Skip to content

Commit

Permalink
Limit formats of uploaded images to jpeg/webp/svg (#858)
Browse files Browse the repository at this point in the history
  • Loading branch information
@InfiniteStash
InfiniteStash authored Dec 11, 2024
1 parent 7699a57 commit 72fd3bd
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 1 deletion.
11 changes: 11 additions & 0 deletions frontend/src/components/editImages/editImages.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { FC, ChangeEvent, useState } from "react";
import { Button, Col, Form, Row } from "react-bootstrap";
import { useFieldArray } from "react-hook-form";
import type { Control } from "react-hook-form";
import { isApolloError } from "@apollo/client";
import { faImages } from "@fortawesome/free-solid-svg-icons";
import cx from "classnames";

Expand Down Expand Up @@ -55,8 +56,10 @@ const EditImages: FC<EditImagesProps> = ({
const [imageData, setImageData] = useState<string>("");
const [uploading, setUploading] = useState(false);
const [addImage] = useAddImage();
const [error, setError] = useState<string>();

const handleAddImage = () => {
setError("");
setUploading(true);
addImage({
variables: {
Expand All @@ -72,13 +75,18 @@ const EditImages: FC<EditImagesProps> = ({
setImageData("");
}
})
.catch((error: unknown) => {
if (error instanceof Error && isApolloError(error))
setError(error.message);
})
.finally(() => {
setUploading(false);
});
};

const removeImage = () => {
setFile(undefined);
setError("");
setImageData("");
};

Expand Down Expand Up @@ -137,6 +145,9 @@ const EditImages: FC<EditImagesProps> = ({
)
)}
</div>
<Row className="text-end text-danger">
<div>{error}</div>
</Row>
<div className="mt-4 d-flex">
{file && (
<>
Expand Down
1 change: 1 addition & 0 deletions pkg/image/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ func (s *Service) Create(input models.ImageCreateInput) (*models.Image, error) {
if _, err = fileReader.Seek(0, 0); err != nil {
return nil, err
}

if err := populateImageDimensions(fileReader, &newImage); err != nil {
return nil, err
}
Expand Down
7 changes: 6 additions & 1 deletion pkg/image/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"crypto/md5"
"encoding/hex"
"errors"
"fmt"
"image"
_ "image/gif"
"image/jpeg"
Expand All @@ -23,7 +24,7 @@ import (
var ErrImageZeroSize = errors.New("image has 0px dimension")

func populateImageDimensions(imgReader *bytes.Reader, dest *models.Image) error {
img, _, err := image.Decode(imgReader)
img, format, err := image.Decode(imgReader)
if err != nil {
// SVG is not an image so we have to manually check if the image is SVG
if _, readerErr := imgReader.Seek(0, 0); readerErr != nil {
Expand All @@ -42,6 +43,10 @@ func populateImageDimensions(imgReader *bytes.Reader, dest *models.Image) error
return err
}

if format != "jpeg" && format != "webp" {
return fmt.Errorf("unsupported image format: %s", format)
}

dest.Width = int64(img.Bounds().Max.X)
dest.Height = int64(img.Bounds().Max.Y)

Expand Down

0 comments on commit 72fd3bd

Please sign in to comment.