github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 18:31:11 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

replace the upload type whitelist with a sanitizer

Browse Source
This commit is contained in:
Régis Hanol
2017-05-18 12:13:13 +02:00
parent 8e5b0c79ae
commit 13e489b4ca
4 changed files with 12 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
spec/controllers/uploads_controller_spec.rb
View File

@ -33,18 +33,13 @@ describe UploadsController do
})
end
it 'fails if type is invalid' do
xhr :post, :create, file: logo, type: "invalid type cause has space"
expect(response.status).to eq 403
it 'expects a type' do
expect { xhr :post, :create, file: logo }.to raise_error(ActionController::ParameterMissing)
end
xhr :post, :create, file: logo, type: "\\invalid"
expect(response.status).to eq 403
xhr :post, :create, file: logo, type: "invalid."
expect(response.status).to eq 403
xhr :post, :create, file: logo, type: "toolong"*100
expect(response.status).to eq 403
it 'parameterize the type' do
subject.expects(:create_upload).with(logo, nil, "super_long_type_with_charssuper_long_type_with_char")
xhr :post, :create, file: logo, type: "super \# long \//\\ type with \\. $%^&*( chars" * 5
end
it 'is successful with an image' do