From 6b9a10ffe48beb350eb0ab11330b0c016deef1a2 Mon Sep 17 00:00:00 2001 From: Zanz2 Date: Tue, 14 Nov 2017 12:02:17 +0100 Subject: [PATCH] Made validations for JSON format and .txt and .json files --- app/controllers/protocols_controller.rb | 24 +++++++++++++++++++ .../protocolsio_import_create.js.erb | 5 +++- config/locales/en.yml | 1 + 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/app/controllers/protocols_controller.rb b/app/controllers/protocols_controller.rb index 9116cb4d4..46cddd4a2 100644 --- a/app/controllers/protocols_controller.rb +++ b/app/controllers/protocols_controller.rb @@ -598,7 +598,16 @@ class ProtocolsController < ApplicationController def protocolsio_import_create @protocolsio_too_big = false + @protocolsio_invalid_file = false + extension = File.extname(params[:json_file].path) file_size = File.size(params[:json_file].path) + if extension != '.txt' && extension != '.json' + @protocolsio_invalid_file = true + respond_to do |format| + format.js {} + end + return 0 # return 0 stops the rest of the controller code from executing + end if file_size / 1000 > Constants::FILE_MAX_SIZE_MB @protocolsio_too_big = true respond_to do |format| @@ -607,11 +616,19 @@ class ProtocolsController < ApplicationController # named the same as this controller # where a javascript alert is called end + return 0 # return 0 stops the rest of the controller code from executing end json_file_contents = File.read(params[:json_file].path) json_file_contents.gsub! '\"', "'" # escaped double quotes too stressfull, html works with single quotes too # json double quotes dont get escaped since they dont match \" + unless valid_protocol_json(json_file_contents) + @protocolsio_invalid_file = true + respond_to do |format| + format.js {} + end + return 0 # return 0 stops the rest of the controller code from executing + end @json_object = JSON.parse(json_file_contents) @protocol = Protocol.new respond_to do |format| @@ -917,6 +934,13 @@ class ProtocolsController < ApplicationController private + def valid_protocol_json(json) + JSON.parse(json) + return true + rescue JSON::ParserError => e + return false + end + # pio_stp_x means protocols io step (id of component) parser def pio_stp_1(iterating_key) # protocols io description parser br = '
' diff --git a/app/views/protocols/protocolsio_import_create.js.erb b/app/views/protocols/protocolsio_import_create.js.erb index d7284b504..a922a15ba 100644 --- a/app/views/protocols/protocolsio_import_create.js.erb +++ b/app/views/protocols/protocolsio_import_create.js.erb @@ -3,6 +3,9 @@ $('#modal-import-json-protocol').modal('hide'); HelperModule.flashAlertMsg(' <%= t('my_modules.protocols.load_from_file_size_error', size: Constants::FILE_MAX_SIZE_MB ) %>','danger'); +<% elsif @protocolsio_invalid_file %> +$('#modal-import-json-protocol').modal('hide'); +HelperModule.flashAlertMsg(' <%= t('my_modules.protocols.load_from_file_invalid_error') %>','danger'); <% else %> $('#modal-import-json-protocol').modal('hide'); <% if remotipart_submitted? %> <%# a workaround to a bug with remotipart, that caused alot of headache, courtesy of github.com/dhampik %> @@ -15,5 +18,5 @@ HelperModule.flashAlertMsg(' <%= t('my_modules.protocols.load_from_file_size_err ); <% end %> $('#modal-import-json-protocol-preview').modal('show'); - + <% end %> diff --git a/config/locales/en.yml b/config/locales/en.yml index 0ebb3e5e1..22fb76200 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -603,6 +603,7 @@ en: load_from_file_error: "Failed to load the protocol from file." load_from_file_error_locked: "Failed to load the protocol from file. One or more files are currently being edited." load_from_file_size_error: "Failed to load the protocol from file. Limit is %{size}Mb." + load_from_file_invalid_error: "The file you provided is invalid or has an invalid extension." load_from_file_protocol_general_error: "Failed to load the protocol from file. It is likely that certain fields (protocol and individual step titles and names) contain too many or too few characters.(max is %{max} and min is %{min})" results: head_title: "%{project} | %{module} | Results"