diff options
Diffstat (limited to '')
| -rw-r--r-- | lib/web/imageRouter/index.js | 19 | ||||
| -rw-r--r-- | lib/web/note/util.js | 17 |
2 files changed, 32 insertions, 4 deletions
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js index 0a72c65c..ee123867 100644 --- a/lib/web/imageRouter/index.js +++ b/lib/web/imageRouter/index.js @@ -7,6 +7,7 @@ const FileType = require('file-type') const fs = require('fs') const os = require('os') const rimraf = require('rimraf') +const isSvg = require('is-svg') const config = require('../../config') const logger = require('../../logger') @@ -15,12 +16,26 @@ const errors = require('../../errors') const imageRouter = (module.exports = Router()) async function checkUploadType (filePath) { - const typeFromMagic = await FileType.fromFile(filePath) + const extension = path.extname(filePath).toLowerCase() + let typeFromMagic = await FileType.fromFile(filePath) + if (extension === '.svg' && (typeFromMagic === undefined || typeFromMagic.mime === 'application/xml')) { + const fileContent = fs.readFileSync(filePath) + if (isSvg(fileContent)) { + typeFromMagic = { + ext: 'svg', + mime: 'image/svg+xml' + } + } + } if (typeFromMagic === undefined) { logger.error('Image upload error: Could not determine MIME-type') return false } - if (path.extname(filePath) !== '.' + typeFromMagic.ext) { + // .jpeg, .jfif, .jpe files are identified by FileType to have the extension jpg + if (['.jpeg', '.jfif', '.jpe'].includes(extension) && typeFromMagic.ext === 'jpg') { + typeFromMagic.ext = extension.substr(1) + } + if (extension !== '.' + typeFromMagic.ext) { logger.error( 'Image upload error: Provided file extension does not match MIME-type' ) diff --git a/lib/web/note/util.js b/lib/web/note/util.js index effeb41c..5df1e820 100644 --- a/lib/web/note/util.js +++ b/lib/web/note/util.js @@ -46,7 +46,7 @@ exports.checkViewPermission = function (req, note) { } } -exports.newNote = function (req, res, body) { +exports.newNote = async function (req, res, body) { let owner = null const noteId = req.params.noteId ? req.params.noteId : null if (req.isAuthenticated()) { @@ -60,6 +60,19 @@ exports.newNote = function (req, res, body) { } else { return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res) } + try { + const count = await models.Note.count({ + where: { + alias: req.alias + } + }) + if (count > 0) { + return errors.errorConflict(res) + } + } catch (err) { + logger.error('Error while checking for possible duplicate: ' + err) + return errors.errorInternalError(res) + } } models.Note.create({ ownerId: owner, @@ -69,7 +82,7 @@ exports.newNote = function (req, res, body) { }).then(function (note) { return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id))) }).catch(function (err) { - logger.error(err) + logger.error('Note could not be created: ' + err) return errors.errorInternalError(res) }) } |