Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-10 00:40:30 -05:00
Code Issues Activity

Check actual image content for valid mime type

Browse source
This commit is contained in:
Andrés Moya 2020-06-03 13:24:36 +02:00
parent 700e99a25d
commit a3490ea36d
4 changed files with 11 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
backend/src/uxbox/images.clj
View file

@ -10,6 +10,7 @@
[clojure.java.io :as io] [clojure.java.io :as io]
[clojure.spec.alpha :as s] [clojure.spec.alpha :as s]
[datoteka.core :as fs] [datoteka.core :as fs]
[uxbox.common.exceptions :as ex]
[uxbox.common.data :as d] [uxbox.common.data :as d]
[uxbox.common.spec :as us] [uxbox.common.spec :as us]
[uxbox.util.storage :as ust] [uxbox.util.storage :as ust]
@ -108,8 +109,12 @@
(ByteArrayInputStream. thumbnail-data))))) (ByteArrayInputStream. thumbnail-data)))))
(defn info (defn info
[path] [content-type path]
(let [instance (Info. (str path))] (let [instance (Info. (str path))]
(when-not (= content-type (.getProperty instance "Mime type"))
(ex/raise :type :validation
:code :image-type-mismatch
:hint "Seems like you are uploading a file whose content does not match the extension."))
{:width (.getImageWidth instance) {:width (.getImageWidth instance)
:height (.getImageHeight instance)})) :height (.getImageHeight instance)}))

2
backend/src/uxbox/services/mutations/files.clj
View file

@ -165,7 +165,7 @@
:code :image-type-not-allowed :code :image-type-not-allowed
:hint "Seems like you are uploading an invalid image.")) :hint "Seems like you are uploading an invalid image."))
(let [image-opts (images/info (:tempfile content)) (let [image-opts (images/info (:content-type content) (:tempfile content))
image-path (imgs/persist-image-on-fs content) image-path (imgs/persist-image-on-fs content)
thumb-opts imgs/thumbnail-options thumb-opts imgs/thumbnail-options
thumb-path (imgs/persist-image-thumbnail-on-fs thumb-opts image-path)] thumb-path (imgs/persist-image-thumbnail-on-fs thumb-opts image-path)]

3
backend/src/uxbox/services/mutations/images.clj
View file

@ -146,7 +146,8 @@
(ex/raise :type :validation (ex/raise :type :validation
:code :image-type-not-allowed :code :image-type-not-allowed
:hint "Seems like you are uploading an invalid image.")) :hint "Seems like you are uploading an invalid image."))
(let [image-opts (images/info (:tempfile content))
(let [image-opts (images/info (:content-type content) (:tempfile content))
image-path (persist-image-on-fs content) image-path (persist-image-on-fs content)
thumb-opts thumbnail-options thumb-opts thumbnail-options
thumb-path (persist-image-thumbnail-on-fs thumb-opts image-path)] thumb-path (persist-image-thumbnail-on-fs thumb-opts image-path)]

3
backend/src/uxbox/services/mutations/profile.clj
View file

@ -291,7 +291,8 @@
(ex/raise :type :validation (ex/raise :type :validation
:code :image-type-not-allowed :code :image-type-not-allowed
:hint "Seems like you are uploading an invalid image.")) :hint "Seems like you are uploading an invalid image."))
(let [thumb-opts {:width 256 (let [image-opts (images/info (:content-type file) (:tempfile file))
thumb-opts {:width 256
:height 256 :height 256
:quality 75 :quality 75
:format "webp"} :format "webp"}