Filter file extensions robustly #7326
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WalkthroughThe changes in Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Actionable comments posted: 3
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
src/core/ui/upload/FileUpload/FileUpload.tsx(3 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
src/core/ui/upload/FileUpload/FileUpload.tsx (1)
Pattern src/**/*.{ts,tsx,js}: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:
- We have a global error handler in place. So local
try/catchblocks are not required unless they provide value beyond what the global error handler already covers. - Avoid flagging the absence of local error handling in cases where the global error handler suffices.
- Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).
Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip: with the same variable.
Examples:
- Not Required: there's a skip
{
variables: { templateId: templateId! },
skip: !templateId,
}
Check for common security vulnerabilities such as:
- SQL Injection
- XSS (Cross-Site Scripting)
- CSRF (Cross-Site Request Forgery)
- Insecure dependencies
- Sensitive data exposure
🔇 Additional comments (2)
src/core/ui/upload/FileUpload/FileUpload.tsx (2)
13-13: LGTM!
The useMemo import is appropriate for the new memoization implementation.
41-87: Verify browser compatibility of the implementation
The implementation looks solid, but we should verify it works across different browser/OS combinations as mentioned in the PR objectives.
✅ Verification successful
Browser compatibility for MIME type mapping is properly handled
The implementation includes explicit MIME type to extension mapping to handle browser inconsistencies, as evidenced by the comment and comprehensive mapping in the code. The mapping covers all major file types (PDF, Excel, Word, Images, PowerPoint) with their corresponding extensions, ensuring consistent behavior across different browsers.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for any existing browser-specific workarounds or issues
rg -i "browser|chrome|firefox|safari|edge" --type ts --type tsx
Length of output: 93
Script:
#!/bin/bash
# Search for any existing browser-specific workarounds or issues with correct file type
rg -i "browser|chrome|firefox|safari|edge" -t ts -t tsx
# Search for any tests related to file upload and browser compatibility
rg -i "test.*fileupload|browser.*test" -t ts -t tsx
# Look for any comments or documentation about browser compatibility
rg "NOTE:.*browser|TODO:.*browser" -t ts -t tsx
Length of output: 245
Script:
#!/bin/bash
# Search for any existing browser-specific workarounds or issues
rg -i "browser|chrome|firefox|safari|edge"
# Look for any tests related to file upload
rg -i "test.*fileupload"
# Search for mime type related code
rg "mimeType.*map|allowedMimeTypes"
Length of output: 65999
ccanos
approved these changes
Dec 13, 2024
ccanos
pushed a commit
that referenced
this pull request
Dec 13, 2024
valentinyanakiev
added a commit
that referenced
this pull request
Jan 20, 2025
* profileData renamed to profile on CreateWhiteboardInput * Removed visualUrl from post, which doens't make sense on creation * graphical tweak and little rename * Fix #7316 Create template permission (#7319) * Filter file extensions robustly (#7326) * Fix creating a subspace on a Space by nameId (#7328) * Fix creating a subspace on a Space by nameId * remove unused var * Fix Tutorials Iframes (#7323) * Fix tutorials iframes * parse the iframe with the DOMParser instead of with regex --------- Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> * Add Callouts preview accordion on SubspacesList default subspace template selector (#7325) * Add Callouts preview accordion on SubspacesList default subspace template selector * usememo * memoize the Description component --------- Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> * codegen --------- Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com>
reactoholic
added a commit
that referenced
this pull request
Jan 29, 2025
* fix forum discussion styles * update contributors image for unauth users and fix styles (#7354) * update contributors image for unauth users and fix styles * resolve pr comments * Remove location from VC card * remove usage of anonymousReadAccess (#7332) * Fix dashboard access (#7360) * Fix dashboard access * fixed scope * change polling interval * fix pr comment * renamed to useSpaceTemplate*s*ManagerQuery --------- Co-authored-by: Carlos Cano <carlos@alkem.io> * Handling of scroll and page change in documentation. (#7359) * logs for the frame origin * add allow-scripts to the docs iframe * Improve the layout banner of Documentation page; * Subtitle for the Docs page * added new tabs to user + org admin pages; refactored contributor admin pages (#7367) * added new tabs to user + org admin pages; refactored how admin pages for users + orgs + vcs are managed; moved some global admin functionality out of domain down to platform admin; ... * updated generation to match api tidy ups related to set of preference types + ID passing for org mutations * fix compile errors related to dropping of separate UserPreferenceType enum * Synchronize icons, remove comments, make sure there are no redundant settings calls. * Links & Docs to BoK on VC creation (#7365) * VC documents and links BoK - refactor the AddContent * VC documents and links implementation without validation; * resolve rabbit comments --------- Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> Co-authored-by: reactoholic <petar.georgiev.kolev@gmail.com> * Links and Docs - forgotten commit with Validation (#7377) * CalloutsSet entity (#7376) * codegen passing with updated api * fixed api + codegen passes * code compiling * pick up create callout privilege from the CalloutsSet * callouts showing up after creation * retrieving of callouts using only calloutsSet ID * moved code around to have notion of calloutsSet in tree * fix array dep breaking tool creation; small code optimizations; --------- Co-authored-by: bobbykolev <bobbykolev@abv.bg> * split useCallouts into also useCalloutsOnCollaboration (#7378) * Style UserAvatar tooltip (#7384) * Fix: Deleting subspace l2 from its settings throws errors on space dashboard * InnovationFlow States names validation - no commas (#7391) * Add arcadeSoftware to the whitelist of iframes (#7397) * bump client version (#7403) * implement image pasting in md editor (#7387) * codegen compilation * Fix: ENTITY_NOT_FOUND Error is triggered after first login server#4790 (#7396) * Remove `makeStyles` from `AlkemioAvatar` and `CommunityUpdatesView` (#7390) * Clean up alkemio avatar component The goal is to remove `@mui/styles`, but as the component is deprecated, it is replaced with the new avatar component in the user popup and the deprecated component is cleaned up from all unused features. The user popup is inlined in it to simplify more the interface of the component. * update contributors image for unauth user (#7410) * bug fix: verified label overlaps with text (#7415) * removed usage of AuthorizationCredential, replaced with RoleName; removed usage of UserGroups * added label to issue templates (#7425) * Limit the answers length on ApplicationForm (#7419) * Limit the answers length on ApplicationForm * Fix error message --------- Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> * Display account entitlements (#7414) * wip * removed state from some dialogs --------- Co-authored-by: Carlos Cano <carlos@alkem.io> * Fix: ENTITY_NOT_FOUND Error is triggered after first login server#4790 (#7396) * Remove `makeStyles` from `AlkemioAvatar` and `CommunityUpdatesView` (#7390) * Clean up alkemio avatar component The goal is to remove `@mui/styles`, but as the component is deprecated, it is replaced with the new avatar component in the user popup and the deprecated component is cleaned up from all unused features. The user popup is inlined in it to simplify more the interface of the component. * update contributors image for unauth user (#7410) * bug fix: verified label overlaps with text (#7415) * added label to issue templates (#7425) * Limit the answers length on ApplicationForm (#7419) * Limit the answers length on ApplicationForm * Fix error message --------- Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> * Display account entitlements (#7414) * wip * removed state from some dialogs --------- Co-authored-by: Carlos Cano <carlos@alkem.io> * update contributors image for unauth user (#7410) * first pass fixing * second pass * Third pass * 6 errors left * Removing scary words in translation.en.json (#7432) * moved to using UUIDs * Add Updates from leads block to the subspaces page (l1 & l2). (#7417) * Add Updates from leads block to the subspaces page (l1 & l2). * share url --------- Co-authored-by: Carlos Cano <carlos@alkem.io> * Fix Sidebar list of spaces not refreshing after subspace delete (#7418) Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> * fix * [VC] Knowledge base instead of Subspace BoK in Written Knowledge step (#7381) * added new tabs to user + org admin pages; refactored how admin pages for users + orgs + vcs are managed; moved some global admin functionality out of domain down to platform admin; ... * updated generation to match api tidy ups related to set of preference types + ID passing for org mutations * fix compile errors related to dropping of separate UserPreferenceType enum * Synchronize icons, remove comments, make sure there are no redundant settings calls. * Links & Docs to BoK on VC creation (#7365) * VC documents and links BoK - refactor the AddContent * VC documents and links implementation without validation; * resolve rabbit comments --------- Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> Co-authored-by: reactoholic <petar.georgiev.kolev@gmail.com> * Links and Docs - forgotten commit with Validation (#7377) * CalloutsSet entity (#7376) * codegen passing with updated api * fixed api + codegen passes * code compiling * pick up create callout privilege from the CalloutsSet * callouts showing up after creation * retrieving of callouts using only calloutsSet ID * moved code around to have notion of calloutsSet in tree * fix array dep breaking tool creation; small code optimizations; --------- Co-authored-by: bobbykolev <bobbykolev@abv.bg> * VC knowledge base instead of subspace init * Space creation after VC creation, loading, code opt & reorganization * Fix docs uploading, code organization and documentation; * fix uploading of docs in case there's no space under the acc; remove misleading createdSpaceId usage; * useLoadingState instead of a new React State * Fix - set properly the persona type depending on the 3 steps; * Ability to select SpaceLevel2 on create VC (#7386) * VC Knowledge Base callouts dialog (#7388) * VC Knowledge Base callouts dialog - init. * Filter available callout types. * disable rich media on VC callout creation. * Description component with update functionality. * Update the Create Written Knowledge UI and initial state; Fix dialog titles in VC flow. * Reingest logic in the Knowledge dialog. * Remove the icon logic for CalloutVisibilityChangeDialog. * Use the account hostname for space created in the VC flow. * fix VC dialog not opening; remove outdated copy; * storage config for KnowledgeBase description --------- Co-authored-by: Neil Smyth <neil@thesmyths.eu> Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> Co-authored-by: reactoholic <petar.georgiev.kolev@gmail.com> Co-authored-by: Neil Smyth <30729240+techsmyth@users.noreply.github.com> Co-authored-by: Carlos Cano <carlos@alkem.io> * add cspell config (#7404) * resolveIds returns string and not the entity * proper check for available account for the vc flow (#7433) * VirtualContributor fixes * name ids * updated for renamed mutation * Client web/7416 disable image pasting when hide image options flag is true (#7428) * fix organization verified sign font size by simone's ask * disable image pasting if hideImageOptions flag is true * optimize paste handler * resolve pr comment * Extract the isImageOrHtmlWithImage and call it once per item. --------- Co-authored-by: Bobby Kolev <bobbykolev@abv.bg> * Fix can't add callout to VC KnowledgeBase. (#7437) Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> * url resolver * url builders * Create space link entitlements (#7442) * check for entitlements in the CreateSpaceLink (cherry picked from commit aed1830) * 0.79.7 (cherry picked from commit 7ec232c) * updated to work with fields for entryRole + elevatedRole availability * MD fixes - comments not visible with long Post description; `pre` long line not visible; (#7435) * move fragment * missing padding for the items on the left block on space and subspaces (#7448) * Optimize the Contributor Account Tab and VC flow (#7444) * Optimize subspace query under acc. Fix first VC/Space flow resulting in errors. * Fix add to community and navigation related to spaceId * polishing * fix navigation of subspaces * Optimize the main vcWizard account call. * pr fix --------- Co-authored-by: Carlos Cano <carlos@alkem.io> * Admin Roles management * Available users search. Organizations auth using rolesetAdmin * Organization roles management * fix style * clean up. first 0 errors * removed usage of platform role set id on mutations for roles on platform as not needed (only one) * check for the correct privilege for Callout creation * Add checkbox for adding tutorials when creating new space and fix UI issue in Mozilla regarding the URL input (#7447) * updated for adjusted privilege names * [VC Flow] Choose community step (#7457) * choose community step in vc flow * fix data reload on home dash; * refetch the BoK after VC callouts creation * Append visuals to create profile input (#7301) * profileData renamed to profile on CreateWhiteboardInput * Removed visualUrl from post, which doens't make sense on creation * graphical tweak and little rename * Fix #7316 Create template permission (#7319) * Filter file extensions robustly (#7326) * Fix creating a subspace on a Space by nameId (#7328) * Fix creating a subspace on a Space by nameId * remove unused var * Fix Tutorials Iframes (#7323) * Fix tutorials iframes * parse the iframe with the DOMParser instead of with regex --------- Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> * Add Callouts preview accordion on SubspacesList default subspace template selector (#7325) * Add Callouts preview accordion on SubspacesList default subspace template selector * usememo * memoize the Description component --------- Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> * codegen --------- Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> * restrict activities block to 10 results and add activities dialog (#7463) * Handle missing privileges for add VC to community. (#7470) * Fix the save as template option missing due to missing array deps (#7476) * Remove nameIds from VC dialogs * Entitlements view based on permissions and limits (#7467) * Fix #7451 * Common component to handle the --------- Co-authored-by: Svetoslav Petkov <svetoslav@alkem.io> * display usage-limit of spaces in the account page (#7468) * display usage-limit of spaces in the account page * making safer check --------- Co-authored-by: Svetoslav Petkov <svetoslav@alkem.io> * removed another url builder * Remove SpaceRoleSetContributorTypes query and a few unused queries more * Fix innovationHubs * Fix add checkbox for tutorials UI bug (#7466) * fix add checkbox for tutorials ui * restore graphql files --------- Co-authored-by: Bobby Kolev <bobbykolev@abv.bg> * Fix first-child + useEffect dynamic deps array length console errors; (#7477) Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> * Bug fix: search bar in spaces page not working, and page refreshes on search term enter (#7462) * search spaces page not working * visualize subspaces as well * resolve pr comment * resolve pr comment * fix missing callouts in create template preview (#7482) Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> * Fix organization provider * clean * Rename files * Removed variables from notification query (#7481) * First pass removing useCommunityAdmin * rename forlder * wip * VC Flow - proper filtering of Existing Spaces (#7490) * apply multiple filters on space activities (#7489) Co-authored-by: Bobby Kolev <bobbykolev@abv.bg> * Available users/orgs/vcs hook * support knowledge-base route on VC profile (#7480) * fix nameId issue on VC profile * fix userNameId issues on UserProfile * a bit of cleanup. 0 errors again * fix paste issue (#7493) * removing fragment CommunityRoleSetDetails * clean up * Moved files * Remove groups * VC Flow - proper filtering of Existing Spaces (#7490) * apply multiple filters on space activities (#7489) Co-authored-by: Bobby Kolev <bobbykolev@abv.bg> * support knowledge-base route on VC profile (#7480) * fix paste issue (#7493) * VC Flow - proper filtering of Existing Spaces (#7490) * UserPage clean nameId * Removed some unused code * ApplicationDialog * invitations in RolesetAdmin * Delete more group things * updatePreference mutation * remove useInviteUsers * fix md editor typing issue (#7501) * small refactor * no space creation when org has no spaces and vc is created * refetch * Account storage config for the account resources (#7486) * use account storage config for entities under the account (instead userStorage) * refactor a bit --------- Co-authored-by: Carlos Cano <carlos@alkem.io> * disable new posts on knowledgebase callouts (#7507) * knowledgebase-disable-new-posts (#7509) * No default callouts on space creation w tutorials (#7518) * update graphql schema * Add VC Callouts route (#7515) * Url for posts that are inside VC knowledge-base * fix url resolver * 0.80.0 (#7526) * reingest after creation of a VC with Space BoK (#7536) * 0.80.1 * BugFix anonymous user access to public space (#7541) * crowdin config (#7549) * Fix search in space (#7552) * Fix search in space * Also use the lookup for space details * Translations (#7553) * 0.80.2 * disabled Crowdin action --------- Co-authored-by: reactoholic <petar.georgiev.kolev@gmail.com> Co-authored-by: Petar Kolev <33326233+reactoholic@users.noreply.github.com> Co-authored-by: Carlos Cano <carlos@alkem.io> Co-authored-by: Neil Smyth <30729240+techsmyth@users.noreply.github.com> Co-authored-by: Valentin Yanakiev <valentin.yanakiev@gmail.com> Co-authored-by: Neil Smyth <neil@thesmyths.eu> Co-authored-by: Todorka Halacheva <56818790+thalacheva@users.noreply.github.com> Co-authored-by: Svetoslav Petkov <svetoslav@alkem.io> Co-authored-by: Simone <38861315+SimoneZaza@users.noreply.github.com> Co-authored-by: Evgeni Dimitrov <comoque@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit