From 17f26b8c2c981ee993f812510d68751ca03637c3 Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Tue, 22 Jul 2014 15:46:31 +0100
Subject: [PATCH] Support to allow for a setting so you can stop unknown file
 types from being imported

---
 settings.json.template            | 11 +++++++----
 src/node/handler/ImportHandler.js | 11 ++++++++---
 src/node/utils/Settings.js        |  5 +++++
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/settings.json.template b/settings.json.template
index 5868af6a3..359d1f8bd 100644
--- a/settings.json.template
+++ b/settings.json.template
@@ -74,19 +74,22 @@
   /* This is the path to the Abiword executable. Setting it to null, disables abiword.
      Abiword is needed to advanced import/export features of pads*/  
   "abiword" : null,
+
+  /* Should we allow of file types other than the supported types: .html, .txt, .doc, .docx, .rtf, .ods */
+  "allowUnknownFileEnds" : true,
  
   /* This setting is used if you require authentication of all users.
      Note: /admin always requires authentication. */
-  "requireAuthentication": false,
+  "requireAuthentication" : false,
 
   /* Require authorization by a module, or a user with is_admin set, see below. */
-  "requireAuthorization": false,
+  "requireAuthorization" : false,
   
   /*when you use NginX or another proxy/ load-balancer set this to true*/
-  "trustProxy": false,
+  "trustProxy" : false,
   
   /* Privacy: disable IP logging */
-  "disableIPlogging": false,  
+  "disableIPlogging" : false,  
   
   /* Users for basic authentication. is_admin = true gives access to /admin.
      If you do not uncomment this, /admin will not be available! */
diff --git a/src/node/handler/ImportHandler.js b/src/node/handler/ImportHandler.js
index 60fa5ffb1..8e724671f 100644
--- a/src/node/handler/ImportHandler.js
+++ b/src/node/handler/ImportHandler.js
@@ -92,9 +92,14 @@ exports.doImport = function(req, res, padId)
       }
       //we need to rename this file with a .txt ending
       else {
-        var oldSrcFile = srcFile;
-        srcFile = path.join(path.dirname(srcFile),path.basename(srcFile, fileEnding)+".txt");
-        fs.rename(oldSrcFile, srcFile, callback);
+        if(settings.allowUnknownFileEnds === true){
+          var oldSrcFile = srcFile;
+          srcFile = path.join(path.dirname(srcFile),path.basename(srcFile, fileEnding)+".txt");
+          fs.rename(oldSrcFile, srcFile, callback);
+        }else{
+          console.warn("Not allowing unknown file type to be imported", fileEnding);
+          callback("uploadFailed");
+        }
       }
     },
     function(callback){
diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js
index 8b17a6d34..bbebf0bd8 100644
--- a/src/node/utils/Settings.js
+++ b/src/node/utils/Settings.js
@@ -129,6 +129,11 @@ exports.minify = true;
  */
 exports.abiword = null;
 
+/**
+ * Should we support none natively supported file types on import?
+ */
+exports.allowUnknownFileEnds = true;
+
 /**
  * The log level of log4js
  */