From 18ec8009a18260c94624188bf8cfbd6cba09b890 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Fri, 26 Mar 2021 23:38:03 +0100 Subject: [PATCH 1/3] :bug: Only allow bitmap images on team and profile photo. --- backend/src/app/media.clj | 11 ++++++----- backend/src/app/rpc/mutations/profile.clj | 2 +- backend/src/app/rpc/mutations/teams.clj | 3 ++- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/backend/src/app/media.clj b/backend/src/app/media.clj index 13219f23a4..42a4c9f48f 100644 --- a/backend/src/app/media.clj +++ b/backend/src/app/media.clj @@ -185,8 +185,9 @@ ;; --- Utility functions (defn validate-media-type - [media-type] - (when-not (cm/valid-media-types media-type) - (ex/raise :type :validation - :code :media-type-not-allowed - :hint "Seems like you are uploading an invalid media object"))) + ([mtype] (validate-media-type mtype cm/valid-media-types)) + ([mtype allowed] + (when-not (contains? allowed mtype) + (ex/raise :type :validation + :code :media-type-not-allowed + :hint "Seems like you are uploading an invalid media object")))) diff --git a/backend/src/app/rpc/mutations/profile.clj b/backend/src/app/rpc/mutations/profile.clj index 055a225cf4..18916fc198 100644 --- a/backend/src/app/rpc/mutations/profile.clj +++ b/backend/src/app/rpc/mutations/profile.clj @@ -382,8 +382,8 @@ (sv/defmethod ::update-profile-photo [{:keys [pool storage] :as cfg} {:keys [profile-id file] :as params}] - (media/validate-media-type (:content-type file)) (db/with-atomic [conn pool] + (media/validate-media-type (:content-type file) #{"image/jpeg" "image/png" "image/webp"}) (let [profile (db/get-by-id conn :profile profile-id) _ (media/run cfg {:cmd :info :input {:path (:tempfile file) :mtype (:content-type file)}}) diff --git a/backend/src/app/rpc/mutations/teams.clj b/backend/src/app/rpc/mutations/teams.clj index b7a8eaaa25..fd8f75576d 100644 --- a/backend/src/app/rpc/mutations/teams.clj +++ b/backend/src/app/rpc/mutations/teams.clj @@ -252,9 +252,10 @@ (sv/defmethod ::update-team-photo [{:keys [pool storage] :as cfg} {:keys [profile-id file team-id] :as params}] - (media/validate-media-type (:content-type file)) (db/with-atomic [conn pool] (teams/check-edition-permissions! conn profile-id team-id) + (media/validate-media-type (:content-type file) #{"image/jpeg" "image/png" "image/webp"}) + (let [team (teams/retrieve-team conn profile-id team-id) _ (media/run cfg {:cmd :info :input {:path (:tempfile file) :mtype (:content-type file)}}) From aa866bbe13f95a4e160453aae389b062109c80d9 Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Fri, 26 Mar 2021 23:38:28 +0100 Subject: [PATCH 2/3] :bug: Fix wrong spec usage. --- frontend/src/app/main/data/dashboard.cljs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/app/main/data/dashboard.cljs b/frontend/src/app/main/data/dashboard.cljs index 812c4fe0ad..008b91f31e 100644 --- a/frontend/src/app/main/data/dashboard.cljs +++ b/frontend/src/app/main/data/dashboard.cljs @@ -235,7 +235,7 @@ (defn update-team-photo [{:keys [file team-id] :as params}] - (us/assert ::di/js-file file) + (us/assert ::di/file file) (us/assert ::us/uuid team-id) (ptk/reify ::update-team-photo ptk/WatchEvent From cc92e4be75ed325b7f78d092369b020db3d3929e Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Fri, 26 Mar 2021 23:38:47 +0100 Subject: [PATCH 3/3] :bug: Fix unexpected internal error on press enter. --- frontend/src/app/main/data/workspace.cljs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/frontend/src/app/main/data/workspace.cljs b/frontend/src/app/main/data/workspace.cljs index 3c4243ee0e..57fc801d67 100644 --- a/frontend/src/app/main/data/workspace.cljs +++ b/frontend/src/app/main/data/workspace.cljs @@ -1113,7 +1113,8 @@ :path (rx/of (dwc/start-edition-mode id) (dwdp/start-path-edit id)) - :else (rx/empty)))))))) + + (rx/empty)))))))) ;; --- Change Page Order (D&D Ordering)