Update uploadController.js

* fixed blacklist from being bypassed due to case insensitive extension names
This commit is contained in:
EpikPhailure 2017-06-22 17:35:56 -07:00 committed by GitHub
parent 2a978df1a7
commit daf8f0130c

View File

@ -23,7 +23,7 @@ const upload = multer({
limits: { fileSize: config.uploads.maxSize },
fileFilter: function(req, file, cb) {
if (config.blockedExtensions !== undefined) {
if (config.blockedExtensions.some(extension => path.extname(file.originalname) === extension)) {
if (config.blockedExtensions.some(extension => path.extname(file.originalname).toLowerCase() === extension)) {
return cb('This file extension is not allowed');
}
return cb(null, true);