hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed allowedFileExtensions meta config

Browse Source 
Now, when NodeBB needs to determine file compatibility, jimp
will attempt to open the file for reading. If it fails, file is
considered to be of an invalid type.
v1.18.x
Julian Lam 9 years ago
parent b9c9e24ca7
commit 051a8e22df
5 changed files with 9 additions and 44 deletions
Show Stats Download Patch File Download Diff File

2
package.json
Unescape Escape View File

@ -31,7 +31,7 @@
"gravatar": "^1.1.0",
"heapdump": "^0.3.0",
"html-to-text": "1.3.2",
"jimp": "^0.2.5",
"jimp": "0.2.17",
"less": "^2.0.0",
"logrotate-stream": "^0.2.3",
"lru-cache": "^2.6.1",

4
src/controllers/uploads.js
Unescape Escape View File

@ -46,7 +46,7 @@ uploadsController.upload = function(req, res, filesIterator, next) {
uploadsController.uploadPost = function(req, res, next) {
uploadsController.upload(req, res, function(uploadedFile, next) {
file.isFileTypeAllowed(uploadedFile.path, file.allowedExtensions(), function(err) {
file.isFileTypeAllowed(uploadedFile.path, function(err) {
if (err) {
return next(err);
}
@ -67,7 +67,7 @@ uploadsController.uploadThumb = function(req, res, next) {
}
uploadsController.upload(req, res, function(uploadedFile, next) {
file.isFileTypeAllowed(uploadedFile.path, file.allowedExtensions(), function(err) {
file.isFileTypeAllowed(uploadedFile.path, function(err) {
if (err) {
return next(err);
}

42
src/file.js
Unescape Escape View File

@ -7,6 +7,7 @@ var fs = require('fs'),
mmmagic = require('mmmagic'),
Magic = mmmagic.Magic,
mime = require('mime'),
jimp = require('jimp'),
utils = require('../public/src/utils');
@ -40,46 +41,13 @@ file.saveFileToLocal = function(filename, folder, tempPath, callback) {
is.pipe(os);
};
file.isFileTypeAllowed = function(path, allowedExtensions, callback) {
if (!Array.isArray(allowedExtensions) || !allowedExtensions.length) {
return callback();
}
var magic = new Magic(mmmagic.MAGIC_MIME_TYPE);
magic.detectFile(path, function(err, mimeType) {
if (err) {
return callback(err);
}
var uploadedFileExtension = mime.extension(mimeType);
if (allowedExtensions.indexOf(uploadedFileExtension) === -1) {
return callback(new Error('[[error:invalid-file-type, ' + allowedExtensions.join(', ') + ']]'));
}
callback();
file.isFileTypeAllowed = function(path, callback) {
// Attempt to read the file, if it passes, file type is allowed
jimp.read(path, function(err) {
callback(err);
});
};
file.allowedExtensions = function() {
var meta = require('./meta');
var allowedExtensions = (meta.config.allowedFileExtensions || '').trim();
if (!allowedExtensions) {
return [];
}
allowedExtensions = allowedExtensions.split(',');
allowedExtensions = allowedExtensions.filter(Boolean).map(function(extension) {
extension = extension.trim();
return extension.replace(/\./g, '');
});
if (allowedExtensions.indexOf('jpg') !== -1 && allowedExtensions.indexOf('jpeg') === -1) {
allowedExtensions.push('jpeg');
}
return allowedExtensions;
};
file.exists = function(path, callback) {
fs.stat(path, function(err, stat) {
callback(!err && stat);

2
src/user/picture.js
Unescape Escape View File

@ -36,7 +36,7 @@ module.exports = function(User) {
next(!extension ? new Error('[[error:invalid-image-extension]]') : null);
},
function(next) {
file.isFileTypeAllowed(picture.path, ['png', 'jpeg', 'jpg', 'gif'], next);
file.isFileTypeAllowed(picture.path, next);
},
function(next) {
image.resizeImage({

3
src/views/admin/settings/post.tpl
Unescape Escape View File

@ -147,9 +147,6 @@
</label>
</div>
<strong>Topic Thumb Size</strong><br /> <input type="text" class="form-control" value="120" data-field="topicThumbSize"> <br />
<strong>Allowed file types, (ie png, jpg, pdf, zip). Leave empty to allow all.</strong><br /> <input type="text" class="form-control" value="" data-field="allowedFileExtensions"><br />
</form>
</div>
</div>

Write Preview
Loading…
Cancel
Save