Add file type validation to paste upload#28017
Conversation
Added checks to ensure pasted files match allowed types and uploader is enabled before proceeding. Displays an error notification if the file type is not supported.
dosubot
bot
added
the
size:S
Summary of ChangesHello @halogen22, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the security and user experience of the file upload component by introducing comprehensive validation for pasted files. It addresses a critical bug that allowed users to bypass upload restrictions by pasting files, ensuring that only permitted file types are processed and that the uploader's enabled state is respected. Users will now receive immediate feedback if their pasted file is not supported or if uploads are disabled. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request correctly adds a check to prevent file uploads via pasting when the feature is disabled, and also adds file type validation. My feedback focuses on removing redundant validation logic to improve code maintainability and points out an inconsistency with other upload methods like drag-and-drop to ensure consistent behavior across the application.
|
Please take a look at this comment. |
* fix(api): Trace Hierarchy, Span Status, and Broken Workflow for Arize & Phoenix Integration (langgenius#27937) Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> * chore: add type-check to pre-commit (langgenius#28005) * fix document enable (langgenius#28081) * chore: not SaaS version can query long log time range (langgenius#28109) * When graph_engine worker run exception, keep the node_id for deep res… (langgenius#26205) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: -LAN- <laipz8200@outlook.com> * fix document index test (langgenius#28113) * chore: improve the user experience of not login into apps (langgenius#28120) * feat(api): Introduce `WorkflowResumptionContext` for pause state management (langgenius#28122) Certain metadata (including but not limited to `InvokeFrom`, `call_depth`, and `streaming`) is required when resuming a paused workflow. However, these fields are not part of `GraphRuntimeState` and were not saved in the previous implementation of `PauseStatePersistenceLayer`. This commit addresses this limitation by introducing a `WorkflowResumptionContext` model that wraps both the `*GenerateEntity` and `GraphRuntimeState`. This approach provides: - A structured container for all necessary resumption data - Better separation of concerns between execution state and persistence - Enhanced extensibility for future metadata additions - Clearer naming that distinguishes from `GraphRuntimeState` The `WorkflowResumptionContext` model makes extending the pause state easier while maintaining backward compatibility and proper version management for the entire execution state ecosystem. Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * add transform-datasource-credentials command online check (langgenius#28124) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Garfield Dai <dai.hai@foxmail.com> * feat: introduce trigger functionality (langgenius#27644) Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com> Co-authored-by: Stream <Stream_2@qq.com> Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com> Co-authored-by: zhsama <torvalds@linux.do> Co-authored-by: Harry <xh001x@hotmail.com> Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com> Co-authored-by: yessenia <yessenia.contact@gmail.com> Co-authored-by: hjlarry <hjlarry@163.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: WTW0313 <twwu@dify.ai> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: determine cpu cores determination in baseedpyright-check script on macos (langgenius#28058) * fix: variable assigner can't assign float number (langgenius#28068) * Add file type validation to paste upload (langgenius#28017) * test: create some hooks and utils test script, modified clipboard test script (langgenius#27928) * convert to TypeBase (langgenius#27935) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * chore: disable workflow logs auto-cleanup by default (langgenius#28136) This PR changes the default value of `WORKFLOW_LOG_CLEANUP_ENABLED` from `true` to `false` across all configuration files. ## Motivation Setting the default to `false` provides safer default behavior by: - Preventing unintended data loss for new installations - Giving users explicit control over when to enable log cleanup - Following the opt-in principle for data deletion features Users who need automatic cleanup can enable it by setting `WORKFLOW_LOG_CLEANUP_ENABLED=true` in their configuration. * fix: simplify graph structure validation in WorkflowService (langgenius#28146) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * fix: app's ai site text to speech api (langgenius#28091) * refactor(web): reuse the same edit-custom-collection-modal component, and fix the pop up error (langgenius#28003) * add doc (langgenius#28016) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * fix: inconsistent behaviour of zoom in button and shortcut (langgenius#27944) * consolve conficts * fix * fix --------- Signed-off-by: lyzno1 <yuanyouhuilyz@gmail.com> Co-authored-by: Ali Saleh <saleh.a@turing.com> Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com> Co-authored-by: lyzno1 <92089059+lyzno1@users.noreply.github.com> Co-authored-by: Jyong <76649700+JohnJyong@users.noreply.github.com> Co-authored-by: Joel <iamjoel007@gmail.com> Co-authored-by: 湛露先生 <zhanluxianshen@163.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: -LAN- <laipz8200@outlook.com> Co-authored-by: QuantumGhost <obelisk.reg+git@gmail.com> Co-authored-by: Garfield Dai <dai.hai@foxmail.com> Co-authored-by: Yeuoly <45712896+Yeuoly@users.noreply.github.com> Co-authored-by: Stream <Stream_2@qq.com> Co-authored-by: zhsama <torvalds@linux.do> Co-authored-by: Harry <xh001x@hotmail.com> Co-authored-by: lyzno1 <yuanyouhuilyz@gmail.com> Co-authored-by: yessenia <yessenia.contact@gmail.com> Co-authored-by: hjlarry <hjlarry@163.com> Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Co-authored-by: WTW0313 <twwu@dify.ai> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Bowen Liang <liang.bowen.123@qq.com> Co-authored-by: Gen Sato <52241300+halogen22@users.noreply.github.com> Co-authored-by: Gritty_dev <101377478+codomposer@users.noreply.github.com> Co-authored-by: Asuka Minato <i@asukaminato.eu.org> Co-authored-by: mnasrautinno <m.nasr@dai.autinno.com> Co-authored-by: yangzheli <43645580+yangzheli@users.noreply.github.com>
2 participants
Added checks to ensure pasted files match allowed types and uploader is enabled before proceeding. Displays an error notification if the file type is not supported.
Important
Summary
I fixed a bug that allowed pasting to succeed even when file uploads were disabled. While the original issue only described the problem with images, I found that pasting other file types was also possible. Therefore, I expanded the fix to cover all file types, not just images.
Screenshots
Checklist
dev/reformat(backend) andcd web && npx lint-staged(frontend) to appease the lint gods