Hi Niranda, If it's a security concern in restricting the uploadable thumbnail type, you should filter the types from the server side as well.
IMO This should actually come as a fix in the next release. For now you can replace the following file with the attached file. <AM_HOME>/repository/deployment/server/jaggeryapps/publisher/site/blocks/item-design/ajax/add.jag Also the diff file relevant to the change is attached herewith. On Thu, Oct 9, 2014 at 11:20 AM, Niranda Perera <nira...@wso2.com> wrote: > Hi Dinesh, > > Thank you for your input. It was indeed very helpful. :-) > > Cheers > > On Thu, Oct 9, 2014 at 10:16 AM, Dinesh J Weerakkody <dine...@wso2.com> > wrote: > >> Hi Niranda, >> >> modern browsers support accept attribute and explain in this >> stackoverflow tread [1]. If that doesn't work for you, you have to write a >> custom js for validation. >> Sample validation can be found here [2]. >> >> [1] >> http://stackoverflow.com/questions/3521122/html-input-type-file-apply-a-filter >> [2] >> http://www.codeproject.com/Tips/700593/FileUpload-Filter-File-Type-File-Extension-File-Si >> >> >> On Wed, Oct 8, 2014 at 5:48 PM, Niranda Perera <nira...@wso2.com> wrote: >> >>> Hi, >>> >>> Is there any way to restrict only files of certain file types to be >>> uploaded in the API thumbnail image section in APIM? >>> >>> Rgds >>> >>> >>> -- >>> *Niranda Perera* >>> Software Engineer, WSO2 Inc. >>> Mobile: +94-71-554-8430 >>> Twitter: @n1r44 <https://twitter.com/N1R44> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> *Dinesh J. Weerakkody* >> Software Engineer >> WSO2 Inc. >> lean | enterprise | middleware >> M : +94 727 361788 | E : dine...@wso2.com | W : www.wso2.com >> > > > > -- > *Niranda Perera* > Software Engineer, WSO2 Inc. > Mobile: +94-71-554-8430 > Twitter: @n1r44 <https://twitter.com/N1R44> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Anuruddha Premalal* Software Eng. | WSO2 Inc. Mobile : +94710461070 Web site : www.regilandvalley.com
Index: src/site/blocks/item-design/ajax/add.jag =================================================================== --- src/site/blocks/item-design/ajax/add.jag (revision 208169) +++ src/site/blocks/item-design/ajax/add.jag (working copy) @@ -74,16 +74,30 @@ apiData.swagger = generate_swagger_object(request.getParameter("swagger", "UTF-8")); - result = mod.updateAPIDesign(apiData); - if (result.error==true) { - obj = { - error:true, - message:result.message - }; - } else { - obj = { - error:false, - data :apiId + if(apiData.imageUrl){ + var name = apiData.imageUrl.getName(); + var ext = name.split('.').pop().toLowerCase(); + var supportedFileTypes = {"png":1, "jpg":1, "gif":1 } ; + + if(!supportedFileTypes[ext]) { + obj = { + error:true, + message:"Invalid thumbnail file type" + }; + }else{ + result = mod.updateAPIDesign(apiData); + + if (result.error==true) { + obj = { + error:true, + message:result.message + }; + } else { + obj = { + error:false, + data :apiId + } + } } } print(obj);
add.jag
Description: Binary data
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev