fix #2191 check uploaded file

src/main/java/org/codelibs/fess/app/web/admin/backup/AdminBackupAction.java

@@ -67,6 +67,7 @@ import org.lastaflute.web.response.ActionResponse;
 import org.lastaflute.web.response.HtmlResponse;
 import org.lastaflute.web.response.StreamResponse;
 import org.lastaflute.web.ruts.process.ActionRuntime;
+import org.lastaflute.web.validation.exception.ValidationErrorException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.InputSource;
@@ -121,6 +122,8 @@ public class AdminBackupAction extends FessAdminAction {
                 CopyUtil.copy(in, out);
             }
             asyncImport(fileName, tempFile);
+        } catch (final ValidationErrorException e) {
+            throw e;
         } catch (final Exception e) {
             logger.warn("Failed to import " + fileName, e);
         }
@@ -129,8 +132,22 @@ public class AdminBackupAction extends FessAdminAction {
     }
 
     protected void asyncImport(final String fileName, final File tempFile) {
+        final int fileType;
+        if (fileName.startsWith("system") && fileName.endsWith(".properties")) {
+            fileType = 1;
+        } else if (fileName.startsWith("gsa") && fileName.endsWith(".xml")) {
+            fileType = 2;
+        } else if (fileName.endsWith(".bulk")) {
+            fileType = 3;
+        } else {
+            throwValidationError(messages -> messages.addErrorsFileIsNotSupported(GLOBAL, fileName), () -> {
+                return asListHtml();
+            });
+            return;
+        }
+
         asyncManager.async(() -> {
-            if (fileName.startsWith("system") && fileName.endsWith(".properties")) {
+            if (fileType == 1) {
                 try (final InputStream in = new FileInputStream(tempFile)) {
                     ComponentUtil.getSystemProperties().load(in);
                 } catch (final IOException e) {
@@ -140,7 +157,7 @@ public class AdminBackupAction extends FessAdminAction {
                         logger.warn("Failed to delete " + tempFile.getAbsolutePath());
                     }
                 }
-            } else if (fileName.startsWith("gsa") && fileName.endsWith(".xml")) {
+            } else if (fileType == 2) {
                 final GsaConfigParser configParser = ComponentUtil.getComponent(GsaConfigParser.class);
                 try (final InputStream in = new FileInputStream(tempFile)) {
                     configParser.parse(new InputSource(in));
@@ -154,7 +171,7 @@ public class AdminBackupAction extends FessAdminAction {
                 configParser.getWebConfig().ifPresent(c -> webConfigBhv.insert(c));
                 configParser.getFileConfig().ifPresent(c -> fileConfigBhv.insert(c));
                 labelTypeBhv.batchInsert(Arrays.stream(configParser.getLabelTypes()).collect(Collectors.toList()));
-            } else {
+            } else if (fileType == 3) {
                 final ObjectMapper mapper = new ObjectMapper();
                 try (CurlResponse response =
                         ComponentUtil
@@ -171,7 +188,12 @@ public class AdminBackupAction extends FessAdminAction {
                                                 String line;
                                                 while ((line = br.readLine()) != null) {
                                                     if (StringUtil.isNotBlank(line)) {
-                                                        final Map<String, Map<String, String>> dataObj = parseObject(mapper, line);
+                                                        final Map<String, Map<String, String>> dataObj;
+                                                        if (line.contains("_type")) {
+                                                            dataObj = parseObject(mapper, line);
+                                                        } else {
+                                                            dataObj = null;
+                                                        }
                                                         if (dataObj != null) {
                                                             final Map<String, String> indexObj = dataObj.get("index");
                                                             if (indexObj != null && indexObj.containsKey("_type")) {

src/main/java/org/codelibs/fess/mylasta/action/FessMessages.java

@@ -344,6 +344,9 @@ public class FessMessages extends FessLabels {
     /** The key of the message: Failed to print thread dump. */
     public static final String ERRORS_failed_to_print_thread_dump = "{errors.failed_to_print_thread_dump}";
 
+    /** The key of the message: {0} is not supported. */
+    public static final String ERRORS_file_is_not_supported = "{errors.file_is_not_supported}";
+
     /** The key of the message: The given query has unknown condition. */
     public static final String ERRORS_invalid_query_unknown = "{errors.invalid_query_unknown}";
 
@@ -2010,6 +2013,21 @@ public class FessMessages extends FessLabels {
         return this;
     }
 
+    /**
+     * Add the created action message for the key 'errors.file_is_not_supported' with parameters.
+     * <pre>
+     * message: {0} is not supported.
+     * </pre>
+     * @param property The property name for the message. (NotNull)
+     * @param arg0 The parameter arg0 for message. (NotNull)
+     * @return this. (NotNull)
+     */
+    public FessMessages addErrorsFileIsNotSupported(String property, String arg0) {
+        assertPropertyNotNull(property);
+        add(property, new UserMessage(ERRORS_file_is_not_supported, arg0));
+        return this;
+    }
+
     /**
      * Add the created action message for the key 'errors.invalid_query_unknown' with parameters.
      * <pre>

src/main/resources/fess_message.properties

@@ -136,6 +136,7 @@ errors.invalid_header_for_request_file=Invalid header: {0}
 errors.could_not_delete_logged_in_user=Could not delete logged in user.
 errors.unauthorized_request=Unauthorized request.
 errors.failed_to_print_thread_dump=Failed to print thread dump.
+errors.file_is_not_supported={0} is not supported.
 
 errors.invalid_query_unknown=The given query has unknown condition.
 errors.invalid_query_parse_error=The given query is invalid.

src/main/resources/fess_message_en.properties

@@ -132,6 +132,7 @@ errors.invalid_header_for_request_file=Invalid header: {0}
 errors.could_not_delete_logged_in_user=Could not delete logged in user.
 errors.unauthorized_request=Unauthorized request.
 errors.failed_to_print_thread_dump=Failed to print thread dump.
+errors.file_is_not_supported={0} is not supported.
 
 errors.invalid_query_unknown=The given query has unknown condition.
 errors.invalid_query_parse_error=The given query is invalid.

src/main/resources/fess_message_ja.properties

@@ -138,6 +138,7 @@ errors.failed_to_read_request_file=リクエストファイルの読み込みに
 errors.invalid_header_for_request_file=ヘッダー行が正しくありません: {0}
 errors.could_not_delete_logged_in_user=ログインしているユーザーは削除できません。
 errors.failed_to_print_thread_dump=スレッドダンプの出力に失敗しました。
+errors.file_is_not_supported={0}はサポートされていません。
 
 errors.property_required={0}は必須です。
 errors.property_type_integer={0}は数値です。