Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
mirrors
/
wekan
-ын хуулбар https://github.com/wekan/wekan.git
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

use beforeWrite method of CollectionFS instead of collection-hooks

Ghassen Rjab 8 жил өмнө
parent
ddc21046b9
commit
ad09630d4e
1 өөрчлөгдсөн 18 нэмэгдсэн , 18 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 18 18
      models/attachments.js

+ 18 - 18
models/attachments.js
Файл харах 

@@ -3,7 +3,24 @@ Attachments = new FS.Collection('attachments', {
 
 
     // XXX Add a new store for cover thumbnails so we don't load big images in
 
     // the general board view
 
-    new FS.Store.GridFS('attachments'),
 
+    new FS.Store.GridFS('attachments', {
 
+      // If the uploaded document is not an image we need to enforce browser
 
+      // download instead of execution. This is particularly important for HTML
 
+      // files that the browser will just execute if we don't serve them with the
 
+      // appropriate `application/octet-stream` MIME header which can lead to user
 
+      // data leaks. I imagine other formats (like PDF) can also be attack vectors.
 
+      // See https://github.com/wekan/wekan/issues/99
 
+      // XXX Should we use `beforeWrite` option of CollectionFS instead of
 
+      // collection-hooks?
 
+      // We should use `beforeWrite`.
 
+      beforeWrite: (fileObj) => {
 
+        if (!fileObj.isImage()) {
 
+          return {
 
+            type: 'application/octet-stream'
 
+          };
 
+        }
 
+      },
 
+    }),
 
   ],
 
 });
 
 
@@ -36,23 +53,6 @@ if (Meteor.isServer) {
 
 
 // XXX Enforce a schema for the Attachments CollectionFS
 
 
-Attachments.files.before.insert((userId, doc) => {
 
-  const file = new FS.File(doc);
 
-  doc.userId = userId;
 
-
 
-  // If the uploaded document is not an image we need to enforce browser
 
-  // download instead of execution. This is particularly important for HTML
 
-  // files that the browser will just execute if we don't serve them with the
 
-  // appropriate `application/octet-stream` MIME header which can lead to user
 
-  // data leaks. I imagine other formats (like PDF) can also be attack vectors.
 
-  // See https://github.com/wekan/wekan/issues/99
 
-  // XXX Should we use `beforeWrite` option of CollectionFS instead of
 
-  // collection-hooks?
 
-  if (!file.isImage()) {
 
-    file.original.type = 'application/octet-stream';
 
-  }
 
-});
 
-
 
 if (Meteor.isServer) {
 
   Attachments.files.after.insert((userId, doc) => {
 
     Activities.insert({