Update uploadController.js

* fixed blacklist from being bypassed due to case insensitive extension names
2024-12-13 07:56:23 +00:00 · 2017-06-22 17:35:56 -07:00 · 2017-06-22 17:35:56 -07:00 · daf8f0130c
commit daf8f0130c
parent 2a978df1a7
1 changed files with 1 additions and 1 deletions
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@ -23,7 +23,7 @@ const upload = multer({
 	limits: { fileSize: config.uploads.maxSize },
 	fileFilter: function(req, file, cb) {
 		if (config.blockedExtensions !== undefined) {
-			if (config.blockedExtensions.some(extension => path.extname(file.originalname) === extension)) {
+			if (config.blockedExtensions.some(extension => path.extname(file.originalname).toLowerCase() === extension)) {
 				return cb('This file extension is not allowed');
 			}
 			return cb(null, true);