot start with "."');
}
if (/'/.test(file.name)) {
throw new Error('apostrophes are not allowed in the file name');
}

2
server/controllers/api/claim/publish/validateFileTypeAndSize.js
View file

@ -1,6 +1,7 @@
const logger = require('winston');
const validateFileTypeAndSize = (file) => {
logger.debug('FILE:', file);
// check file type and size
switch (file.type) {
case 'image/jpeg':
@ -27,6 +28,7 @@ const validateFileTypeAndSize = (file) => {
logger.debug('publish > file validation > unrecognized file type');
throw new Error('The ' + file.type + ' content type is not supported. Only, .jpeg, .png, .gif, and .mp4 files are currently supported.');
}
// check file name
return file;
};