mirror/FileRise
1
0
Fork 0
mirror of https://github.com/error311/FileRise.git synced 2025-12-27 22:39:33 -06:00
Code Issues Packages Projects Releases Wiki Activity

release(v2.10.4): restrict profile picture uploads to safe image MIME types

Browse Source
This commit is contained in:
Ryan
2025-12-19 01:53:00 -05:00
committed by GitHub
parent 60ed15cae8
commit c392d045bc
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGELOG.md
View File

@@ -1,6 +1,11 @@
# Changelog
## Changes 12/19/2025 (v2.10.2 & v2.10.3)
## Changes 12/19/2025 (v2.10.2 & v2.10.3 & v2.10.4)
`release(v2.10.4): restrict profile picture uploads to safe image MIME types`
- Validate selected profile pictures are only JPEG/PNG/GIF before preview/upload.
- Show a friendly error toast and abort on unsupported file types.
`release(v2.10.3): harden profile picture preview (blob URL validation + cleanup)`

5
public/js/userPanel.js
View File

@@ -331,6 +331,11 @@ export async function openUserPanel() {
fileInput.addEventListener('change', async function () {
const f = this.files[0];
if (!f) return;
const allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];
if (!allowedTypes.includes(f.type)) {
showToast(t('error_updating_picture'));
return;
}
// preview immediately
const blobUrl = URL.createObjectURL(f);
if (typeof blobUrl !== 'string' || !blobUrl.startsWith('blob:')) {