Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-22 23:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5626 from NodeBB/reject-nonaudio-uploads

Browse Source 
Reject non-audio upload requests to the sounds route
This commit is contained in:
Julian Lam
2017-04-24 15:54:42 -04:00
committed by GitHub
parent c45c4a5fdb 1ac14a466e
commit 7abd80490b
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/controllers/admin/uploads.js
View File

@@ -5,6 +5,7 @@ var path = require('path');
var async = require('async');
var nconf = require('nconf');
var winston = require('winston');
var mime = require('mime');
var meta = require('../../meta');
var file = require('../../file');
@@ -102,6 +103,11 @@ uploadsController.uploadLogo = function (req, res, next) {
uploadsController.uploadSound = function (req, res, next) {
var uploadedFile = req.files.files[0];
var mimeType = mime.lookup(uploadedFile.name);
if (!/^audio\//.test(mimeType)) {
return next(Error('[[error:invalid-data]]'));
}
file.saveFileToLocal(uploadedFile.name, 'sounds', uploadedFile.path, function (err) {
if (err) {
return next(err);