closes #6024

public/language/en-GB/error.json

@@ -79,7 +79,6 @@
 	"content-too-long": "Please enter a shorter post. Posts can't be longer than %1 character(s).",
 	"title-too-short": "Please enter a longer title. Titles should contain at least %1 character(s).",
 	"title-too-long": "Please enter a shorter title. Titles can't be longer than %1 character(s).",
-	"invalid-title": "Invalid title!",
 	"category-not-selected": "Category not selected.",
 	"too-many-posts": "You can only post once every %1 second(s) - please wait before posting again",
 	"too-many-posts-newbie": "As a new user, you can only post once every %1 second(s) until you have earned %2 reputation - please wait before posting again",
@@ -99,6 +98,7 @@
 	"cant-remove-last-admin": "You are the only administrator. Add another user as an administrator before removing yourself as admin",
 	"cant-delete-admin": "Remove administrator privileges from this account before attempting to delete it.",
 
+	"invalid-image": "Invalid image",
 	"invalid-image-type": "Invalid image type. Allowed types are: %1",
 	"invalid-image-extension": "Invalid image extension",
 	"invalid-file-type": "Invalid file type. Allowed types are: %1",

src/user/picture.js

@@ -88,7 +88,12 @@ module.exports = function (User) {
 			function (path, next) {
 				picture.path = path;
 
-				var extension = data.file ? file.typeToExtension(data.file.type) : image.extensionFromBase64(data.imageData);
+				var type = data.file ? data.file.type : image.mimeFromBase64(data.imageData);
+				if (!type || !type.match(/^image./)) {
+					return next(new Error('[[error:invalid-image]]'));
+				}
+
+				var extension = file.typeToExtension(type);
 				var filename = generateProfileImageFilename(data.uid, 'profilecover', extension);
 				uploadProfileOrCover(filename, picture, next);
 			},
@@ -127,6 +132,9 @@ module.exports = function (User) {
 		}
 
 		var type = data.file ? data.file.type : image.mimeFromBase64(data.imageData);
+		if (!type || !type.match(/^image./)) {
+			return callback(new Error('[[error:invalid-image]]'));
+		}
 		var extension = file.typeToExtension(type);
 		if (!extension) {
 			return callback(new Error('[[error:invalid-image-extension]]'));

test/uploads.js

@@ -13,9 +13,9 @@ var user = require('../src/user');
 var groups = require('../src/groups');
 var privileges = require('../src/privileges');
 var meta = require('../src/meta');
+var socketUser = require('../src/socket.io/user');
 var helpers = require('./helpers');
 
-
 describe('Upload Controllers', function () {
 	var tid;
 	var cid;
@@ -157,8 +157,21 @@ describe('Upload Controllers', function () {
 				done();
 			});
 		});
+
+		it('should not allow non image uploads', function (done) {
+			socketUser.updateCover({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
+				assert.equal(err.message, '[[error:invalid-image]]');
+				done();
+			});
 		});
 
+		it('should not allow non image uploads', function (done) {
+			socketUser.uploadCroppedPicture({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
+				assert.equal(err.message, '[[error:invalid-image]]');
+				done();
+			});
+		});
+	});
 
 	describe('admin uploads', function () {
 		var jar;

test/user.js

@@ -763,7 +763,7 @@ describe('User', function () {
 				name: 'test',
 			};
 			User.uploadPicture(uid, picture, function (err) {
-				assert.equal(err.message, '[[error:invalid-image-extension]]');
+				assert.equal(err.message, '[[error:invalid-image]]');
 				done();
 			});
 		});