yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reopen branch/PR for fixes

Browse Source 
* Reorder usings
* Add an error response & log the reason if we can't move a file about
* Add UmbracoApplicationAuthorize attribute for security so not any user can upload images
This commit is contained in:
Warren Buckley
2019-09-12 08:49:40 +01:00
parent 5b791a1787
commit 4ccebbc209
1 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/Umbraco.Web/Editors/TinyMceController.cs
View File

@@ -1,32 +1,41 @@
using System.Net;
using System.Net.Http;
using System.Web.Http;
using Umbraco.Core.Services;
using Umbraco.Web.WebApi;
using Umbraco.Core;
using Umbraco.Web.Mvc;
using Umbraco.Core.IO;
using System;
using System.IO;
using System.Threading.Tasks;
using Umbraco.Web.Composing;
using Umbraco.Core.Configuration.UmbracoSettings;
using System.Linq;
using System;
using System.Net;
using System.Net.Http;
using System.Threading.Tasks;
using System.Web.Http;
using Umbraco.Core;
using Umbraco.Core.Configuration.UmbracoSettings;
using Umbraco.Core.IO;
using Umbraco.Core.Logging;
using Umbraco.Core.Services;
using Umbraco.Web.Composing;
using Umbraco.Web.Mvc;
using Umbraco.Web.WebApi;
using Umbraco.Web.WebApi.Filters;
using Constants = Umbraco.Core.Constants;
namespace Umbraco.Web.Editors
{
[PluginController("UmbracoApi")]
[UmbracoApplicationAuthorize(
Constants.Applications.Content,
Constants.Applications.Media,
Constants.Applications.Members)]
public class TinyMceController : UmbracoAuthorizedApiController
{
private IMediaService _mediaService;
private IContentTypeBaseServiceProvider _contentTypeBaseServiceProvider;
public TinyMceController(IMediaService mediaService, IContentTypeBaseServiceProvider contentTypeBaseServiceProvider)
{
_mediaService = mediaService;
_contentTypeBaseServiceProvider = contentTypeBaseServiceProvider;
}
[UmbracoApplicationAuthorize(Constants.Applications.Content)]
[HttpPost]
public async Task<HttpResponseMessage> UploadImage()
{
@@ -91,8 +100,9 @@ namespace Umbraco.Web.Editors
}
catch (Exception ex)
{
// Could be a file permission ex
throw;
// IOException, PathTooLong, DirectoryNotFound, UnathorizedAccess
Logger.Error<TinyMceController>(ex, "Error when trying to move {CurrentFilePath} to {NewFilePath}", currentFile, newFilePath);
return Request.CreateErrorResponse(HttpStatusCode.InternalServerError, $"Error when trying to move {currentFile} to {newFilePath}", ex);
}
return Request.CreateResponse(HttpStatusCode.OK, new { tmpLocation = relativeNewFilePath });