closes #5484

2025-11-01 19:46:01 +01:00 · 2017-04-14 12:59:36 -04:00
parent b8c606cbbd
commit e63559b6fd
5 changed files with 28 additions and 11 deletions
--- a/install/data/defaults.json
+++ b/install/data/defaults.json
@@ -17,6 +17,7 @@
    "allowLocalLogin": 1,
    "allowAccountDelete": 1,
    "allowFileUploads": 0,
+    "allowedFileExtensions": "png,jpg,bmp",
    "allowUserHomePage": 1,
    "maximumFileSize": 2048,
    "minimumTitleLength": 3,
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
    "morgan": "^1.3.2",
    "mousetrap": "^1.5.3",
    "nconf": "~0.8.2",
-    "nodebb-plugin-composer-default": "4.4.4",
+    "nodebb-plugin-composer-default": "4.4.6",
    "nodebb-plugin-dbsearch": "2.0.2",
    "nodebb-plugin-emoji-extended": "1.1.1",
    "nodebb-plugin-emoji-one": "1.1.5",
--- a/src/controllers/uploads.js
+++ b/src/controllers/uploads.js
@@ -33,7 +33,7 @@ uploadsController.upload = function (req, res, filesIterator) {
 			return res.status(500).json({ path: req.path, error: err.message });
 		}

-		res.status(200).send(images);
+		res.status(200).json(images);
 	});
 };

@@ -208,20 +208,18 @@ uploadsController.uploadFile = function (uid, uploadedFile, callback) {
 		return callback(new Error('[[error:file-too-big, ' + meta.config.maximumFileSize + ']]'));
 	}

-	if (meta.config.hasOwnProperty('allowedFileExtensions')) {
 	var allowed = file.allowedExtensions();
-		var extension = file.typeToExtension(uploadedFile.type);
-		if (!extension || (allowed.length > 0 && allowed.indexOf(extension) === -1)) {
+	var extension = path.extname(uploadedFile.name);
+	if (!extension || extension === '.' || (allowed.length > 0 && allowed.indexOf(extension) === -1)) {
 		return callback(new Error('[[error:invalid-file-type, ' + allowed.join('&#44; ') + ']]'));
 	}
-	}

 	saveFileToLocal(uploadedFile, callback);
 };

 function saveFileToLocal(uploadedFile, callback) {
-	var extension = file.typeToExtension(uploadedFile.type);
-	if (!extension) {
+	var extension = path.extname(uploadedFile.name);
+	if (!extension || extension === '.') {
 		return callback(new Error('[[error:invalid-extension]]'));
 	}
 	var filename = uploadedFile.name || 'upload';
--- a/src/upgrade.js
+++ b/src/upgrade.js
@@ -51,7 +51,7 @@ var Upgrade = {
 		},
 		{
 			version: 'develop',	// rename this to whatever the next NodeBB version is (breaking)
-			upgrades: ['flags_refactor', 'post_votes_zset', 'moderation_history_refactor'],
+			upgrades: ['flags_refactor', 'post_votes_zset', 'moderation_history_refactor', 'allowed_file_extensions'],
 		},
 	],
 };
--- a/src/upgrades/1.5.0/allowed_file_extensions.js
+++ b/src/upgrades/1.5.0/allowed_file_extensions.js
@@ -0,0 +1,18 @@
+/* jslint node: true */
+
+'use strict';
+
+var db = require('../../database');
+
+module.exports = {
+	name: 'Set default allowed file extensions',
+	timestamp: Date.UTC(2017, 3, 14),
+	method: function (callback) {
+		db.getObjectField('config', 'allowedFileExtensions', function (err, value) {
+			if (err || value) {
+				return callback(err);
+			}
+			db.setObjectField('config', 'allowedFileExtensions', 'png,jpg,bmp', callback);
+		});
+	},
+};