From eab4ca710446bc348d5494bc54ff9cdbe723f8d1 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 23 Nov 2020 17:03:02 -0500
Subject: [PATCH] fix: bug with Topics.resizeAndUploadThumb not checking for
 extension validity

---
 src/topics/thumb.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/topics/thumb.js b/src/topics/thumb.js
index 15574779e6..9afd2ddb6b 100644
--- a/src/topics/thumb.js
+++ b/src/topics/thumb.js
@@ -23,6 +23,8 @@ module.exports = function (Topics) {
 	const pipeToFileAsync = util.promisify(pipeToFile);
 
 	Topics.resizeAndUploadThumb = async function (data) {
+		const allowedExtensions = file.allowedExtensions();
+
 		// Handle protocol-relative URLs
 		if (data.thumb && data.thumb.startsWith('//')) {
 			data.thumb = `${nconf.get('secure') ? 'https' : 'http'}:${data.thumb}`;
@@ -45,6 +47,11 @@ module.exports = function (Topics) {
 			if (!extension) {
 				extension = '.' + mime.getExtension(type);
 			}
+
+			if (!allowedExtensions.includes(extension)) {
+				throw new Error('[[error:invalid-file]]');
+			}
+
 			const filename = Date.now() + '-topic-thumb' + extension;
 			const folder = 'files';
 			pathToUpload = path.join(nconf.get('upload_path'), folder, filename);