I don't think font files can harm the system lets make white-list configurable so we can add file types which are safe.
Regards Jo On Wed, Mar 2, 2016 at 8:28 AM, Shenavi de Mel <shen...@wso2.com> wrote: > Hi Jo, > > Just another concern. Is there a particular reason why the deployment of > web fonts with the theme is also not allowed. If user wants to change the > default web fonts is that going to be of any harm to the product and it's > functions? > > Regards > Shenavi > > *Shenavi de Mel* > Software Engineer > WSO2 Inc: http://wso2.com > email: shen...@wso2.com > mobile: 0711644470 > > > On Tue, Mar 1, 2016 at 12:15 PM, Shenavi de Mel <shen...@wso2.com> wrote: > >> Hi Jo, >> >> Thanks for the quick response. For the first issue we can remove the >> files which are included in the sample and provide that for the users and >> probably mention the supported file extensions as well in the >> documentation. I guess the 2nd issue would have to be fixed and i created a >> JIRA to track it [1]. It would be great if you could let us know if this >> would be fixed in the upcoming release of APIM. >> >> [1] https://wso2.org/jira/browse/APIMANAGER-4570 >> >> Thanks >> Shenavi >> >> *Shenavi de Mel* >> Software Engineer >> WSO2 Inc: http://wso2.com >> email: shen...@wso2.com >> mobile: 0711644470 >> >> >> On Tue, Mar 1, 2016 at 11:53 AM, Joseph Fonseka <jos...@wso2.com> wrote: >> >>> Hi Shenavi >>> >>> Both issues you mention are valid. >>> 1. The reason to add a white list is to prevent users from uploading >>> malicious script. And we should remove the unsupported files from the >>> sample. Also we might need to move the white-list to a config file. >>> >>> 2. And yes we should replace the entire directory instead of copying the >>> files in to the existing theme. >>> >>> Regards >>> Jo >>> >>> On Tue, Mar 1, 2016 at 10:44 AM, Shenavi de Mel <shen...@wso2.com> >>> wrote: >>> >>>> Hi APIM team, >>>> >>>> I have a few question regarding the uploading of tenant themes to the >>>> APIM. >>>> >>>> 1. When i was uploading a tenant theme for a tenant following the >>>> tutorial [1] i noticed some warn logs in my console. Further i noticed that >>>> the files mentioned in those warnings are not deployed as well and are >>>> mentioned as unsupported. Only thing i did not follow according to this >>>> document is that i did not delete the folders that i did not change. When i >>>> went through the code of TenantManagerHostObject.java class i noticed >>>> that the file extensions other than "css", "jpg", "png", "gif", "svg", >>>> "ttf", "html", "js are not considered as valid extensions and will not be >>>> deployed with the theme. In that case is there any reason why those >>>> unsupported files are included in the sample template [1] given for the >>>> users to customize? >>>> >>>> If you could confirm or point to a documentation of what are the >>>> supported file types which can be customized in the custom theme uploaded >>>> via the admin-dashboard of the tenant if it is not already in the docs i >>>> feel it might be better to include them in the docs to avoid confusion [1]. >>>> >>>> 2. Also i noticed if i upload a theme for the tenant and say I include >>>> a custom css file. And later upload another theme for the same tenant >>>> hoping to replace the previously uploaded theme and remove that css file it >>>> will still be available. I assume it replaces the existing folder with the >>>> new theme hence old files will not get deleted. Is there a way to make sure >>>> the old theme is deleted and replaced by the new theme when uploading via >>>> the admin-dashboard application or is that the default and expected >>>> behavior? >>>> >>>> Your thoughts would be much appreciated to understand this better and >>>> also improve our documentation [2] to avoid confusion and provide more >>>> information for the users. >>>> >>>> [1] https://docs.wso2.com/display/AM191/Adding+a+new+API+Store+Theme >>>> [2] >>>> https://docs.wso2.com/display/APICloud/Customize+the+API+Store+Theme >>>> >>>> Thanks and Regards >>>> Shenavi. >>>> >>>> >>> >>> >>> -- >>> >>> -- >>> *Joseph Fonseka* >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: +94 772 512 430 >>> skype: jpfonseka >>> >>> * <http://lk.linkedin.com/in/rumeshbandara>* >>> >>> >> > -- -- *Joseph Fonseka* WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 772 512 430 skype: jpfonseka * <http://lk.linkedin.com/in/rumeshbandara>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
