diff options
| author | Corey Hulen <corey@hulen.com> | 2015-07-21 15:46:12 -0800 |
|---|---|---|
| committer | Corey Hulen <corey@hulen.com> | 2015-07-21 15:46:12 -0800 |
| commit | 269185fb0e252e8105d5f143ca104a069ec10c47 (patch) | |
| tree | 37eb1f616abcd5a923d8c730b9f7a6d1b5b56f2d /api/post.go | |
| parent | 06bac01e882a7b05519d0e39bccafacd0c27c602 (diff) | |
| parent | 237920e314f3974880d9913aff69faafbe094107 (diff) | |
| download | chat-269185fb0e252e8105d5f143ca104a069ec10c47.tar.gz chat-269185fb0e252e8105d5f143ca104a069ec10c47.tar.bz2 chat-269185fb0e252e8105d5f143ca104a069ec10c47.zip | |
Merge pull request #205 from mattermost/mm-1351
fixes mm-1351 adds local server storage
Diffstat (limited to 'api/post.go')
| -rw-r--r-- | api/post.go | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/api/post.go b/api/post.go index 2d25f7ab0..268a9be20 100644 --- a/api/post.go +++ b/api/post.go @@ -160,6 +160,39 @@ func CreatePost(c *Context, post *model.Post, doUpdateLastViewed bool) (*model.P post.UserId = c.Session.UserId + if len(post.Filenames) > 0 { + doRemove := false + for i := len(post.Filenames) - 1; i >= 0; i-- { + path := post.Filenames[i] + + doRemove = false + if model.UrlRegex.MatchString(path) { + continue + } else if model.PartialUrlRegex.MatchString(path) { + matches := model.PartialUrlRegex.FindAllStringSubmatch(path, -1) + if len(matches) == 0 || len(matches[0]) < 4 { + doRemove = true + } + + channelId := matches[0][1] + if channelId != post.ChannelId { + doRemove = true + } + + userId := matches[0][2] + if userId != post.UserId { + doRemove = true + } + } else { + doRemove = true + } + if doRemove { + l4g.Error("Bad filename discarded, filename=%v", path) + post.Filenames = append(post.Filenames[:i], post.Filenames[i+1:]...) + } + } + } + var rpost *model.Post if result := <-Srv.Store.Post().Save(post); result.Err != nil { return nil, result.Err |