Hi Niranda, If it's a security concern in restricting the uploadable thumbnail type, you should filter the types from the server side as well.
IMO This should actually come as a fix in the next release. For now you can replace the following file with the attached file. <AM_HOME>/repository/deployment/server/jaggeryapps/publisher/site/blocks/item-design/ajax/add.jag Also the diff file relevant to the change is attached herewith. On Thu, Oct 9, 2014 at 11:20 AM, Niranda Perera <[email protected]> wrote: > Hi Dinesh, > > Thank you for your input. It was indeed very helpful. :-) > > Cheers > > On Thu, Oct 9, 2014 at 10:16 AM, Dinesh J Weerakkody <[email protected]> > wrote: > >> Hi Niranda, >> >> modern browsers support accept attribute and explain in this >> stackoverflow tread [1]. If that doesn't work for you, you have to write a >> custom js for validation. >> Sample validation can be found here [2]. >> >> [1] >> http://stackoverflow.com/questions/3521122/html-input-type-file-apply-a-filter >> [2] >> http://www.codeproject.com/Tips/700593/FileUpload-Filter-File-Type-File-Extension-File-Si >> >> >> On Wed, Oct 8, 2014 at 5:48 PM, Niranda Perera <[email protected]> wrote: >> >>> Hi, >>> >>> Is there any way to restrict only files of certain file types to be >>> uploaded in the API thumbnail image section in APIM? >>> >>> Rgds >>> >>> >>> -- >>> *Niranda Perera* >>> Software Engineer, WSO2 Inc. >>> Mobile: +94-71-554-8430 >>> Twitter: @n1r44 <https://twitter.com/N1R44> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> >> *Dinesh J. Weerakkody* >> Software Engineer >> WSO2 Inc. >> lean | enterprise | middleware >> M : +94 727 361788 | E : [email protected] | W : www.wso2.com >> > > > > -- > *Niranda Perera* > Software Engineer, WSO2 Inc. > Mobile: +94-71-554-8430 > Twitter: @n1r44 <https://twitter.com/N1R44> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Anuruddha Premalal* Software Eng. | WSO2 Inc. Mobile : +94710461070 Web site : www.regilandvalley.com
Index: src/site/blocks/item-design/ajax/add.jag
===================================================================
--- src/site/blocks/item-design/ajax/add.jag (revision 208169)
+++ src/site/blocks/item-design/ajax/add.jag (working copy)
@@ -74,16 +74,30 @@
apiData.swagger =
generate_swagger_object(request.getParameter("swagger", "UTF-8"));
- result = mod.updateAPIDesign(apiData);
- if (result.error==true) {
- obj = {
- error:true,
- message:result.message
- };
- } else {
- obj = {
- error:false,
- data :apiId
+ if(apiData.imageUrl){
+ var name = apiData.imageUrl.getName();
+ var ext = name.split('.').pop().toLowerCase();
+ var supportedFileTypes = {"png":1, "jpg":1, "gif":1 } ;
+
+ if(!supportedFileTypes[ext]) {
+ obj = {
+ error:true,
+ message:"Invalid thumbnail file type"
+ };
+ }else{
+ result = mod.updateAPIDesign(apiData);
+
+ if (result.error==true) {
+ obj = {
+ error:true,
+ message:result.message
+ };
+ } else {
+ obj = {
+ error:false,
+ data :apiId
+ }
+ }
}
}
print(obj);
add.jag
Description: Binary data
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
![Re: [Dev] How to restrict API Design page to allow only files of certain extension(.jpg, .png, .gif) to be uploaded for API thumbnail image in APIM](/search?l=dev@wso2.org&q=subject:%22Re%5C%3A+%5C%5BDev%5C%5D+How+to+restrict+API+Design+page+to+allow+only+files+of+certain+extension%5C%28.jpg%2C+.png%2C+.gif%5C%29+to+be+uploaded+for+API+thumbnail+image+in+APIM%22&o=newest){kind=link}
