diff --git a/client/components/editor/editor-modal-media.vue b/client/components/editor/editor-modal-media.vue index 4b8ab276..e21e75f2 100644 --- a/client/components/editor/editor-modal-media.vue +++ b/client/components/editor/editor-modal-media.vue @@ -10,9 +10,9 @@ .body-2(:class='$vuetify.dark ? `white--text` : `teal--text`') Assets v-spacer v-btn(flat, icon, @click='refresh') - v-icon cached + v-icon(:color='$vuetify.dark ? `white` : `teal`') refresh v-dialog(v-model='newFolderDialog', max-width='550') - v-btn.my-0.mr-0.radius-7(outline, large, color='teal', :icon='$vuetify.breakpoint.xsOnly', slot='activator') + v-btn.ml-3.my-0.mr-0.radius-7(outline, large, color='teal', :icon='$vuetify.breakpoint.xsOnly', slot='activator') v-icon(:left='$vuetify.breakpoint.mdAndUp') add span.hidden-sm-and-down(:class='$vuetify.dark ? `teal--text text--lighten-3` : ``') New Folder v-card.wiki-form diff --git a/server/controllers/upload.js b/server/controllers/upload.js index 22f83635..db6d27f3 100644 --- a/server/controllers/upload.js +++ b/server/controllers/upload.js @@ -73,6 +73,9 @@ router.post('/u', multer({ } } + // Sanitize filename + fileMeta.originalname = sanitize(fileMeta.originalname.toLowerCase().replace(/[\s,;]+/g, '_')) + // Check if user can upload at path const assetPath = (folderId) ? hierarchy.map(h => h.slug).join('/') + `/${fileMeta.originalname}` : fileMeta.originalname if (!WIKI.auth.checkAccess(req.user, ['write:assets'], { path: assetPath })) { @@ -85,7 +88,6 @@ router.post('/u', multer({ // Process upload file await WIKI.models.assets.upload({ ...fileMeta, - originalname: sanitize(fileMeta.originalname).toLowerCase(), folderId: folderId, assetPath, userId: req.user.id diff --git a/server/graph/resolvers/asset.js b/server/graph/resolvers/asset.js index c5e345eb..8fb1d53c 100644 --- a/server/graph/resolvers/asset.js +++ b/server/graph/resolvers/asset.js @@ -42,7 +42,7 @@ module.exports = { try { const folderSlug = sanitize(args.slug).toLowerCase() const parentFolderId = args.parentFolderId === 0 ? null : args.parentFolderId - const result = await WIKI.models.assetFolders.query().where({ + const result = await WIKI.models.assetFolders.query().where({ parentId: parentFolderId, slug: folderSlug }).first()