From 20505fc6e21d1af3b824bce52fa81f8216565683 Mon Sep 17 00:00:00 2001 From: yznahmad Date: Sat, 9 Aug 2025 18:14:39 +0300 Subject: [PATCH] 10 Descriptive message about your chansssges --- .../app/api/user/actions/settings/route.ts | 23 ++++++++++++++++++- .../dashboard/settings/generalSettings.tsx | 23 +++++++++++++++++-- webapp/src/messages/ar.json | 5 +++- webapp/src/messages/en.json | 5 +++- 4 files changed, 51 insertions(+), 5 deletions(-) diff --git a/webapp/src/app/api/user/actions/settings/route.ts b/webapp/src/app/api/user/actions/settings/route.ts index 8d9f0d2..da22208 100644 --- a/webapp/src/app/api/user/actions/settings/route.ts +++ b/webapp/src/app/api/user/actions/settings/route.ts @@ -53,8 +53,29 @@ export async function PUT(req:Request) phone : string | null = payload.phone as string | null, address : string | null = payload.address as string | null, showLogo : boolean | null = payload.showLogo as boolean | null, - logo : string | null = payload.logo as string | null, currencySymbol : string | null = payload.currencySymbol as string | null; + let logo : string | null = payload.logo as string | null; + + // Validate logo if provided + if (logo && typeof logo === 'string') { + // Check if it's a valid SVG + if (!logo.includes('')) { + return NextResponse.json({ + success: false, + message: "invalidSVGFile", + }, { + status: 400, + headers: { + "content-type": "application/json" + } + }) + } + + // Remove any script tags for security + const cleanLogo = logo.replace(/]*>.*?<\/script>/gi, ''); + // Update the logo variable with cleaned content + logo = cleanLogo; + } // update the doc let updated_doc = await userModel.updateMany({} , { $set: { diff --git a/webapp/src/components/dashboard/settings/generalSettings.tsx b/webapp/src/components/dashboard/settings/generalSettings.tsx index 1ae87d5..40e0eba 100644 --- a/webapp/src/components/dashboard/settings/generalSettings.tsx +++ b/webapp/src/components/dashboard/settings/generalSettings.tsx @@ -58,13 +58,32 @@ export default function GeneralSettings() const handleFileChange = async (event : any , setFieldValue : any) => { const file = event.target.files[0]; if (file) { + // Validate file type + if (!file.type.includes('svg') && !file.name.toLowerCase().endsWith('.svg')) { + alert(t('onlySVGFilesAllowed') || 'Only SVG files are allowed'); + event.target.value = ''; // Clear the input + return; + } + try { // get the file content - const content = await readFile(file); + const content = await readFile(file) as string; + + // Validate SVG content + if (!content.includes('')) { + alert(t('invalidSVGFile') || 'Invalid SVG file format'); + event.target.value = ''; // Clear the input + return; + } + + // Additional security check - remove any script tags + const cleanContent = content.replace(/]*>.*?<\/script>/gi, ''); + // set the field value with with new file content - setFieldValue('logo' , content) + setFieldValue('logo' , cleanContent) } catch (error) { console.error('Error reading file:', error); + alert(t('errorReadingFile') || 'Error reading file'); } } }; diff --git a/webapp/src/messages/ar.json b/webapp/src/messages/ar.json index 99ea74b..56d3593 100644 --- a/webapp/src/messages/ar.json +++ b/webapp/src/messages/ar.json @@ -364,7 +364,10 @@ "edite": "التعديل", "save": "الحفظ", "ignore": "تجاهل", - "appNameEN": "اسم التطبيق ( en )" + "appNameEN": "اسم التطبيق ( en )", + "onlySVGFilesAllowed": "يُسمح فقط بملفات SVG", + "invalidSVGFile": "تنسيق ملف SVG غير صالح", + "errorReadingFile": "خطأ في قراءة الملف" }, "statistics": { "totalMembers": "إجمالي الأعضاء", diff --git a/webapp/src/messages/en.json b/webapp/src/messages/en.json index bc2026d..739605b 100644 --- a/webapp/src/messages/en.json +++ b/webapp/src/messages/en.json @@ -368,7 +368,10 @@ "loading": "Loading", "edite": "Edite", "save": "Save", - "ignore": "Ignore" + "ignore": "Ignore", + "onlySVGFilesAllowed": "Only SVG files are allowed", + "invalidSVGFile": "Invalid SVG file format", + "errorReadingFile": "Error reading file" }, "statistics": { "totalMembers": "Total Members",