mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 01:16:38 -06:00
FIX: validates attachments against current authorized extensions
This commit is contained in:
parent
4f0bdec370
commit
be0c7609f1
@ -635,7 +635,7 @@ module Email
|
||||
# create the upload for the user
|
||||
opts = { for_group_message: options[:is_group_message] }
|
||||
upload = UploadCreator.new(tmp, attachment.filename, opts).create_for(user_id)
|
||||
if upload && upload.errors.empty?
|
||||
if upload&.valid?
|
||||
# try to inline images
|
||||
if attachment.content_type&.start_with?("image/")
|
||||
if raw[attachment.url]
|
||||
|
@ -381,6 +381,10 @@ describe Email::Receiver do
|
||||
SiteSetting.authorized_extensions = "txt"
|
||||
expect { process(:attached_txt_file) }.to change { topic.posts.count }
|
||||
expect(topic.posts.last.raw).to match(/text\.txt/)
|
||||
|
||||
SiteSetting.authorized_extensions = "csv"
|
||||
expect { process(:attached_txt_file_2) }.to change { topic.posts.count }
|
||||
expect(topic.posts.last.raw).to_not match(/text\.txt/)
|
||||
end
|
||||
|
||||
it "supports liking via email" do
|
||||
|
30
spec/fixtures/emails/attached_txt_file_2.eml
vendored
Normal file
30
spec/fixtures/emails/attached_txt_file_2.eml
vendored
Normal file
@ -0,0 +1,30 @@
|
||||
Return-Path: <discourse@bar.com>
|
||||
From: Foo Bar <discourse@bar.com>
|
||||
To: reply+4f97315cc828096c9cb34c6f1a0d6fe8@bar.com
|
||||
Date: Sat, 30 Jan 2016 01:10:11 +0100
|
||||
Message-ID: <38b@foo.bar.mail>
|
||||
Mime-Version: 1.0
|
||||
Content-Type: multipart/mixed;
|
||||
boundary="--==_mimepart_56abff5d49749_ddf83fca6d033a28548ad";
|
||||
charset=UTF-8
|
||||
Content-Transfer-Encoding: 7bit
|
||||
|
||||
|
||||
----==_mimepart_56abff5d49749_ddf83fca6d033a28548ad
|
||||
Content-Type: text/plain;
|
||||
charset=UTF-8;
|
||||
filename=text.txt
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Content-Disposition: attachment;
|
||||
filename=text.txt
|
||||
Content-ID: <56abff637aac_ddf83fca6d033a2855099@HAL.lan.mail>
|
||||
|
||||
This is a txt file.
|
||||
|
||||
----==_mimepart_56abff5d49749_ddf83fca6d033a28548ad
|
||||
Content-Type: text/plain;
|
||||
charset=UTF-8
|
||||
Content-Transfer-Encoding: 7bit
|
||||
|
||||
Please find the same text file attached.
|
||||
----==_mimepart_56abff5d49749_ddf83fca6d033a28548ad--
|
Loading…
Reference in New Issue
Block a user