redmine-WhitelistAndBlacklist-attachment-extensions.diff - Redmine

       validates_length_of :filename, :maximum => 255
       validates_length_of :disk_filename, :maximum => 255
       validates_length_of :description, :maximum => 255
       validate :validate_max_file_size
       validate :validate_max_file_size, :validate_file_extension
       attr_protected :id
       acts_as_event :title => :filename,
-...
         end
       end
       def validate_file_extension
       	blacklisted = false
       	ext = File.extname(self.filename)
     	# if defined, check whether file's extension is blacklisted
     	if not Setting.attachment_extension_blacklist.empty?
     		extension_blacklist = Setting.attachment_extension_blacklist.split(",").map { |s| '.' + s }
     		if extension_blacklist.include?(ext)
     			blacklisted = true
     			errors.add(:base, l(:error_attachment_extension_blacklisted, :blacklist => Setting.attachment_extension_blacklist))
     		end
     	end
     	# if defined, check whether file's extension is whitelisted
     	if (not Setting.attachment_extension_whitelist.empty?) and (not blacklisted)
     		extension_whitelist = Setting.attachment_extension_whitelist.split(",").map { |s| '.' + s }
     		if not extension_whitelist.include?(ext)
     			errors.add(:base, l(:error_attachment_extension_not_whitelisted, :whitelist => Setting.attachment_extension_whitelist))
     		end
     	end
       end
       def file=(incoming_file)
         unless incoming_file.nil?
           @temp_file = incoming_file

     <%= wikitoolbar_for 'settings_welcome_text' %>
     <p><%= setting_text_field :attachment_max_size, :size => 6 %> <%= l(:"number.human.storage_units.units.kb") %></p>
     <p><%= setting_text_field :attachment_extension_whitelist %>
     <em class="info"><%= l(:text_comma_separated) %></em></p>
     <p><%= setting_text_field :attachment_extension_blacklist %>
     <em class="info"><%= l(:text_comma_separated) %></em></p>
     <p><%= setting_text_field :per_page_options, :size => 20 %>
     <em class="info"><%= l(:text_comma_separated) %></em></p>

       error_unable_delete_issue_status: 'Unable to delete issue status'
       error_unable_to_connect: "Unable to connect (%{value})"
       error_attachment_too_big: "This file cannot be uploaded because it exceeds the maximum allowed file size (%{max_size})"
       error_attachment_extension_not_whitelisted: "Attachment extension not whitelisted; allowed extensions: %{whitelist}"
       error_attachment_extension_blacklisted: "Attachment extension blacklisted; disallowed extensions: %{blacklist}"
       error_session_expired: "Your session has expired. Please login again."
       warning_attachments_not_saved: "%{count} file(s) could not be saved."
       error_password_expired: "Your password has expired or the administrator requires you to change it."
-...
       setting_login_required: Authentication required
       setting_self_registration: Self-registration
       setting_attachment_max_size: Maximum attachment size
       setting_attachment_extension_whitelist: Whitelisted attachment extensions
       setting_attachment_extension_blacklist: Blacklisted attachment extensions
       setting_issues_export_limit: Issues export limit
       setting_mail_from: Emission email address
       setting_bcc_recipients: Blind carbon copy recipients (bcc)

     attachment_max_size:
       format: int
       default: 5120
     attachment_extension_whitelist:
       default:
     attachment_extension_blacklist:
       default:
     issues_export_limit:
       format: int
       default: 500

Redmine