Handled invalid files when uploading DB zips (#20165)

fix https://linear.app/tryghost/issue/SLO-103/invalid-comment-length-expected-7-found-0-an-unexpected-error-occurred - similar to e8e3447f15, this captures a specific error from yauzl and throws a user-friendly error - perhaps in the future we can just look for yauzl errors and always return user-friendly errors, but let's monitor that first - also includes a breaking test
2024-11-27 10:42:45 +03:00 · 2024-05-08 14:59:34 +02:00 · 2024-05-08 14:59:34 +02:00 · 76c6e92006
commit 76c6e92006
parent f276abf9e8
3 changed files with 15 additions and 2 deletions
--- a/ghost/core/core/server/data/importer/import-manager.js
+++ b/ghost/core/core/server/data/importer/import-manager.js
@ -235,7 +235,10 @@ class ImportManager {
                    help: tpl(messages.invalidZipFileNameEncodingHelp),
                    code: 'INVALID_ZIP_FILE_NAME_ENCODING'
                });
-            } else if (err.message.includes('end of central directory record signature not found')) { // This comes from Yauzl when the zip is invalid
+            } else if (
+                err.message.includes('end of central directory record signature not found')
+                || err.message.includes('invalid comment length')
+            ) { // This comes from Yauzl when the zip is invalid
                throw new errors.UnsupportedMediaTypeError({
                    message: tpl(messages.invalidZipFileNameEncoding),
                    code: 'INVALID_ZIP_FILE'
--- a/ghost/core/test/e2e-api/admin/db.test.js
+++ b/ghost/core/test/e2e-api/admin/db.test.js
@ -104,7 +104,7 @@ describe('DB API', function () {
        });
    });

-    it('Handles invalid zip file uploads', async function () {
+    it('Handles invalid zip file uploads (central directory)', async function () {
        const res = await request.post(localUtils.API.getApiQuery('db/'))
            .set('Origin', config.get('url'))
            .attach('importfile', 'test/utils/fixtures/import/zips/empty.zip')
@ -113,4 +113,14 @@ describe('DB API', function () {

        res.body.errors[0].message.should.eql('The uploaded zip could not be read');
    });
+
+    it('Handles invalid zip file uploads (malformed comments)', async function () {
+        const res = await request.post(localUtils.API.getApiQuery('db/'))
+            .set('Origin', config.get('url'))
+            .attach('importfile', 'test/utils/fixtures/import/zips/malformed-comments.zip')
+            .expect('Content-Type', /json/)
+            .expect(415);
+
+        res.body.errors[0].message.should.eql('The uploaded zip could not be read');
+    });
 });
--- a/ghost/core/test/utils/fixtures/import/zips/malformed-comments.zip
+++ b/ghost/core/test/utils/fixtures/import/zips/malformed-comments.zip