From 8914ea0c8cdaca60be669a49b74e27736a5713cb Mon Sep 17 00:00:00 2001 From: Youssef Lourayad Date: Sat, 6 May 2023 07:38:00 +0100 Subject: [PATCH 1/6] Allow all filetypes to be uploaded --- src/CONST.js | 3 --- src/components/AttachmentModal.js | 11 ----------- 2 files changed, 14 deletions(-) diff --git a/src/CONST.js b/src/CONST.js index a45c6c91240e..fb7e8ffe0c12 100755 --- a/src/CONST.js +++ b/src/CONST.js @@ -31,9 +31,6 @@ const CONST = { ARROW_HIDE_DELAY: 3000, API_ATTACHMENT_VALIDATIONS: { - // Same as the PHP layer allows - ALLOWED_EXTENSIONS: ['webp', 'jpg', 'jpeg', 'png', 'gif', 'pdf', 'html', 'txt', 'rtf', 'doc', 'docx', 'htm', 'tiff', 'tif', 'xml', 'mp3', 'mp4', 'mov'], - // 24 megabytes in bytes, this is limit set on servers, do not update without wider internal discussion MAX_SIZE: 25165824, diff --git a/src/components/AttachmentModal.js b/src/components/AttachmentModal.js index 2dfdb991f9f2..3cf15dacb5fa 100755 --- a/src/components/AttachmentModal.js +++ b/src/components/AttachmentModal.js @@ -169,17 +169,6 @@ class AttachmentModal extends PureComponent { * @returns {Boolean} */ isValidFile(file) { - const {fileExtension} = FileUtils.splitExtensionFromFileName(lodashGet(file, 'name', '')); - if (!_.contains(CONST.API_ATTACHMENT_VALIDATIONS.ALLOWED_EXTENSIONS, fileExtension.toLowerCase())) { - const invalidReason = `${this.props.translate('attachmentPicker.notAllowedExtension')} ${CONST.API_ATTACHMENT_VALIDATIONS.ALLOWED_EXTENSIONS.join(', ')}`; - this.setState({ - isAttachmentInvalid: true, - attachmentInvalidReasonTitle: this.props.translate('attachmentPicker.wrongFileType'), - attachmentInvalidReason: invalidReason, - }); - return false; - } - if (lodashGet(file, 'size', 0) > CONST.API_ATTACHMENT_VALIDATIONS.MAX_SIZE) { this.setState({ isAttachmentInvalid: true, From 43d95dfe10813a623642a5fa53382391332e5979 Mon Sep 17 00:00:00 2001 From: Youssef Lourayad Date: Mon, 8 May 2023 23:45:22 +0100 Subject: [PATCH 2/6] Fix linting --- src/components/AttachmentModal.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/components/AttachmentModal.js b/src/components/AttachmentModal.js index 3cf15dacb5fa..69344fb39079 100755 --- a/src/components/AttachmentModal.js +++ b/src/components/AttachmentModal.js @@ -4,14 +4,12 @@ import {View, Animated, Keyboard} from 'react-native'; import Str from 'expensify-common/lib/str'; import lodashGet from 'lodash/get'; import lodashExtend from 'lodash/extend'; -import _ from 'underscore'; import CONST from '../CONST'; import Modal from './Modal'; import AttachmentView from './AttachmentView'; import AttachmentCarousel from './AttachmentCarousel'; import styles from '../styles/styles'; import * as StyleUtils from '../styles/StyleUtils'; -import * as FileUtils from '../libs/fileDownload/FileUtils'; import themeColors from '../styles/themes/default'; import compose from '../libs/compose'; import withWindowDimensions, {windowDimensionsPropTypes} from './withWindowDimensions'; From 22e95bdf92c054edf1d26ae7db72fde5c34955ac Mon Sep 17 00:00:00 2001 From: Youssef Lourayad Date: Wed, 10 May 2023 10:37:31 +0100 Subject: [PATCH 3/6] Wip, prevent certain files from being uploaded --- src/CONST.js | 4 ++++ src/components/AttachmentModal.js | 13 +++++++++++++ src/languages/en.js | 2 +- src/languages/es.js | 2 +- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/CONST.js b/src/CONST.js index fb7e8ffe0c12..721cfe4560de 100755 --- a/src/CONST.js +++ b/src/CONST.js @@ -31,6 +31,10 @@ const CONST = { ARROW_HIDE_DELAY: 3000, API_ATTACHMENT_VALIDATIONS: { + // Same as the PHP layer allows + /* eslint-disable-next-line max-len */ + UNALLOWED_EXTENSIONS: ['ade', 'adp', 'apk', 'appx', 'appxbundle', 'bat', 'cab', 'chm', 'cmd', 'com', 'cpl', 'diagcab', 'diagcfg', 'diagpack', 'dll', 'dmg', 'ex', 'ex_', 'exe', 'hta', 'img', 'ins', 'iso', 'isp', 'jar', 'jnlp', 'js', 'jse', 'lib', 'lnk', 'mde', 'msc', 'msi', 'msix', 'msixbundle', 'msp', 'mst', 'nsh', 'pif', 'ps1', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vhd', 'vxd', 'wsc', 'wsf', 'wsh', 'xll'], + // 24 megabytes in bytes, this is limit set on servers, do not update without wider internal discussion MAX_SIZE: 25165824, diff --git a/src/components/AttachmentModal.js b/src/components/AttachmentModal.js index 69344fb39079..1e9d62bcbefe 100755 --- a/src/components/AttachmentModal.js +++ b/src/components/AttachmentModal.js @@ -4,12 +4,14 @@ import {View, Animated, Keyboard} from 'react-native'; import Str from 'expensify-common/lib/str'; import lodashGet from 'lodash/get'; import lodashExtend from 'lodash/extend'; +import _ from 'underscore'; import CONST from '../CONST'; import Modal from './Modal'; import AttachmentView from './AttachmentView'; import AttachmentCarousel from './AttachmentCarousel'; import styles from '../styles/styles'; import * as StyleUtils from '../styles/StyleUtils'; +import * as FileUtils from '../libs/fileDownload/FileUtils'; import themeColors from '../styles/themes/default'; import compose from '../libs/compose'; import withWindowDimensions, {windowDimensionsPropTypes} from './withWindowDimensions'; @@ -167,6 +169,17 @@ class AttachmentModal extends PureComponent { * @returns {Boolean} */ isValidFile(file) { + const {fileExtension} = FileUtils.splitExtensionFromFileName(lodashGet(file, 'name', '')); + if (_.contains(CONST.API_ATTACHMENT_VALIDATIONS.UNALLOWED_EXTENSIONS, fileExtension.toLowerCase())) { + const invalidReason = this.props.translate('attachmentPicker.notAllowedExtension'); + this.setState({ + isAttachmentInvalid: true, + attachmentInvalidReasonTitle: this.props.translate('attachmentPicker.wrongFileType'), + attachmentInvalidReason: invalidReason, + }); + return false; + } + if (lodashGet(file, 'size', 0) > CONST.API_ATTACHMENT_VALIDATIONS.MAX_SIZE) { this.setState({ isAttachmentInvalid: true, diff --git a/src/languages/en.js b/src/languages/en.js index 5422adba1af9..718b9ee1f7a5 100755 --- a/src/languages/en.js +++ b/src/languages/en.js @@ -149,7 +149,7 @@ export default { attachmentTooSmall: 'Attachment too small', sizeNotMet: 'Attachment size must be greater than 240 bytes.', wrongFileType: 'Attachment is the wrong type', - notAllowedExtension: 'Attachments must be one of the following types:', + notAllowedExtension: 'This filetype is not allowed', }, avatarCropModal: { title: 'Edit photo', diff --git a/src/languages/es.js b/src/languages/es.js index 1fb5b1c1b826..2db801dbebc5 100644 --- a/src/languages/es.js +++ b/src/languages/es.js @@ -148,7 +148,7 @@ export default { attachmentTooSmall: 'Archivo adjunto demasiado pequeño', sizeNotMet: 'El archivo adjunto debe ser mas grande que 240 bytes.', wrongFileType: 'El tipo del archivo adjunto es incorrecto', - notAllowedExtension: 'Los archivos adjuntos deben ser de uno de los siguientes tipos:', + notAllowedExtension: '// TODO', }, avatarCropModal: { title: 'Editar foto', From 6c3da98f313f1836ea9e0bd861e5e786fd6d6b43 Mon Sep 17 00:00:00 2001 From: Youssef Lourayad Date: Tue, 16 May 2023 14:32:52 +0100 Subject: [PATCH 4/6] Update Spanish translation --- src/languages/es.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/languages/es.js b/src/languages/es.js index 2db801dbebc5..885d80743997 100644 --- a/src/languages/es.js +++ b/src/languages/es.js @@ -148,7 +148,7 @@ export default { attachmentTooSmall: 'Archivo adjunto demasiado pequeño', sizeNotMet: 'El archivo adjunto debe ser mas grande que 240 bytes.', wrongFileType: 'El tipo del archivo adjunto es incorrecto', - notAllowedExtension: '// TODO', + notAllowedExtension: 'Este tipe de archivo no és permitido', }, avatarCropModal: { title: 'Editar foto', From e55d25fc550704f8e3f53deebc1586396df3e67a Mon Sep 17 00:00:00 2001 From: Youssef Lourayad Date: Tue, 16 May 2023 14:38:03 +0100 Subject: [PATCH 5/6] Update translation --- src/languages/es.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/languages/es.js b/src/languages/es.js index 885d80743997..4c4b8edd57bd 100644 --- a/src/languages/es.js +++ b/src/languages/es.js @@ -148,7 +148,7 @@ export default { attachmentTooSmall: 'Archivo adjunto demasiado pequeño', sizeNotMet: 'El archivo adjunto debe ser mas grande que 240 bytes.', wrongFileType: 'El tipo del archivo adjunto es incorrecto', - notAllowedExtension: 'Este tipe de archivo no és permitido', + notAllowedExtension: 'Este tipo de archivo no está permitido', }, avatarCropModal: { title: 'Editar foto', From 66a996c8b9bf7c929173a1adc0f8e52428b649e3 Mon Sep 17 00:00:00 2001 From: Youssef Lourayad Date: Tue, 16 May 2023 15:21:14 +0100 Subject: [PATCH 6/6] Prettier --- src/CONST.js | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/src/CONST.js b/src/CONST.js index 2c2fc4b44397..369049a6e79d 100755 --- a/src/CONST.js +++ b/src/CONST.js @@ -36,7 +36,61 @@ const CONST = { API_ATTACHMENT_VALIDATIONS: { // Same as the PHP layer allows /* eslint-disable-next-line max-len */ - UNALLOWED_EXTENSIONS: ['ade', 'adp', 'apk', 'appx', 'appxbundle', 'bat', 'cab', 'chm', 'cmd', 'com', 'cpl', 'diagcab', 'diagcfg', 'diagpack', 'dll', 'dmg', 'ex', 'ex_', 'exe', 'hta', 'img', 'ins', 'iso', 'isp', 'jar', 'jnlp', 'js', 'jse', 'lib', 'lnk', 'mde', 'msc', 'msi', 'msix', 'msixbundle', 'msp', 'mst', 'nsh', 'pif', 'ps1', 'scr', 'sct', 'shb', 'sys', 'vb', 'vbe', 'vbs', 'vhd', 'vxd', 'wsc', 'wsf', 'wsh', 'xll'], + UNALLOWED_EXTENSIONS: [ + 'ade', + 'adp', + 'apk', + 'appx', + 'appxbundle', + 'bat', + 'cab', + 'chm', + 'cmd', + 'com', + 'cpl', + 'diagcab', + 'diagcfg', + 'diagpack', + 'dll', + 'dmg', + 'ex', + 'ex_', + 'exe', + 'hta', + 'img', + 'ins', + 'iso', + 'isp', + 'jar', + 'jnlp', + 'js', + 'jse', + 'lib', + 'lnk', + 'mde', + 'msc', + 'msi', + 'msix', + 'msixbundle', + 'msp', + 'mst', + 'nsh', + 'pif', + 'ps1', + 'scr', + 'sct', + 'shb', + 'sys', + 'vb', + 'vbe', + 'vbs', + 'vhd', + 'vxd', + 'wsc', + 'wsf', + 'wsh', + 'xll', + ], // 24 megabytes in bytes, this is limit set on servers, do not update without wider internal discussion MAX_SIZE: 25165824,