yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Force the allowed avatar image types. We do not want to use the Umbraco:Cms:Content:Imaging:ImageFileTypes as this could very well be different for content.

Browse Source
This commit is contained in:
Bjarke Berg
2022-08-02 11:00:58 +02:00
committed by Sebastiaan Janssen
parent 19b2dee76a
commit 6ce9ea4950
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Umbraco.Web.BackOffice/Controllers/UsersController.cs
View File

@@ -179,8 +179,9 @@ public class UsersController : BackOfficeNotificationsController
var fileName = file.FileName.Trim(new[] { '\"' }).TrimEnd();
var safeFileName = fileName.ToSafeFileName(shortStringHelper);
var ext = safeFileName.Substring(safeFileName.LastIndexOf('.') + 1).ToLower();
const string allowedAvatarFileTypes = "jpeg,jpg,gif,bmp,png,tiff,tif,webp";
if (contentSettings.DisallowedUploadFiles.Contains(ext) == false)
if (allowedAvatarFileTypes.Contains(ext) == true && contentSettings.DisallowedUploadFiles.Contains(ext) == false)
{
//generate a path of known data, we don't want this path to be guessable
user.Avatar = "UserAvatars/" + (user.Id + safeFileName).GenerateHash<SHA1>() + "." + ext;