Skip to content

Commit 7f58439

Browse files
carolmariaabbbrianchandotcom
carolmariaabb
authored and
brianchandotcom
committed
LPD-49016 Validate file mime type when uploading file as guest user
1 parent 18b7962 commit 7f58439

File tree

1 file changed

+33
-3
lines changed

1 file changed

+33
-3
lines changed

modules/apps/dynamic-data-mapping/dynamic-data-mapping-form-web/src/main/java/com/liferay/dynamic/data/mapping/form/web/internal/portlet/action/UploadFileEntryMVCActionCommand.java

Lines changed: 33 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,14 @@
55

66
package com.liferay.dynamic.data.mapping.form.web.internal.portlet.action;
77

8+
import com.liferay.document.library.configuration.DLFileEntryMimeTypeConfiguration;
89
import com.liferay.document.library.kernel.exception.FileExtensionException;
10+
import com.liferay.document.library.kernel.exception.FileMimeTypeException;
911
import com.liferay.document.library.kernel.exception.FileNameException;
1012
import com.liferay.document.library.kernel.exception.FileSizeException;
1113
import com.liferay.document.library.kernel.exception.InvalidFileException;
1214
import com.liferay.document.library.kernel.model.DLFileEntry;
15+
import com.liferay.document.library.kernel.util.DLValidator;
1316
import com.liferay.dynamic.data.mapping.constants.DDMActionKeys;
1417
import com.liferay.dynamic.data.mapping.constants.DDMFormConstants;
1518
import com.liferay.dynamic.data.mapping.constants.DDMPortletKeys;
@@ -22,6 +25,7 @@
2225
import com.liferay.object.model.ObjectFieldSetting;
2326
import com.liferay.object.service.ObjectFieldSettingLocalService;
2427
import com.liferay.petra.string.StringPool;
28+
import com.liferay.portal.configuration.module.configuration.ConfigurationProvider;
2529
import com.liferay.portal.kernel.exception.PortalException;
2630
import com.liferay.portal.kernel.io.unsync.UnsyncByteArrayInputStream;
2731
import com.liferay.portal.kernel.json.JSONObject;
@@ -96,6 +100,9 @@ protected void doProcessAction(
96100
@Reference
97101
private CompanyLocalService _companyLocalService;
98102

103+
@Reference
104+
private ConfigurationProvider _configurationProvider;
105+
99106
private final DDMFormUploadFileEntryHandler _ddmFormUploadFileEntryHandler =
100107
new DDMFormUploadFileEntryHandler();
101108
private final DDMFormUploadResponseHandler _ddmFormUploadResponseHandler =
@@ -104,6 +111,9 @@ protected void doProcessAction(
104111
@Reference(target = "(upload.response.handler.system.default=true)")
105112
private UploadResponseHandler _defaultUploadResponseHandler;
106113

114+
@Reference
115+
private DLValidator _dlValidator;
116+
107117
@Reference
108118
private Language _language;
109119

@@ -129,6 +139,10 @@ public FileEntry upload(UploadPortletRequest uploadPortletRequest)
129139
File file = null;
130140

131141
try {
142+
ThemeDisplay themeDisplay =
143+
(ThemeDisplay)uploadPortletRequest.getAttribute(
144+
WebKeys.THEME_DISPLAY);
145+
132146
InputStream inputStream = uploadPortletRequest.getFileAsStream(
133147
"file");
134148

@@ -140,6 +154,11 @@ public FileEntry upload(UploadPortletRequest uploadPortletRequest)
140154

141155
String fileName = uploadPortletRequest.getFileName("file");
142156

157+
String mimeType = MimeTypesUtil.getContentType(file, fileName);
158+
159+
_dlValidator.validateFileMimeType(
160+
themeDisplay.getCompanyId(), mimeType);
161+
143162
DDMFormUploadValidator.validateFileSize(file, fileName);
144163

145164
long objectFieldId = ParamUtil.getLong(
@@ -155,9 +174,7 @@ public FileEntry upload(UploadPortletRequest uploadPortletRequest)
155174
ParamUtil.getLong(uploadPortletRequest, "formInstanceId"),
156175
ParamUtil.getLong(uploadPortletRequest, "groupId"),
157176
ParamUtil.getLong(uploadPortletRequest, "folderId"), file,
158-
fileName, MimeTypesUtil.getContentType(file, fileName),
159-
(ThemeDisplay)uploadPortletRequest.getAttribute(
160-
WebKeys.THEME_DISPLAY));
177+
fileName, mimeType, themeDisplay);
161178
}
162179
finally {
163180
FileUtil.delete(file);
@@ -252,6 +269,19 @@ public JSONObject onFailure(
252269
DDMFormUploadValidator.getGuestUploadFileExtensions(),
253270
StringPool.COMMA_AND_SPACE));
254271
}
272+
else if (portalException instanceof FileMimeTypeException) {
273+
DLFileEntryMimeTypeConfiguration
274+
dlFileEntryMimeTypeConfiguration =
275+
_configurationProvider.getCompanyConfiguration(
276+
DLFileEntryMimeTypeConfiguration.class,
277+
themeDisplay.getCompanyId());
278+
279+
errorMessage = themeDisplay.translate(
280+
"please-enter-a-file-with-a-valid-mime-type-x",
281+
StringUtil.merge(
282+
dlFileEntryMimeTypeConfiguration.fileMimeTypes(),
283+
StringPool.COMMA_AND_SPACE));
284+
}
255285
else if (portalException instanceof FileNameException) {
256286
errorMessage = themeDisplay.translate(
257287
"please-enter-a-file-with-a-valid-file-name");

0 commit comments

Comments
 (0)