From d247dbac3d8576d49d81392a2a2ea0231aecde1a Mon Sep 17 00:00:00 2001
From: pierre-lehnen-rc <55164754+pierre-lehnen-rc@users.noreply.github.com>
Date: Wed, 10 Jun 2020 08:45:32 -0300
Subject: [PATCH] [NEW] Blocked Media Types setting (#17617)

---
 app/file-upload/server/startup/settings.js    |  6 ++++
 app/importer/server/classes/ImporterBase.js   |  4 +++
 .../client/messageBox/messageBoxActions.js    |  2 ++
 .../messageBox/messageBoxAudioMessage.js      |  2 ++
 app/utils/lib/fileUploadRestrictions.js       | 33 ++++++++++++++-----
 packages/rocketchat-i18n/i18n/en.i18n.json    |  2 ++
 6 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/app/file-upload/server/startup/settings.js b/app/file-upload/server/startup/settings.js
index b56f69ac4d9..84ff2da2d4e 100644
--- a/app/file-upload/server/startup/settings.js
+++ b/app/file-upload/server/startup/settings.js
@@ -18,6 +18,12 @@ settings.addGroup('FileUpload', function() {
 		i18nDescription: 'FileUpload_MediaTypeWhiteListDescription',
 	});
 
+	this.add('FileUpload_MediaTypeBlackList', '', {
+		type: 'string',
+		public: true,
+		i18nDescription: 'FileUpload_MediaTypeBlackListDescription',
+	});
+
 	this.add('FileUpload_ProtectFiles', true, {
 		type: 'boolean',
 		public: true,
diff --git a/app/importer/server/classes/ImporterBase.js b/app/importer/server/classes/ImporterBase.js
index 3577e9b28fc..17e36687786 100644
--- a/app/importer/server/classes/ImporterBase.js
+++ b/app/importer/server/classes/ImporterBase.js
@@ -233,6 +233,9 @@ export class Base {
 				this.oldSettings.FileUpload_MediaTypeWhiteList = Settings.findOneById('FileUpload_MediaTypeWhiteList').value;
 				Settings.updateValueById('FileUpload_MediaTypeWhiteList', '*');
 
+				this.oldSettings.FileUpload_MediaTypeBlackList = Settings.findOneById('FileUpload_MediaTypeBlackList').value;
+				Settings.updateValueById('FileUpload_MediaTypeBlackList', '');
+
 				this.oldSettings.UI_Allow_room_names_with_special_chars = Settings.findOneById('UI_Allow_room_names_with_special_chars').value;
 				Settings.updateValueById('UI_Allow_room_names_with_special_chars', true);
 				break;
@@ -243,6 +246,7 @@ export class Base {
 				Settings.updateValueById('Accounts_AllowUsernameChange', this.oldSettings.Accounts_AllowUsernameChange);
 				Settings.updateValueById('FileUpload_MaxFileSize', this.oldSettings.FileUpload_MaxFileSize);
 				Settings.updateValueById('FileUpload_MediaTypeWhiteList', this.oldSettings.FileUpload_MediaTypeWhiteList);
+				Settings.updateValueById('FileUpload_MediaTypeBlackList', this.oldSettings.FileUpload_MediaTypeBlackList);
 				Settings.updateValueById('UI_Allow_room_names_with_special_chars', this.oldSettings.UI_Allow_room_names_with_special_chars);
 				break;
 		}
diff --git a/app/ui-message/client/messageBox/messageBoxActions.js b/app/ui-message/client/messageBox/messageBoxActions.js
index 9dd7ca8d75a..d9ed4d48f1c 100644
--- a/app/ui-message/client/messageBox/messageBoxActions.js
+++ b/app/ui-message/client/messageBox/messageBoxActions.js
@@ -18,6 +18,8 @@ messageBox.actions.add('Create_new', 'Video_message', {
 		&& window.MediaRecorder
 		&& settings.get('FileUpload_Enabled')
 		&& settings.get('Message_VideoRecorderEnabled')
+		&& (!settings.get('FileUpload_MediaTypeBlackList')
+			|| !settings.get('FileUpload_MediaTypeBlackList').match(/video\/webm|video\/\*/i))
 		&& (!settings.get('FileUpload_MediaTypeWhiteList')
 			|| settings.get('FileUpload_MediaTypeWhiteList').match(/video\/webm|video\/\*/i)),
 	action: ({ rid, tmid, messageBox }) => (VRecDialog.opened ? VRecDialog.close() : VRecDialog.open(messageBox, { rid, tmid })),
diff --git a/app/ui-message/client/messageBox/messageBoxAudioMessage.js b/app/ui-message/client/messageBox/messageBoxAudioMessage.js
index a96832d1b01..83931a2efd2 100644
--- a/app/ui-message/client/messageBox/messageBoxAudioMessage.js
+++ b/app/ui-message/client/messageBox/messageBoxAudioMessage.js
@@ -54,6 +54,8 @@ Template.messageBoxAudioMessage.helpers({
 			&& !Template.instance().isMicrophoneDenied.get()
 			&& settings.get('FileUpload_Enabled')
 			&& settings.get('Message_AudioRecorderEnabled')
+			&& (!settings.get('FileUpload_MediaTypeBlackList')
+				|| !settings.get('FileUpload_MediaTypeBlackList').match(/audio\/mp3|audio\/\*/i))
 			&& (!settings.get('FileUpload_MediaTypeWhiteList')
 				|| settings.get('FileUpload_MediaTypeWhiteList').match(/audio\/mp3|audio\/\*/i));
 	},
diff --git a/app/utils/lib/fileUploadRestrictions.js b/app/utils/lib/fileUploadRestrictions.js
index 9bbbf9b5761..4e62e7eed19 100644
--- a/app/utils/lib/fileUploadRestrictions.js
+++ b/app/utils/lib/fileUploadRestrictions.js
@@ -19,16 +19,16 @@ const fileUploadMediaWhiteList = function(customWhiteList) {
 	});
 };
 
-export const fileUploadIsValidContentType = function(type, customWhiteList) {
-	const list = fileUploadMediaWhiteList(customWhiteList);
-	if (!list) {
-		return true;
+const fileUploadMediaBlackList = function() {
+	const blacklist = settings.get('FileUpload_MediaTypeBlackList');
+	if (!blacklist) {
+		return;
 	}
 
-	if (!type) {
-		return false;
-	}
+	return _.map(blacklist.split(','), (item) => item.trim());
+};
 
+const isTypeOnList = function(type, list) {
 	if (_.contains(list, type)) {
 		return true;
 	}
@@ -39,6 +39,23 @@ export const fileUploadIsValidContentType = function(type, customWhiteList) {
 	if (_.contains(wildcards, type.replace(/(\/.*)$/, wildCardGlob))) {
 		return true;
 	}
+};
+
+export const fileUploadIsValidContentType = function(type, customWhiteList) {
+	const blackList = fileUploadMediaBlackList();
+	const whiteList = fileUploadMediaWhiteList(customWhiteList);
+
+	if (!type) {
+		return false;
+	}
+
+	if (blackList && isTypeOnList(type, blackList)) {
+		return false;
+	}
+
+	if (!whiteList) {
+		return true;
+	}
 
-	return false;
+	return isTypeOnList(type, whiteList);
 };
diff --git a/packages/rocketchat-i18n/i18n/en.i18n.json b/packages/rocketchat-i18n/i18n/en.i18n.json
index 4fb67345187..e552953c975 100644
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@@ -1600,6 +1600,8 @@
   "FileUpload_MaxFileSize": "Maximum File Upload Size (in bytes)",
   "FileUpload_MaxFileSizeDescription": "Set it to -1 to remove the file size limitation.",
   "FileUpload_MediaType_NotAccepted": "Media Types Not Accepted",
+  "FileUpload_MediaTypeBlackList": "Blocked Media Types",
+  "FileUpload_MediaTypeBlackListDescription": "Comma-separated list of media types. This setting has priority over the Accepted Media Types.",
   "FileUpload_MediaTypeWhiteList": "Accepted Media Types",
   "FileUpload_MediaTypeWhiteListDescription": "Comma-separated list of media types. Leave it blank for accepting all media types.",
   "FileUpload_ProtectFiles": "Protect Uploaded Files",