From 051a8e22df4ad8cdc0de31a25b0874722454e662 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 9 Nov 2015 14:39:00 -0500 Subject: [PATCH] Removed allowedFileExtensions meta config Now, when NodeBB needs to determine file compatibility, jimp will attempt to open the file for reading. If it fails, file is considered to be of an invalid type. --- package.json | 2 +- src/controllers/uploads.js | 4 +-- src/file.js | 42 ++++--------------------------- src/user/picture.js | 2 +- src/views/admin/settings/post.tpl | 3 --- 5 files changed, 9 insertions(+), 44 deletions(-) diff --git a/package.json b/package.json index 43e25a66f8..b08527d70d 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "gravatar": "^1.1.0", "heapdump": "^0.3.0", "html-to-text": "1.3.2", - "jimp": "^0.2.5", + "jimp": "0.2.17", "less": "^2.0.0", "logrotate-stream": "^0.2.3", "lru-cache": "^2.6.1", diff --git a/src/controllers/uploads.js b/src/controllers/uploads.js index 3ee0c97c8e..7d45bea675 100644 --- a/src/controllers/uploads.js +++ b/src/controllers/uploads.js @@ -46,7 +46,7 @@ uploadsController.upload = function(req, res, filesIterator, next) { uploadsController.uploadPost = function(req, res, next) { uploadsController.upload(req, res, function(uploadedFile, next) { - file.isFileTypeAllowed(uploadedFile.path, file.allowedExtensions(), function(err) { + file.isFileTypeAllowed(uploadedFile.path, function(err) { if (err) { return next(err); } @@ -67,7 +67,7 @@ uploadsController.uploadThumb = function(req, res, next) { } uploadsController.upload(req, res, function(uploadedFile, next) { - file.isFileTypeAllowed(uploadedFile.path, file.allowedExtensions(), function(err) { + file.isFileTypeAllowed(uploadedFile.path, function(err) { if (err) { return next(err); } diff --git a/src/file.js b/src/file.js index 80f0289a59..4dc258aa37 100644 --- a/src/file.js +++ b/src/file.js @@ -7,6 +7,7 @@ var fs = require('fs'), mmmagic = require('mmmagic'), Magic = mmmagic.Magic, mime = require('mime'), + jimp = require('jimp'), utils = require('../public/src/utils'); @@ -40,44 +41,11 @@ file.saveFileToLocal = function(filename, folder, tempPath, callback) { is.pipe(os); }; -file.isFileTypeAllowed = function(path, allowedExtensions, callback) { - if (!Array.isArray(allowedExtensions) || !allowedExtensions.length) { - return callback(); - } - - var magic = new Magic(mmmagic.MAGIC_MIME_TYPE); - magic.detectFile(path, function(err, mimeType) { - if (err) { - return callback(err); - } - - var uploadedFileExtension = mime.extension(mimeType); - - if (allowedExtensions.indexOf(uploadedFileExtension) === -1) { - return callback(new Error('[[error:invalid-file-type, ' + allowedExtensions.join(', ') + ']]')); - } - - callback(); - }); -}; - -file.allowedExtensions = function() { - var meta = require('./meta'); - var allowedExtensions = (meta.config.allowedFileExtensions || '').trim(); - if (!allowedExtensions) { - return []; - } - allowedExtensions = allowedExtensions.split(','); - allowedExtensions = allowedExtensions.filter(Boolean).map(function(extension) { - extension = extension.trim(); - return extension.replace(/\./g, ''); +file.isFileTypeAllowed = function(path, callback) { + // Attempt to read the file, if it passes, file type is allowed + jimp.read(path, function(err) { + callback(err); }); - - if (allowedExtensions.indexOf('jpg') !== -1 && allowedExtensions.indexOf('jpeg') === -1) { - allowedExtensions.push('jpeg'); - } - - return allowedExtensions; }; file.exists = function(path, callback) { diff --git a/src/user/picture.js b/src/user/picture.js index 96612ee14c..2d72d265d8 100644 --- a/src/user/picture.js +++ b/src/user/picture.js @@ -36,7 +36,7 @@ module.exports = function(User) { next(!extension ? new Error('[[error:invalid-image-extension]]') : null); }, function(next) { - file.isFileTypeAllowed(picture.path, ['png', 'jpeg', 'jpg', 'gif'], next); + file.isFileTypeAllowed(picture.path, next); }, function(next) { image.resizeImage({ diff --git a/src/views/admin/settings/post.tpl b/src/views/admin/settings/post.tpl index 84f2772086..96ceb01ff6 100644 --- a/src/views/admin/settings/post.tpl +++ b/src/views/admin/settings/post.tpl @@ -147,9 +147,6 @@ Topic Thumb Size

- - Allowed file types, (ie png, jpg, pdf, zip). Leave empty to allow all.

-