github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:34:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

add image authorization on upload_avatar

Browse Source
This commit is contained in:
dbarbera
2013-10-12 14:11:44 +02:00
parent 23bf4436f5
commit 9106596a9a
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/users_controller.rb
View File

@ -302,6 +302,10 @@ class UsersController < ApplicationController
file = params[:file] || params[:files].first
unless SiteSetting.authorized_image?(file)
return render status: 422, text: I18n.t("upload.images.unknown_image_type")
end
# check the file size (note: this might also be done in the web server)
filesize = File.size(file.tempfile)
max_size_kb = SiteSetting.max_image_size_kb * 1024