From 17f26b8c2c981ee993f812510d68751ca03637c3 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 22 Jul 2014 15:46:31 +0100 Subject: [PATCH 1/5] Support to allow for a setting so you can stop unknown file types from being imported --- settings.json.template | 11 +++++++---- src/node/handler/ImportHandler.js | 11 ++++++++--- src/node/utils/Settings.js | 5 +++++ 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/settings.json.template b/settings.json.template index 5868af6a3..359d1f8bd 100644 --- a/settings.json.template +++ b/settings.json.template @@ -74,19 +74,22 @@ /* This is the path to the Abiword executable. Setting it to null, disables abiword. Abiword is needed to advanced import/export features of pads*/ "abiword" : null, + + /* Should we allow of file types other than the supported types: .html, .txt, .doc, .docx, .rtf, .ods */ + "allowUnknownFileEnds" : true, /* This setting is used if you require authentication of all users. Note: /admin always requires authentication. */ - "requireAuthentication": false, + "requireAuthentication" : false, /* Require authorization by a module, or a user with is_admin set, see below. */ - "requireAuthorization": false, + "requireAuthorization" : false, /*when you use NginX or another proxy/ load-balancer set this to true*/ - "trustProxy": false, + "trustProxy" : false, /* Privacy: disable IP logging */ - "disableIPlogging": false, + "disableIPlogging" : false, /* Users for basic authentication. is_admin = true gives access to /admin. If you do not uncomment this, /admin will not be available! */ diff --git a/src/node/handler/ImportHandler.js b/src/node/handler/ImportHandler.js index 60fa5ffb1..8e724671f 100644 --- a/src/node/handler/ImportHandler.js +++ b/src/node/handler/ImportHandler.js @@ -92,9 +92,14 @@ exports.doImport = function(req, res, padId) } //we need to rename this file with a .txt ending else { - var oldSrcFile = srcFile; - srcFile = path.join(path.dirname(srcFile),path.basename(srcFile, fileEnding)+".txt"); - fs.rename(oldSrcFile, srcFile, callback); + if(settings.allowUnknownFileEnds === true){ + var oldSrcFile = srcFile; + srcFile = path.join(path.dirname(srcFile),path.basename(srcFile, fileEnding)+".txt"); + fs.rename(oldSrcFile, srcFile, callback); + }else{ + console.warn("Not allowing unknown file type to be imported", fileEnding); + callback("uploadFailed"); + } } }, function(callback){ diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js index 8b17a6d34..bbebf0bd8 100644 --- a/src/node/utils/Settings.js +++ b/src/node/utils/Settings.js @@ -129,6 +129,11 @@ exports.minify = true; */ exports.abiword = null; +/** + * Should we support none natively supported file types on import? + */ +exports.allowUnknownFileEnds = true; + /** * The log level of log4js */ From aa908ea8ce5ba7aab20a3d78324e4a01a2d49fe5 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 22 Jul 2014 16:02:22 +0100 Subject: [PATCH 2/5] tidy up template a bit --- settings.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json.template b/settings.json.template index 359d1f8bd..b55ca7e07 100644 --- a/settings.json.template +++ b/settings.json.template @@ -75,7 +75,7 @@ Abiword is needed to advanced import/export features of pads*/ "abiword" : null, - /* Should we allow of file types other than the supported types: .html, .txt, .doc, .docx, .rtf, .ods */ + /* Should we allow of file types other than the supported types: html, txt, doc, docx, rtf, odt, html & htm */ "allowUnknownFileEnds" : true, /* This setting is used if you require authentication of all users. From 6dfe33258a4a211d1b9723200a5e877835b56393 Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 22 Jul 2014 16:02:56 +0100 Subject: [PATCH 3/5] tidy up template a bit --- settings.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json.template b/settings.json.template index b55ca7e07..8b2a9c2ab 100644 --- a/settings.json.template +++ b/settings.json.template @@ -75,7 +75,7 @@ Abiword is needed to advanced import/export features of pads*/ "abiword" : null, - /* Should we allow of file types other than the supported types: html, txt, doc, docx, rtf, odt, html & htm */ + /* Should we allow of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */ "allowUnknownFileEnds" : true, /* This setting is used if you require authentication of all users. From 95ab126fe23fa72ee8ee015b7b6da93407988f6e Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 22 Jul 2014 16:03:26 +0100 Subject: [PATCH 4/5] tidy up template a bit --- settings.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json.template b/settings.json.template index 8b2a9c2ab..5b4155bf9 100644 --- a/settings.json.template +++ b/settings.json.template @@ -75,7 +75,7 @@ Abiword is needed to advanced import/export features of pads*/ "abiword" : null, - /* Should we allow of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */ + /* Should we allow import of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */ "allowUnknownFileEnds" : true, /* This setting is used if you require authentication of all users. From 83b7ca529bdce7741c69b9a7da958133180ec30f Mon Sep 17 00:00:00 2001 From: John McLear Date: Tue, 22 Jul 2014 16:03:49 +0100 Subject: [PATCH 5/5] tidy up template a bit --- settings.json.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/settings.json.template b/settings.json.template index 5b4155bf9..3f84af9b8 100644 --- a/settings.json.template +++ b/settings.json.template @@ -75,7 +75,7 @@ Abiword is needed to advanced import/export features of pads*/ "abiword" : null, - /* Should we allow import of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */ + /* Allow import of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */ "allowUnknownFileEnds" : true, /* This setting is used if you require authentication of all users.