about summary refs log tree commit diff
path: root/app/views
diff options
context:
space:
mode:
authorYamagishi Kazutoshi <ykzts@desire.sh>2017-05-08 23:49:53 +0900
committerEugen Rochko <eugen@zeonfederated.com>2017-05-08 16:49:53 +0200
commit459bbfa4b21c20809a142c41c389b7a5edd28bd8 (patch)
treea6ae031077452d36fd743873da888054e8f9034b /app/views
parent7140def5c9e49535d8ea13c8061a55588a348fda (diff)
Prevent selection of unacceptable Content-Type files (#2910)
* Prevent selection of unacceptable Content-Type files

* replace hard code

* media_attachments accept content-types in initial state
Diffstat (limited to 'app/views')
-rw-r--r--app/views/home/initial_state.json.rabl6
-rw-r--r--app/views/settings/profiles/show.html.haml4
2 files changed, 8 insertions, 2 deletions
diff --git a/app/views/home/initial_state.json.rabl b/app/views/home/initial_state.json.rabl
index b599b5cf0..ac0bee2e2 100644
--- a/app/views/home/initial_state.json.rabl
+++ b/app/views/home/initial_state.json.rabl
@@ -27,4 +27,10 @@ node(:accounts) do
   store
 end
 
+node(:media_attachments) do
+  {
+    accept_content_types: MediaAttachment::IMAGE_MIME_TYPES + MediaAttachment::VIDEO_MIME_TYPES
+  }
+end
+
 node(:settings) { @web_settings }
diff --git a/app/views/settings/profiles/show.html.haml b/app/views/settings/profiles/show.html.haml
index ed76885de..7b97fcae0 100644
--- a/app/views/settings/profiles/show.html.haml
+++ b/app/views/settings/profiles/show.html.haml
@@ -7,8 +7,8 @@
   .fields-group
     = f.input :display_name, placeholder: t('simple_form.labels.defaults.display_name'), hint: t('simple_form.hints.defaults.display_name', counter: "<span class=\"name-counter\">#{30 - @account.display_name.size}</span>").html_safe
     = f.input :note, placeholder: t('simple_form.labels.defaults.note'), hint: t('simple_form.hints.defaults.note', counter: "<span class=\"note-counter\">#{160 - @account.note.size}</span>").html_safe
-    = f.input :avatar, wrapper: :with_label, hint: t('simple_form.hints.defaults.avatar')
-    = f.input :header, wrapper: :with_label, hint: t('simple_form.hints.defaults.header')
+    = f.input :avatar, wrapper: :with_label, input_html: { accept: AccountAvatar::IMAGE_MIME_TYPES.join(',') }, hint: t('simple_form.hints.defaults.avatar')
+    = f.input :header, wrapper: :with_label, input_html: { accept: AccountHeader::IMAGE_MIME_TYPES.join(',') }, hint: t('simple_form.hints.defaults.header')
 
   = f.input :locked, as: :boolean, wrapper: :with_label, hint: t('simple_form.hints.defaults.locked')