Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-03-06 04:21:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: only allow png/jpg/bmp in cover/profile images

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2019-09-21 23:10:49 -04:00
parent 5505628c8d
commit 96ab8d05aa
5 changed files with 76 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/groups.js
View File

@@ -1296,7 +1296,10 @@ describe('Groups', function () {
it('should upload group cover image from file', function (done) {
var data = {
groupName: 'Test',
file: imagePath,
file: {
path: imagePath,
type: 'image/png',
},
};
socketGroups.cover.update({ uid: adminUid }, data, function (err, data) {
assert.ifError(err);
@@ -1328,6 +1331,17 @@ describe('Groups', function () {
});
});
it('should fail to upload group cover with invalid image', function (done) {
var data = {
groupName: 'Test',
imageData: 'data:image/svg;base64,iVBORw0KGgoAAAANSUhEUgAAABwA',
};
socketGroups.cover.update({ uid: adminUid }, data, function (err, data) {
assert.equal(err.message, '[[error:invalid-image]]');
done();
});
});
it('should update group cover position', function (done) {
var data = {
groupName: 'Test',

14
test/uploads.js
View File

@@ -215,6 +215,13 @@ describe('Upload Controllers', function () {
});
});
it('should not allow svg uploads', function (done) {
socketUser.updateCover({ uid: 1 }, { uid: 1, imageData: 'data:image/svg;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
assert.equal(err.message, '[[error:invalid-image]]');
done();
});
});
it('should not allow non image uploads', function (done) {
socketUser.uploadCroppedPicture({ uid: 1 }, { uid: 1, imageData: 'data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
assert.equal(err.message, '[[error:invalid-image]]');
@@ -222,6 +229,13 @@ describe('Upload Controllers', function () {
});
});
it('should not allow svg uploads', function (done) {
socketUser.uploadCroppedPicture({ uid: 1 }, { uid: 1, imageData: 'data:image/svg;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+' }, function (err) {
assert.equal(err.message, '[[error:invalid-image]]');
done();
});
});
it('should delete users uploads if account is deleted', function (done) {
var jar;
var uid;