github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-23 23:29:59 +08:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Added extension whitelist for image uploads

Browse Source 
- A continuation of the security issues addressed in v0.25.3
This commit is contained in:
Dan Brown
2019-03-21 19:43:15 +00:00
parent 37b91b6b0e
commit f5fe524e6c
5 changed files with 38 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/ImageController.php
View File

@ -119,7 +119,7 @@ class ImageController extends Controller
{
$this->checkPermission('image-create-all');
$this->validate($request, [
'file' => 'mimes:jpeg,png,gif,bmp,webp,tiff'
'file' => 'image_extension|mimes:jpeg,png,gif,bmp,webp,tiff'
]);
if (!$this->imageRepo->isValidType($type)) {