From d74831aa0695cad4353c4141bb9360bac5da4626 Mon Sep 17 00:00:00 2001
From: Angus McLeod <angus@mcleod.org.au>
Date: Tue, 14 Apr 2020 16:45:25 +1000
Subject: [PATCH] Fix file type validation

---
 config/locales/server.en.yml      |  3 +++
 lib/custom_wizard/builder.rb      | 11 +++++++++++
 lib/custom_wizard/step_updater.rb |  2 --
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index f7c7a2ab..58332e3c 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -10,11 +10,14 @@ en:
       too_short: "%{label} must be at least %{min} characters"
       required: "%{label} is required."
       not_url: "%{label} must be a valid url"
+      invalid_file: "%{label} must be a %{types}"
+    
     none: "We couldn't find a wizard at that address."
     no_skip: "Wizard can't be skipped"
     export:
       error:
         select_one: "Please select atleast one wizard"
+    
     import:
       error:
         no_file: "No file selected"
diff --git a/lib/custom_wizard/builder.rb b/lib/custom_wizard/builder.rb
index fba34f48..86da0285 100644
--- a/lib/custom_wizard/builder.rb
+++ b/lib/custom_wizard/builder.rb
@@ -287,6 +287,7 @@ class CustomWizard::Builder
     required = field['required']
     id = field['id'].to_s
     min_length = field['min_length'] if is_text_type(field)
+    file_types = field['file_types']
     
     if required && !value
       updater.errors.add(id, I18n.t('wizard.field.required', label: label))
@@ -303,6 +304,10 @@ class CustomWizard::Builder
     if type === 'checkbox'
       updater.fields[id] = standardise_boolean(value)
     end
+    
+    if type === 'upload' && !validate_file_type(value, file_types)
+      updater.errors.add(id, I18n.t('wizard.field.invalid_file', label: label, types: file_types))
+    end
 
     CustomWizard::Builder.field_validators.each do |validator|
       if type === validator[:type]
@@ -310,6 +315,12 @@ class CustomWizard::Builder
       end
     end
   end
+  
+  def validate_file_type(value, file_types)
+    file_types.split(',')
+      .map { |t| t.gsub('.', '') }
+      .include?(File.extname(value['original_filename'])[1..-1])
+  end
 
   def is_text_type(field)
     ['text', 'textarea'].include? field['type']
diff --git a/lib/custom_wizard/step_updater.rb b/lib/custom_wizard/step_updater.rb
index caeb37ef..33509a77 100644
--- a/lib/custom_wizard/step_updater.rb
+++ b/lib/custom_wizard/step_updater.rb
@@ -13,8 +13,6 @@ class CustomWizard::StepUpdater
   end
 
   def update
-    byebug
-
     if SiteSetting.custom_wizard_enabled &&
        @step.present? &&
        @step.updater.present? &&