From 4c2df814de4671880d532ae6514c470d831b7009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Tue, 18 Aug 2015 11:39:51 +0200 Subject: [PATCH] FIX: ensure a file is present when creating an upload --- app/controllers/uploads_controller.rb | 15 ++++++++++----- config/locales/server.en.yml | 1 + spec/controllers/uploads_controller_spec.rb | 11 +++++++++++ 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 3c3eef684..07017714b 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -50,18 +50,23 @@ class UploadsController < ApplicationController def create_upload(type, file, url) begin - # API can provide a URL - if file.nil? && url.present? && is_api? - tempfile = FileHelper.download(url, 10.megabytes, "discourse-upload-#{type}") rescue nil - filename = File.basename(URI.parse(url).path) + # ensure we have a file + if file.nil? + # API can provide a URL + if url.present? && is_api? + tempfile = FileHelper.download(url, 10.megabytes, "discourse-upload-#{type}") rescue nil + filename = File.basename(URI.parse(url).path) + end else tempfile = file.tempfile filename = file.original_filename content_type = file.content_type end + return { errors: I18n.t("upload.file_missing") } if tempfile.nil? + # allow users to upload large images that will be automatically reduced to allowed size - if tempfile && File.size(tempfile.path) > 0 && SiteSetting.max_image_size_kb > 0 && FileHelper.is_image?(filename) + if SiteSetting.max_image_size_kb > 0 && FileHelper.is_image?(filename) && File.size(tempfile.path) > 0 attempt = 5 while attempt > 0 && File.size(tempfile.path) > SiteSetting.max_image_size_kb.kilobytes OptimizedImage.downsize(tempfile.path, tempfile.path, "80%", allow_animation: SiteSetting.allow_animated_thumbnails) diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 7867e3399..058936587 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -2063,6 +2063,7 @@ en: unauthorized: "Sorry, the file you are trying to upload is not authorized (authorized extensions: %{authorized_extensions})." pasted_image_filename: "Pasted image" store_failure: "Failed to store upload #%{upload_id} for user #%{user_id}." + file_missing: "Sorry, you must provide a file to upload." attachments: too_large: "Sorry, the file you are trying to upload is too big (maximum size is %{max_size_kb}KB)." images: diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index a738489d9..b85c3cdc6 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -82,6 +82,17 @@ describe UploadsController do expect(Upload.find(id).retain_hours).to eq(100) end + it 'requires a file' do + Jobs.expects(:enqueue).never + + message = MessageBus.track_publish do + xhr :post, :create, type: "composer" + end.first + + expect(response.status).to eq 200 + expect(message.data["errors"]).to eq(I18n.t("upload.file_missing")) + end + it 'properly returns errors' do SiteSetting.stubs(:max_attachment_size_kb).returns(1)