5 files changed, 36 insertions, 7 deletions
diff --git a/lib/config/index.js b/lib/config/index.js
index 17c13f5f..48e61b6c 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -179,7 +179,6 @@ switch (config.imageUploadType) {
     config.allowedUploadMimeTypes = [
       'image/jpeg',
       'image/png',
-      'image/jpg',
       'image/gif'
     ]
     break
@@ -187,7 +186,6 @@ switch (config.imageUploadType) {
     config.allowedUploadMimeTypes = [
       'image/jpeg',
       'image/png',
-      'image/jpg',
       'image/gif',
       'image/svg+xml'
     ]
diff --git a/lib/csp.js b/lib/csp.js
index 616c1d21..108f2a22 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -5,7 +5,7 @@ const CspStrategy = {}
 
 const defaultDirectives = {
   defaultSrc: ['\'self\''],
-  scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''],
+  scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', '\'unsafe-eval\''],
   // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594
   imgSrc: ['*'],
   styleSrc: ['\'self\'', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
diff --git a/lib/errors.js b/lib/errors.js
index 950b4cae..599f54b2 100644
--- a/lib/errors.js
+++ b/lib/errors.js
@@ -20,6 +20,9 @@ module.exports = {
   errorBadRequest: function (res) {
     responseError(res, '400', 'Bad Request', 'something not right.')
   },
+  errorConflict: function (res) {
+    responseError(res, '409', 'Conflict', 'This note already exists.')
+  },
   errorTooLong: function (res) {
     responseError(res, '413', 'Payload Too Large', 'Shorten your note!')
   },
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
index 0a72c65c..ee123867 100644
--- a/lib/web/imageRouter/index.js
+++ b/lib/web/imageRouter/index.js
@@ -7,6 +7,7 @@ const FileType = require('file-type')
 const fs = require('fs')
 const os = require('os')
 const rimraf = require('rimraf')
+const isSvg = require('is-svg')
 
 const config = require('../../config')
 const logger = require('../../logger')
@@ -15,12 +16,26 @@ const errors = require('../../errors')
 const imageRouter = (module.exports = Router())
 
 async function checkUploadType (filePath) {
-  const typeFromMagic = await FileType.fromFile(filePath)
+  const extension = path.extname(filePath).toLowerCase()
+  let typeFromMagic = await FileType.fromFile(filePath)
+  if (extension === '.svg' && (typeFromMagic === undefined || typeFromMagic.mime === 'application/xml')) {
+    const fileContent = fs.readFileSync(filePath)
+    if (isSvg(fileContent)) {
+      typeFromMagic = {
+        ext: 'svg',
+        mime: 'image/svg+xml'
+      }
+    }
+  }
   if (typeFromMagic === undefined) {
     logger.error('Image upload error: Could not determine MIME-type')
     return false
   }
-  if (path.extname(filePath) !== '.' + typeFromMagic.ext) {
+  // .jpeg, .jfif, .jpe files are identified by FileType to have the extension jpg
+  if (['.jpeg', '.jfif', '.jpe'].includes(extension) && typeFromMagic.ext === 'jpg') {
+    typeFromMagic.ext = extension.substr(1)
+  }
+  if (extension !== '.' + typeFromMagic.ext) {
     logger.error(
       'Image upload error: Provided file extension does not match MIME-type'
     )
diff --git a/lib/web/note/util.js b/lib/web/note/util.js
index effeb41c..5df1e820 100644
--- a/lib/web/note/util.js
+++ b/lib/web/note/util.js
@@ -46,7 +46,7 @@ exports.checkViewPermission = function (req, note) {
   }
 }
 
-exports.newNote = function (req, res, body) {
+exports.newNote = async function (req, res, body) {
   let owner = null
   const noteId = req.params.noteId ? req.params.noteId : null
   if (req.isAuthenticated()) {
@@ -60,6 +60,19 @@ exports.newNote = function (req, res, body) {
     } else {
       return req.method === 'POST' ? errors.errorForbidden(res) : errors.errorNotFound(res)
     }
+    try {
+      const count = await models.Note.count({
+        where: {
+          alias: req.alias
+        }
+      })
+      if (count > 0) {
+        return errors.errorConflict(res)
+      }
+    } catch (err) {
+      logger.error('Error while checking for possible duplicate: ' + err)
+      return errors.errorInternalError(res)
+    }
   }
   models.Note.create({
     ownerId: owner,
@@ -69,7 +82,7 @@ exports.newNote = function (req, res, body) {
   }).then(function (note) {
     return res.redirect(config.serverURL + '/' + (note.alias ? note.alias : models.Note.encodeNoteId(note.id)))
   }).catch(function (err) {
-    logger.error(err)
+    logger.error('Note could not be created: ' + err)
     return errors.errorInternalError(res)
   })
 }