mirror of
https://github.com/BobbyWibowo/lolisafe.git
synced 2024-12-13 07:56:23 +00:00
Update uploadController.js
* fixed blacklist from being bypassed due to case insensitive extension names
This commit is contained in:
parent
2a978df1a7
commit
daf8f0130c
@ -23,7 +23,7 @@ const upload = multer({
|
||||
limits: { fileSize: config.uploads.maxSize },
|
||||
fileFilter: function(req, file, cb) {
|
||||
if (config.blockedExtensions !== undefined) {
|
||||
if (config.blockedExtensions.some(extension => path.extname(file.originalname) === extension)) {
|
||||
if (config.blockedExtensions.some(extension => path.extname(file.originalname).toLowerCase() === extension)) {
|
||||
return cb('This file extension is not allowed');
|
||||
}
|
||||
return cb(null, true);
|
||||
|
Loading…
Reference in New Issue
Block a user