Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/budget template doc on plan page #431

Merged
merged 24 commits into from
Sep 14, 2023
Merged

Feature/budget template doc on plan page #431

merged 24 commits into from
Sep 14, 2023

Conversation

LorenzoJokhan
Copy link
Contributor

Description

Please include

  • a summary of the changes
  • relevant motivation and context
  • a list of any dependencies that are required for this change

Issue reference

Fixes # (issue)

Type of change

Is it a new feature, bug fix, code improvement, etc.
If it is a breaking change what needs to be done to fix that

Documentation

Is the documentation updated, maybe a link

Tests

(How) has the change been tested

Branch

If the branch to merge to is not development

Badmuts
Badmuts approved these changes Sep 13, 2023
View reviewed changes
packages/cms/lib/modules/resource-form-widgets/lib/budget.js Outdated
ideaBudgets.splice(indexToDelete, 1);
}

console.log(JSON.stringify({
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be removed?

packages/cms/lib/modules/resource-form-widgets/lib/submit.js Outdated
const promises = [];
req.files.forEach((file, i) => {
const attachmentsPath = 'public/uploads/attachments/resource-form-uploads/' + req.body.resourceId;
const path = `${attachmentsPath}/${file.originalname}`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Original filename moet hier eigenlijk een random string zijn. Dit omdat elke gebruiker die inloggen kan een bestand kan uploaden hier naar toe. Als een hacker dit filepath dus kan raden en evt toegang krijgt via een andere exploit om een bestand uit te voeren op de server kan deze dus een bestand uploaden via dit formulier dat code uitvoert. De hacker weet dan precies waar dit bestand leeft op de disk en kan deze dan dus uitvoeren.

Gezien er verder ook geen checks worden gedaan op het type bestand (https://github.com/sindresorhus/file-type) kan dus alles worden geupload.

packages/cms/lib/modules/resource-form-widgets/public/js/main.js Outdated Show resolved Hide resolved
packages/cms/lib/modules/resource-form-widgets/lib/budget.js
const indexToDelete = ideaBudgets.findIndex(d =>{
return d.name === data.name});

if(indexToDelete > -1) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code om file te verwijderen van disk

Badmuts
Badmuts approved these changes Sep 14, 2023
View reviewed changes
Copy link
Contributor

@Badmuts Badmuts left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 💯

packages/cms/lib/modules/resource-form-widgets/public/js/main.js Outdated Show resolved Hide resolved
@LorenzoJokhan LorenzoJokhan merged commit ff9fc02 into development Sep 14, 2023
1 check passed
@LorenzoJokhan LorenzoJokhan deleted the feature/budget-template-doc-on-plan-page branch September 14, 2023 11:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Badmuts Badmuts Badmuts approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LorenzoJokhan @Badmuts