From c725313525466d0f1ed50dc15e91ba15f7c7bf9c Mon Sep 17 00:00:00 2001 From: Xodrium <118943715+malloc62@users.noreply.github.com> Date: Fri, 10 Feb 2023 19:12:57 -0500 Subject: [PATCH] Added more file extensions --- src/lib/db/db.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/lib/db/db.js b/src/lib/db/db.js index 322ea28..407a757 100644 --- a/src/lib/db/db.js +++ b/src/lib/db/db.js @@ -6,6 +6,8 @@ const AUTH_ACTIONS = [ 'vote' ]; +const fileSizeLimit = 1024*1024*5; + import sqlite3 from 'sqlite3' import { open } from 'sqlite' import { hash, compare } from 'bcrypt' @@ -248,14 +250,14 @@ backend.token = async ({cookies}) => { backend.fileCreate = async({img, extension}) => { const imgHash = createHash('md5').update(img).digest('hex'); - let lengthCheck = checkLength(img,'Image',0,1024*1024*5); + let lengthCheck = checkLength(img,'Image',fileSizeLimit); if (lengthCheck) return lengthCheck; const extensionSafe = extension.replace(/(\s+)/g, '\\$1'); - if (extensionSafe != 'png' && extensionSafe != 'jpg' && extensionSafe != 'svg' ) + if (extensionSafe != 'png' && extensionSafe != 'jpg' && extensionSafe != 'svg' || extensionSafe != 'gif') return { success: 'Illegal file extension.' }; writeFile(`${process.cwd()}/db/post-${imgHash}.${extensionSafe}`,img,{encoding: 'base64'});