From 55293d0d1e3ecef61ea918e819faf02f761a683c Mon Sep 17 00:00:00 2001 From: Fabian Becker Date: Fri, 26 Sep 2014 13:31:23 +0000 Subject: [PATCH] Abstract the allowed file types out of API closes #1891 - Moves contentType and extension check to config --- core/server/api/upload.js | 7 ++++--- core/server/config/index.js | 5 +++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/core/server/api/upload.js b/core/server/api/upload.js index b746bbbd61..cb297a19c9 100644 --- a/core/server/api/upload.js +++ b/core/server/api/upload.js @@ -1,4 +1,6 @@ -var Promise = require('bluebird'), +var _ = require('lodash'), + config = require('../config'), + Promise = require('bluebird'), path = require('path'), fs = require('fs-extra'), storage = require('../storage'), @@ -7,8 +9,7 @@ var Promise = require('bluebird'), upload; function isImage(type, ext) { - if ((type === 'image/jpeg' || type === 'image/png' || type === 'image/gif' || type === 'image/svg+xml') - && (ext === '.jpg' || ext === '.jpeg' || ext === '.png' || ext === '.gif' || ext === '.svg' || ext === '.svgz')) { + if (_.contains(config.uploads.contentTypes, type) && _.contains(config.uploads.extensions, ext)) { return true; } return false; diff --git a/core/server/config/index.js b/core/server/config/index.js index f9ef0ebcec..628867a6cf 100644 --- a/core/server/config/index.js +++ b/core/server/config/index.js @@ -139,6 +139,11 @@ ConfigManager.prototype.set = function (config) { // protected slugs cannot be changed or removed reserved: ['admin', 'app', 'apps', 'archive', 'archives', 'categories', 'category', 'dashboard', 'feed', 'ghost-admin', 'login', 'logout', 'page', 'pages', 'post', 'posts', 'public', 'register', 'setup', 'signin', 'signout', 'signup', 'tag', 'tags', 'user', 'users', 'wp-admin', 'wp-login'], protected: ['ghost', 'rss'] + }, + uploads: { + // Used by the upload API to limit uploads to images + extensions: ['.jpg', '.jpeg', '.gif', '.png', '.svg', '.svgz'], + contentTypes: ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml'] } });