From afa3bb1effc7a7d5bde7f562c4f61d99200118ef Mon Sep 17 00:00:00 2001 From: Thomas Citharel Date: Mon, 21 Oct 2019 13:43:06 +0200 Subject: [PATCH] Allow WebP and Gif pics svg stays forbidden until we can be sure it's fine security-wise Signed-off-by: Thomas Citharel --- js/src/components/PictureUpload.vue | 2 +- lib/mobilizon_web/upload.ex | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/js/src/components/PictureUpload.vue b/js/src/components/PictureUpload.vue index ff36df43e..80ad8bee9 100644 --- a/js/src/components/PictureUpload.vue +++ b/js/src/components/PictureUpload.vue @@ -53,7 +53,7 @@ import { Component, Model, Prop, Vue, Watch } from 'vue-property-decorator'; @Component export default class PictureUpload extends Vue { @Model('change', { type: File }) readonly pictureFile!: File; - @Prop({ type: String, required: false, default: 'image/png,image/jpeg' }) accept; + @Prop({ type: String, required: false, default: 'image/gif,image/png,image/jpeg,image/webp' }) accept; // @ts-ignore @Prop({ type: String, required: false, default() { return this.$t('Avatar'); } }) textFallback!: string; diff --git a/lib/mobilizon_web/upload.ex b/lib/mobilizon_web/upload.ex index 6c32f2898..67c982034 100644 --- a/lib/mobilizon_web/upload.ex +++ b/lib/mobilizon_web/upload.ex @@ -166,7 +166,7 @@ defmodule MobilizonWeb.Upload do defp check_file_size(_, _), do: :ok - @picture_content_types ["image/png", "image/jpg", "image/jpeg", "image/webp"] + @picture_content_types ["image/gif", "image/png", "image/jpg", "image/jpeg", "image/webp"] # Return whether the upload is a picture or not defp get_type(content_type) do if content_type in @picture_content_types do