From 18f4f27fe0757ca11e4d54ab8ed38dc02ab3dbbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Tue, 31 Oct 2017 18:03:54 -0400 Subject: [PATCH] closes #6024 --- public/language/en-GB/error.json | 2 +- src/user/picture.js | 10 +++++++++- test/uploads.js | 17 +++++++++++++++-- test/user.js | 2 +- 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/public/language/en-GB/error.json b/public/language/en-GB/error.json index 13ce550f1f..9d716ce95f 100644 --- a/public/language/en-GB/error.json +++ b/public/language/en-GB/error.json @@ -79,7 +79,6 @@ "content-too-long": "Please enter a shorter post. Posts can't be longer than %1 character(s).", "title-too-short": "Please enter a longer title. Titles should contain at least %1 character(s).", "title-too-long": "Please enter a shorter title. Titles can't be longer than %1 character(s).", - "invalid-title": "Invalid title!", "category-not-selected": "Category not selected.", "too-many-posts": "You can only post once every %1 second(s) - please wait before posting again", "too-many-posts-newbie": "As a new user, you can only post once every %1 second(s) until you have earned %2 reputation - please wait before posting again", @@ -99,6 +98,7 @@ "cant-remove-last-admin": "You are the only administrator. Add another user as an administrator before removing yourself as admin", "cant-delete-admin": "Remove administrator privileges from this account before attempting to delete it.", + "invalid-image": "Invalid image", "invalid-image-type": "Invalid image type. Allowed types are: %1", "invalid-image-extension": "Invalid image extension", "invalid-file-type": "Invalid file type. Allowed types are: %1", diff --git a/src/user/picture.js b/src/user/picture.js index 820d4b12ce..429b67efe9 100644 --- a/src/user/picture.js +++ b/src/user/picture.js @@ -88,7 +88,12 @@ module.exports = function (User) { function (path, next) { picture.path = path; - var extension = data.file ? file.typeToExtension(data.file.type) : image.extensionFromBase64(data.imageData); + var type = data.file ? data.file.type : image.mimeFromBase64(data.imageData); + if (!type || !type.match(/^image./)) { + return next(new Error('[[error:invalid-image]]')); + } + + var extension = file.typeToExtension(type); var filename = generateProfileImageFilename(data.uid, 'profilecover', extension); uploadProfileOrCover(filename, picture, next); }, @@ -127,6 +132,9 @@ module.exports = function (User) { } var type = data.file ? data.file.type : image.mimeFromBase64(data.imageData); + if (!type || !type.match(/^image./)) { + return callback(new Error('[[error:invalid-image]]')); + } var extension = file.typeToExtension(type); if (!extension) { return callback(new Error('[[error:invalid-image-extension]]')); diff --git a/test/uploads.js b/test/uploads.js index 5ae8f740c2..8d76f21baf 100644 --- a/test/uploads.js +++ b/test/uploads.js @@ -13,9 +13,9 @@ var user = require('../src/user'); var groups = require('../src/groups'); var privileges = require('../src/privileges'); var meta = require('../src/meta'); +var socketUser = require('../src/socket.io/user'); var helpers = require('./helpers'); - describe('Upload Controllers', function () { var tid; var cid; @@ -157,8 +157,21 @@ describe('Upload Controllers', function () { done(); }); }); - }); + it('should not allow non image uploads', function (done) { + socketUser.updateCover({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) { + assert.equal(err.message, '[[error:invalid-image]]'); + done(); + }); + }); + + it('should not allow non image uploads', function (done) { + socketUser.uploadCroppedPicture({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) { + assert.equal(err.message, '[[error:invalid-image]]'); + done(); + }); + }); + }); describe('admin uploads', function () { var jar; diff --git a/test/user.js b/test/user.js index 733179be62..c93917747b 100644 --- a/test/user.js +++ b/test/user.js @@ -763,7 +763,7 @@ describe('User', function () { name: 'test', }; User.uploadPicture(uid, picture, function (err) { - assert.equal(err.message, '[[error:invalid-image-extension]]'); + assert.equal(err.message, '[[error:invalid-image]]'); done(); }); });