Merge pull request #622 from ZogStriP/prevent-users-from-uploading-files-other-than-images

prevent users from uploading files other than images
2025-02-25 18:55:32 -06:00 · 2013-04-03 07:39:55 -07:00
parent c2f1b70a6f 3524a93cfb
commit 0e09c8b9b9
3 changed files with 21 additions and 14 deletions
--- a/app/assets/javascripts/discourse/views/composer_view.js
+++ b/app/assets/javascripts/discourse/views/composer_view.js
@@ -276,35 +276,40 @@ Discourse.ComposerView = Discourse.View.extend({
        formData: { topic_id: 1234 }
    });

-    var addImages = function (e, data) {
-      // can only upload one image at a time
+    var addFiles = function (e, data) {
+      // can only upload one file at a time
      if (data.files.length > 1) {
        bootbox.alert(Em.String.i18n('post.errors.upload_too_many_images'));
        return false;
      } else if (data.files.length > 0) {
-        // check image size
+        // check file size
        var fileSizeInKB = data.files[0].size / 1024;
        if (fileSizeInKB > Discourse.SiteSettings.max_upload_size_kb) {
          bootbox.alert(Em.String.i18n('post.errors.upload_too_large', { max_size_kb: Discourse.SiteSettings.max_upload_size_kb }));
          return false;
-        } else {
-          // reset upload status
-          _this.setProperties({
-            uploadProgress: 0,
-            loadingImage: true
-          });
-          return true;
        }
+        // check that the uploaded file is an image
+        // TODO: we should provide support for other types of file
+        if (data.files[0].type.indexOf('image/') !== 0) {
+          bootbox.alert(Em.String.i18n('post.errors.only_images_are_supported'));
+          return false; 
+        }
+        // everything is fine, reset upload status
+        _this.setProperties({
+          uploadProgress: 0,
+          loadingImage: true
+        });
+        return true;
      }
      // we need to return true here, otherwise it prevents the default paste behavior
      return true;
    };

    // paste
-    $uploadTarget.on('fileuploadpaste', addImages);
+    $uploadTarget.on('fileuploadpaste', addFiles);

    // drop
-    $uploadTarget.on('fileuploaddrop', addImages);
+    $uploadTarget.on('fileuploaddrop', addFiles);

    // send
    $uploadTarget.on('fileuploadsend', function (e, data) {