Commit 85a8e6f2 authored by Alexis Reigel's avatar Alexis Reigel

whitelist allowed file types for custom favicons

parent 822023c6
...@@ -33,6 +33,10 @@ class FaviconUploader < AttachmentUploader ...@@ -33,6 +33,10 @@ class FaviconUploader < AttachmentUploader
end end
end end
def extension_whitelist
UploaderHelper::IMAGE_EXT
end
private private
def status_favicon(status_name) def status_favicon(status_name)
......
en:
errors:
messages:
carrierwave_processing_error: failed to be processed
carrierwave_integrity_error: is not of an allowed file type
carrierwave_download_error: could not be downloaded
extension_whitelist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}"
extension_blacklist_error: "You are not allowed to upload %{extension} files, prohibited types: %{prohibited_types}"
content_type_whitelist_error: "You are not allowed to upload %{content_type} files"
content_type_blacklist_error: "You are not allowed to upload %{content_type} files"
rmagick_processing_error: "Failed to manipulate with rmagick, maybe it is not an image?"
mini_magick_processing_error: "Failed to manipulate with MiniMagick, maybe it is not an image? Original Error: %{e}"
min_size_error: "File size should be greater than %{min_size}"
max_size_error: "File size should be less than %{max_size}"
...@@ -108,6 +108,12 @@ feature 'Admin Appearance' do ...@@ -108,6 +108,12 @@ feature 'Admin Appearance' do
expect(page).not_to have_css('//img[data-src$="/status_skipped_dk.ico"]') expect(page).not_to have_css('//img[data-src$="/status_skipped_dk.ico"]')
expect(page).not_to have_css('//img[data-src$="/status_success_dk.ico"]') expect(page).not_to have_css('//img[data-src$="/status_success_dk.ico"]')
expect(page).not_to have_css('//img[data-src$="/status_warning_dk.ico"]') expect(page).not_to have_css('//img[data-src$="/status_warning_dk.ico"]')
# allowed file types
attach_file(:appearance_favicon, Rails.root.join('spec', 'fixtures', 'sanitized.svg'))
click_button 'Save'
expect(page).to have_content 'Favicon You are not allowed to upload "svg" files, allowed types: png, jpg, jpeg, gif, bmp, tiff, ico'
end end
def expect_custom_sign_in_appearance(appearance) def expect_custom_sign_in_appearance(appearance)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment