TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The media manager should only look for uploads of its own species 

Fixes https://github.com/rainlab/blog-plugin/issues/79
This commit is contained in:
Samuel Georges 2015-04-24 18:51:06 +10:00
parent 594a849171
commit 84b80a10c2
5 changed files with 49 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
modules/cms/widgets/MediaManager.php
View File

@ -55,7 +55,7 @@ class MediaManager extends WidgetBase
parent::__construct($controller, []);
$this->bindToController();
$this->handleUploads();
$this->checkUploadPostback();
}
/**
@ -881,11 +881,13 @@ class MediaManager extends WidgetBase
try {
$dimensions = getimagesize($originalImagePath);
if (!$dimensions)
if (!$dimensions) {
return $originalDimensions;
}
if ($dimensions[0] > $width || $dimensions[1] > $height)
if ($dimensions[0] > $width || $dimensions[1] > $height) {
return $originalDimensions;
}
return $dimensions;
}
@ -894,47 +896,56 @@ class MediaManager extends WidgetBase
}
}
protected function handleUploads()
protected function checkUploadPostback()
{
$fileName = null;
try {
$uploadedFile = Input::file('file_data');
if (!($uniqueId = post('X_OCTOBER_FILEUPLOAD')) || $uniqueId != $this->getId()) {
return;
}
if (!is_object($uploadedFile)) {
try {
if (!Input::hasFile('file_data')) {
return;
}
$uploadedFile = Input::file('file_data');
$fileName = $uploadedFile->getClientOriginalName();
// See mime type handling in the asset manager
if (!$uploadedFile->isValid())
if (!$uploadedFile->isValid()) {
throw new ApplicationException($uploadedFile->getErrorMessage());
}
$path = Input::get('path');
$path = MediaLibrary::validatePath($path);
MediaLibrary::instance()->put($path.'/'.$fileName,
File::get($uploadedFile->getRealPath()));
MediaLibrary::instance()->put(
$path.'/'.$fileName,
File::get($uploadedFile->getRealPath())
);
die('success');
}
catch (Exception $ex) {
Response::make($ex->getMessage(), 406)->send();
die();
}
}
protected function validateFileName($name)
{
if (!preg_match('/^[0-9a-z\.\s_\-]+$/i', $name))
if (!preg_match('/^[0-9a-z\.\s_\-]+$/i', $name)) {
return false;
}
if (strpos($name, '..') !== false)
if (strpos($name, '..') !== false) {
return false;
}
return true;
}

5
modules/cms/widgets/mediamanager/assets/js/mediamanager-browser-min.js vendored
View File

@ -309,7 +309,8 @@ fileNumberLabel.innerHTML=completeTemplate;progresBar.setAttribute('class','prog
this.$el.find('[data-command="cancel-uploading"]').addClass('hide')
this.$el.find('[data-command="close-uploader"]').removeClass('hide')
this.refresh()}
MediaManager.prototype.uploadSending=function(file,xhr,formData){formData.append('path',this.$el.find('[data-type="current-folder"]').val())}
MediaManager.prototype.uploadSending=function(file,xhr,formData){formData.append('path',this.$el.find('[data-type="current-folder"]').val())
formData.append('X_OCTOBER_FILEUPLOAD',this.options.uniqueId)}
MediaManager.prototype.uploadCancelAll=function(){this.dropzone.removeAllFiles(true)
this.hideUploadUi()}
MediaManager.prototype.uploadError=function(file,message){swal({title:'Error uploading file',text:message,confirmButtonClass:'btn-default'})}
@ -461,7 +462,7 @@ eventHandled=true
break;}
if(eventHandled){ev.preventDefault()
ev.stopPropagation()}}
MediaManager.DEFAULTS={alias:'',deleteEmpty:'Please select files to delete.',deleteConfirm:'Do you really want to delete the selected file(s)?',moveEmpty:'Please select files to move.',selectSingleImage:'Please select a single image.',selectionNotImage:'The selected item is not an image.',bottomToolbar:false,cropAndInsertButton:false}
MediaManager.DEFAULTS={alias:'',uniqueId:null,deleteEmpty:'Please select files to delete.',deleteConfirm:'Do you really want to delete the selected file(s)?',moveEmpty:'Please select files to move.',selectSingleImage:'Please select a single image.',selectionNotImage:'The selected item is not an image.',bottomToolbar:false,cropAndInsertButton:false}
var old=$.fn.mediaManager
$.fn.mediaManager=function(option){var args=Array.prototype.slice.call(arguments,1),result=undefined
this.each(function(){var $this=$(this)

2
modules/cms/widgets/mediamanager/assets/js/mediamanager.js
View File

@ -768,6 +768,7 @@
MediaManager.prototype.uploadSending = function(file, xhr, formData) {
formData.append('path', this.$el.find('[data-type="current-folder"]').val())
formData.append('X_OCTOBER_FILEUPLOAD', this.options.uniqueId)
}
MediaManager.prototype.uploadCancelAll = function() {
@ -1238,6 +1239,7 @@
MediaManager.DEFAULTS = {
alias: '',
uniqueId: null,
deleteEmpty: 'Please select files to delete.',
deleteConfirm: 'Do you really want to delete the selected file(s)?',
moveEmpty: 'Please select files to move.',

18
modules/cms/widgets/mediamanager/assets/js/mediamanager.redactor.js
View File

@ -48,8 +48,8 @@ RedactorPlugins.mediamanager = function()
this.link.getData()
new $.oc.mediaManager.popup({
alias: 'ocmediamanager',
cropAndInsertButton: false,
alias: 'ocmediamanager',
cropAndInsertButton: false,
onInsert: function(items) {
if (!items.length) {
alert('Please select file to insert a links to.')
@ -87,8 +87,8 @@ RedactorPlugins.mediamanager = function()
var that = this
new $.oc.mediaManager.popup({
alias: 'ocmediamanager',
cropAndInsertButton: true,
alias: 'ocmediamanager',
cropAndInsertButton: true,
onInsert: function(items) {
if (!items.length) {
alert('Please select image(s) to insert.')
@ -132,7 +132,7 @@ RedactorPlugins.mediamanager = function()
if (that.opts.linebreaks)
$image.before('<br>').after('<br>')
}
}
}
if (imagesInserted !== 0)
this.hide()
@ -150,8 +150,8 @@ RedactorPlugins.mediamanager = function()
this.link.getData()
new $.oc.mediaManager.popup({
alias: 'ocmediamanager',
cropAndInsertButton: false,
alias: 'ocmediamanager',
cropAndInsertButton: false,
onInsert: function(items) {
if (!items.length) {
alert('Please select a video file to insert.')
@ -197,8 +197,8 @@ RedactorPlugins.mediamanager = function()
this.link.getData()
new $.oc.mediaManager.popup({
alias: 'ocmediamanager',
cropAndInsertButton: false,
alias: 'ocmediamanager',
cropAndInsertButton: false,
onInsert: function(items) {
if (!items.length) {
alert('Please select an audio file to insert.')

19
modules/cms/widgets/mediamanager/partials/_body.htm
View File

@ -1,7 +1,8 @@
<div
<div
data-control="media-manager"
class="layout"
data-alias="<?= $this->alias ?>"
data-unique-id="<?= $this->getId() ?>"
data-delete-empty="<?= e(trans('cms::lang.media.delete_empty')) ?>"
data-delete-confirm="<?= e(trans('cms::lang.media.delete_confirm')) ?>"
data-move-empty="<?= e(trans('cms::lang.media.move_empty')) ?>"
@ -32,17 +33,16 @@
<div class="layout">
<div class="layout-row">
<div class="layout">
<!-- Main area - list -->
<div data-control="item-list">
<div class="control-scrollpad">
<div class="scroll-wrapper"> <!-- This element is required for the scrollpad control -->
<div id="<?= $this->getId('item-list') ?>" >
<?= $this->makePartial('item-list') ?>
</div>
<!-- Main area - list -->
<div data-control="item-list">
<div class="control-scrollpad">
<div class="scroll-wrapper"> <!-- This element is required for the scrollpad control -->
<div id="<?= $this->getId('item-list') ?>" >
<?= $this->makePartial('item-list') ?>
</div>
</div>
</div>
</div>
<div class="layout-cell width-300 panel border-left no-padding <?= !$sidebarVisible ? 'hide' : null ?>" data-control="preview-sidebar">
<!-- Right sidebar -->
@ -57,6 +57,7 @@
</div>
</div>
</div>
</div>
</div>
</div>