summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYannick Bungers2021-03-29 23:14:53 +0200
committerGitHub2021-03-29 23:14:53 +0200
commit1534d7029bf82c74d5b927e8b179a763ccb1cae4 (patch)
treebdec869173acdfabbb0afa603a6e3db9deae3465
parent3a60f069cb85f4a1ffbcd19f8ef33073b98994d9 (diff)
parent5dbe99b4c7b8e136ebc6f05b6b618f044bfd4358 (diff)
Merge pull request #1079 from hedgedoc/fix/mimeTypes
-rw-r--r--lib/config/index.js2
-rw-r--r--lib/web/imageRouter/index.js19
-rw-r--r--package.json1
-rw-r--r--yarn.lock16
4 files changed, 26 insertions, 12 deletions
diff --git a/lib/config/index.js b/lib/config/index.js
index 17c13f5f..48e61b6c 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -179,7 +179,6 @@ switch (config.imageUploadType) {
config.allowedUploadMimeTypes = [
'image/jpeg',
'image/png',
- 'image/jpg',
'image/gif'
]
break
@@ -187,7 +186,6 @@ switch (config.imageUploadType) {
config.allowedUploadMimeTypes = [
'image/jpeg',
'image/png',
- 'image/jpg',
'image/gif',
'image/svg+xml'
]
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
index 0a72c65c..ee123867 100644
--- a/lib/web/imageRouter/index.js
+++ b/lib/web/imageRouter/index.js
@@ -7,6 +7,7 @@ const FileType = require('file-type')
const fs = require('fs')
const os = require('os')
const rimraf = require('rimraf')
+const isSvg = require('is-svg')
const config = require('../../config')
const logger = require('../../logger')
@@ -15,12 +16,26 @@ const errors = require('../../errors')
const imageRouter = (module.exports = Router())
async function checkUploadType (filePath) {
- const typeFromMagic = await FileType.fromFile(filePath)
+ const extension = path.extname(filePath).toLowerCase()
+ let typeFromMagic = await FileType.fromFile(filePath)
+ if (extension === '.svg' && (typeFromMagic === undefined || typeFromMagic.mime === 'application/xml')) {
+ const fileContent = fs.readFileSync(filePath)
+ if (isSvg(fileContent)) {
+ typeFromMagic = {
+ ext: 'svg',
+ mime: 'image/svg+xml'
+ }
+ }
+ }
if (typeFromMagic === undefined) {
logger.error('Image upload error: Could not determine MIME-type')
return false
}
- if (path.extname(filePath) !== '.' + typeFromMagic.ext) {
+ // .jpeg, .jfif, .jpe files are identified by FileType to have the extension jpg
+ if (['.jpeg', '.jfif', '.jpe'].includes(extension) && typeFromMagic.ext === 'jpg') {
+ typeFromMagic.ext = extension.substr(1)
+ }
+ if (extension !== '.' + typeFromMagic.ext) {
logger.error(
'Image upload error: Provided file extension does not match MIME-type'
)
diff --git a/package.json b/package.json
index 4d1bf9d9..311695c1 100644
--- a/package.json
+++ b/package.json
@@ -55,6 +55,7 @@
"i18n": "^0.13.0",
"imgur": "git+https://github.com/hackmdio/node-imgur.git",
"ionicons": "^2.0.1",
+ "is-svg": "^4.3.1",
"jquery": "^3.5.1",
"jquery-mousewheel": "^3.1.13",
"jquery-ui": "^1.12.1",
diff --git a/yarn.lock b/yarn.lock
index d7b95fc5..d8cb251e 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -448,7 +448,6 @@
"Idle.Js@git+https://github.com/shawnmclean/Idle.js":
version "0.0.1"
- uid db9beb3483a460ad638ec947867720f0ed066a62
resolved "git+https://github.com/shawnmclean/Idle.js#db9beb3483a460ad638ec947867720f0ed066a62"
JSV@^4.0.x:
@@ -2193,7 +2192,6 @@ code-point-at@^1.0.0:
"codemirror@git+https://github.com/hedgedoc/CodeMirror.git":
version "5.58.2"
- uid f780b569b3717cdff4c8507538cc63101bfa02e1
resolved "git+https://github.com/hedgedoc/CodeMirror.git#f780b569b3717cdff4c8507538cc63101bfa02e1"
collection-visit@^1.0.0:
@@ -3225,7 +3223,6 @@ detect-libc@^1.0.2:
"diff-match-patch@git+https://github.com/hackmdio/diff-match-patch.git":
version "1.1.1"
- uid c2f8fb9d69aa9490b764850aa86ba442c93ccf78
resolved "git+https://github.com/hackmdio/diff-match-patch.git#c2f8fb9d69aa9490b764850aa86ba442c93ccf78"
diff@5.0.0:
@@ -4019,7 +4016,7 @@ fast-safe-stringify@^2.0.4:
resolved "https://registry.yarnpkg.com/fast-safe-stringify/-/fast-safe-stringify-2.0.7.tgz#124aa885899261f68aedb42a7c080de9da608743"
integrity sha512-Utm6CdzT+6xsDk2m8S6uL8VHxNwI6Jub+e9NYTcAms28T84pTa25GJQV9j0CY0N1rM8hK4x6grpF2BQf+2qwVA==
-fast-xml-parser@^3.17.5:
+fast-xml-parser@^3.17.5, fast-xml-parser@^3.19.0:
version "3.19.0"
resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-3.19.0.tgz#cb637ec3f3999f51406dd8ff0e6fc4d83e520d01"
integrity sha512-4pXwmBplsCPv8FOY1WRakF970TjNGnGnfbOnLqjlYvMiF1SR3yOHyxMR/YCXpPTOspNF5gwudqktIP4VsWkvBg==
@@ -4930,7 +4927,6 @@ image-size@~0.5.0:
"imgur@git+https://github.com/hackmdio/node-imgur.git":
version "0.5.0"
- uid de0a7a1f1eb2cb6628385fedb990ad396a190573
resolved "git+https://github.com/hackmdio/node-imgur.git#de0a7a1f1eb2cb6628385fedb990ad396a190573"
dependencies:
commander "^2.13.0"
@@ -5406,6 +5402,13 @@ is-svg@^3.0.0:
dependencies:
html-comment-regex "^1.1.0"
+is-svg@^4.3.1:
+ version "4.3.1"
+ resolved "https://registry.yarnpkg.com/is-svg/-/is-svg-4.3.1.tgz#8c63ec8c67c8c7f0a8de0a71c8c7d58eccf4406b"
+ integrity sha512-h2CGs+yPUyvkgTJQS9cJzo9lYK06WgRiXUqBBHtglSzVKAuH4/oWsqk7LGfbSa1hGk9QcZ0SyQtVggvBA8LZXA==
+ dependencies:
+ fast-xml-parser "^3.19.0"
+
is-symbol@^1.0.2, is-symbol@^1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.3.tgz#38e1014b9e6329be0de9d24a414fd7441ec61937"
@@ -5533,7 +5536,6 @@ js-cookie@^2.1.3:
"js-sequence-diagrams@git+https://github.com/hedgedoc/js-sequence-diagrams.git":
version "2.0.1"
- uid bda0e49b6c2754f3c7158b1dfb9ccf26efc24b39
resolved "git+https://github.com/hedgedoc/js-sequence-diagrams.git#bda0e49b6c2754f3c7158b1dfb9ccf26efc24b39"
dependencies:
lodash "4.17.x"
@@ -6097,7 +6099,6 @@ lutim@^1.0.2:
"lz-string@git+https://github.com/hackmdio/lz-string.git":
version "1.4.4"
- uid efd1f64676264d6d8871b01f4f375fc6ef4f9022
resolved "git+https://github.com/hackmdio/lz-string.git#efd1f64676264d6d8871b01f4f375fc6ef4f9022"
make-dir@^1.0.0:
@@ -6411,7 +6412,6 @@ messageformat@^2.3.0:
"meta-marked@git+https://github.com/hedgedoc/meta-marked":
version "0.4.5"
- uid "4fb5cb5a204969cc91e66eee92c0211188e69a2b"
resolved "git+https://github.com/hedgedoc/meta-marked#4fb5cb5a204969cc91e66eee92c0211188e69a2b"
dependencies:
js-yaml "~3.14.0"