diff --git a/package.json b/package.json
index 43e25a66f8..b08527d70d 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
"gravatar": "^1.1.0",
"heapdump": "^0.3.0",
"html-to-text": "1.3.2",
- "jimp": "^0.2.5",
+ "jimp": "0.2.17",
"less": "^2.0.0",
"logrotate-stream": "^0.2.3",
"lru-cache": "^2.6.1",
diff --git a/src/controllers/uploads.js b/src/controllers/uploads.js
index 3ee0c97c8e..7d45bea675 100644
--- a/src/controllers/uploads.js
+++ b/src/controllers/uploads.js
@@ -46,7 +46,7 @@ uploadsController.upload = function(req, res, filesIterator, next) {
uploadsController.uploadPost = function(req, res, next) {
uploadsController.upload(req, res, function(uploadedFile, next) {
- file.isFileTypeAllowed(uploadedFile.path, file.allowedExtensions(), function(err) {
+ file.isFileTypeAllowed(uploadedFile.path, function(err) {
if (err) {
return next(err);
}
@@ -67,7 +67,7 @@ uploadsController.uploadThumb = function(req, res, next) {
}
uploadsController.upload(req, res, function(uploadedFile, next) {
- file.isFileTypeAllowed(uploadedFile.path, file.allowedExtensions(), function(err) {
+ file.isFileTypeAllowed(uploadedFile.path, function(err) {
if (err) {
return next(err);
}
diff --git a/src/file.js b/src/file.js
index 80f0289a59..4dc258aa37 100644
--- a/src/file.js
+++ b/src/file.js
@@ -7,6 +7,7 @@ var fs = require('fs'),
mmmagic = require('mmmagic'),
Magic = mmmagic.Magic,
mime = require('mime'),
+ jimp = require('jimp'),
utils = require('../public/src/utils');
@@ -40,44 +41,11 @@ file.saveFileToLocal = function(filename, folder, tempPath, callback) {
is.pipe(os);
};
-file.isFileTypeAllowed = function(path, allowedExtensions, callback) {
- if (!Array.isArray(allowedExtensions) || !allowedExtensions.length) {
- return callback();
- }
-
- var magic = new Magic(mmmagic.MAGIC_MIME_TYPE);
- magic.detectFile(path, function(err, mimeType) {
- if (err) {
- return callback(err);
- }
-
- var uploadedFileExtension = mime.extension(mimeType);
-
- if (allowedExtensions.indexOf(uploadedFileExtension) === -1) {
- return callback(new Error('[[error:invalid-file-type, ' + allowedExtensions.join(', ') + ']]'));
- }
-
- callback();
- });
-};
-
-file.allowedExtensions = function() {
- var meta = require('./meta');
- var allowedExtensions = (meta.config.allowedFileExtensions || '').trim();
- if (!allowedExtensions) {
- return [];
- }
- allowedExtensions = allowedExtensions.split(',');
- allowedExtensions = allowedExtensions.filter(Boolean).map(function(extension) {
- extension = extension.trim();
- return extension.replace(/\./g, '');
+file.isFileTypeAllowed = function(path, callback) {
+ // Attempt to read the file, if it passes, file type is allowed
+ jimp.read(path, function(err) {
+ callback(err);
});
-
- if (allowedExtensions.indexOf('jpg') !== -1 && allowedExtensions.indexOf('jpeg') === -1) {
- allowedExtensions.push('jpeg');
- }
-
- return allowedExtensions;
};
file.exists = function(path, callback) {
diff --git a/src/user/picture.js b/src/user/picture.js
index 96612ee14c..2d72d265d8 100644
--- a/src/user/picture.js
+++ b/src/user/picture.js
@@ -36,7 +36,7 @@ module.exports = function(User) {
next(!extension ? new Error('[[error:invalid-image-extension]]') : null);
},
function(next) {
- file.isFileTypeAllowed(picture.path, ['png', 'jpeg', 'jpg', 'gif'], next);
+ file.isFileTypeAllowed(picture.path, next);
},
function(next) {
image.resizeImage({
diff --git a/src/views/admin/settings/post.tpl b/src/views/admin/settings/post.tpl
index 84f2772086..96ceb01ff6 100644
--- a/src/views/admin/settings/post.tpl
+++ b/src/views/admin/settings/post.tpl
@@ -147,9 +147,6 @@
Topic Thumb Size
-
- Allowed file types, (ie png, jpg, pdf, zip). Leave empty to allow all.
-