Skip to content

Commit

Permalink
fix(events): allowing uploading of images with extensions in caps (#1202
Browse files Browse the repository at this point in the history
)
LeonVreling authored Dec 7, 2024
1 parent 98dca83 commit ad9ff90
Showing 3 changed files with 22 additions and 2 deletions.
4 changes: 2 additions & 2 deletions lib/imageserv.js
Original file line number Diff line number Diff line change
@@ -29,7 +29,7 @@ const storage = multer.diskStorage({ // multers disk storage settings
const upload = multer({
storage,
fileFilter(req, file, cb) {
const extension = path.extname(file.originalname);
const extension = path.extname(file.originalname).toLowerCase();
if (!allowedExtensions.includes(extension)) {
const allowed = allowedExtensions.map((e) => `'${e}'`).join(', ');
return cb(new Error(`Allowed extensions: ${allowed}, but '${extension}' was passed.`));
@@ -65,7 +65,7 @@ exports.uploadImage = async (req, res) => {
const buffer = readChunk.sync(req.file.path, 0, 4100);
const type = await FileType.fromBuffer(buffer);

const originalExtension = path.extname(req.file.originalname);
const originalExtension = path.extname(req.file.originalname).toLowerCase();
const determinedExtension = (type && type.ext ? `.${type.ext}` : 'unknown');

if (originalExtension !== determinedExtension || !allowedExtensions.includes(determinedExtension)) {
20 changes: 20 additions & 0 deletions test/api/file-upload.test.js
Original file line number Diff line number Diff line change
@@ -113,6 +113,26 @@ describe('File upload', () => {
expect(fs.existsSync(imgPath)).toEqual(true);
});

it('should upload a file if it\'s valid, but has extension in capital letters', async () => {
const res = await request({
uri: '/single/' + event.id + '/upload',
method: 'POST',
headers: { 'X-Auth-Token': 'blablabla' },
formData: {
head_image: fs.createReadStream('./test/assets/valid_second_image.PNG')
}
});

expect(res.statusCode).toEqual(200);
expect(res.body.success).toEqual(true);
expect(res.body).toHaveProperty('message');

const eventFromDb = await Event.findByPk(event.id);

const imgPath = path.join(__dirname, '..', '..', config.media_dir, 'headimages', eventFromDb.image);
expect(fs.existsSync(imgPath)).toEqual(true);
});

it('should remove the old file', async () => {
// Uploading
const firstRequest = await request({
Binary file added test/assets/valid_second_image.PNG
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit ad9ff90

Please sign in to comment.