From 72fd3bdf9c978f81db8ccd366c9141e25db75216 Mon Sep 17 00:00:00 2001 From: InfiniteStash <117855276+InfiniteStash@users.noreply.github.com> Date: Wed, 11 Dec 2024 23:01:14 +0100 Subject: [PATCH] Limit formats of uploaded images to jpeg/webp/svg (#858) --- frontend/src/components/editImages/editImages.tsx | 11 +++++++++++ pkg/image/service.go | 1 + pkg/image/utils.go | 7 ++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/frontend/src/components/editImages/editImages.tsx b/frontend/src/components/editImages/editImages.tsx index bfc8a666a..13c0b41e6 100644 --- a/frontend/src/components/editImages/editImages.tsx +++ b/frontend/src/components/editImages/editImages.tsx @@ -2,6 +2,7 @@ import { FC, ChangeEvent, useState } from "react"; import { Button, Col, Form, Row } from "react-bootstrap"; import { useFieldArray } from "react-hook-form"; import type { Control } from "react-hook-form"; +import { isApolloError } from "@apollo/client"; import { faImages } from "@fortawesome/free-solid-svg-icons"; import cx from "classnames"; @@ -55,8 +56,10 @@ const EditImages: FC = ({ const [imageData, setImageData] = useState(""); const [uploading, setUploading] = useState(false); const [addImage] = useAddImage(); + const [error, setError] = useState(); const handleAddImage = () => { + setError(""); setUploading(true); addImage({ variables: { @@ -72,6 +75,10 @@ const EditImages: FC = ({ setImageData(""); } }) + .catch((error: unknown) => { + if (error instanceof Error && isApolloError(error)) + setError(error.message); + }) .finally(() => { setUploading(false); }); @@ -79,6 +86,7 @@ const EditImages: FC = ({ const removeImage = () => { setFile(undefined); + setError(""); setImageData(""); }; @@ -137,6 +145,9 @@ const EditImages: FC = ({ ) )} + +
{error}
+
{file && ( <> diff --git a/pkg/image/service.go b/pkg/image/service.go index 8a71df06c..8d88b829c 100644 --- a/pkg/image/service.go +++ b/pkg/image/service.go @@ -81,6 +81,7 @@ func (s *Service) Create(input models.ImageCreateInput) (*models.Image, error) { if _, err = fileReader.Seek(0, 0); err != nil { return nil, err } + if err := populateImageDimensions(fileReader, &newImage); err != nil { return nil, err } diff --git a/pkg/image/utils.go b/pkg/image/utils.go index cf363b2c2..1f33c3188 100644 --- a/pkg/image/utils.go +++ b/pkg/image/utils.go @@ -5,6 +5,7 @@ import ( "crypto/md5" "encoding/hex" "errors" + "fmt" "image" _ "image/gif" "image/jpeg" @@ -23,7 +24,7 @@ import ( var ErrImageZeroSize = errors.New("image has 0px dimension") func populateImageDimensions(imgReader *bytes.Reader, dest *models.Image) error { - img, _, err := image.Decode(imgReader) + img, format, err := image.Decode(imgReader) if err != nil { // SVG is not an image so we have to manually check if the image is SVG if _, readerErr := imgReader.Seek(0, 0); readerErr != nil { @@ -42,6 +43,10 @@ func populateImageDimensions(imgReader *bytes.Reader, dest *models.Image) error return err } + if format != "jpeg" && format != "webp" { + return fmt.Errorf("unsupported image format: %s", format) + } + dest.Width = int64(img.Bounds().Max.X) dest.Height = int64(img.Bounds().Max.Y)