Skip to content

Accepted media type image allows files with .jpg extension to be uploaded even if contents are not an image #14904

New issue
New issue
Open
Open
Accepted media type image allows files with .jpg extension to be uploaded even if contents are not an image#14904
Labels
TaskedAdded to the internal issue tracking
Milestone
3.5.0
@kendrickluong

Description

@kendrickluong
kendrickluong
opened on Jul 1, 2019

Description:

Accepted Media Types filter on file uploads set to image/* incorrectly accepts files that are not images but have .jpg extension

Steps to reproduce:

  1. Settings > File Upload > Accepted Media Types: images/*
  2. Upload an actual_image.jpg file goes through
  3. Upload random.cer file Media Type Not Accepted Application/pkix-cert
  4. Rename random.cer to random.jpg file goes through

Expected behavior:

random.jpg should not be uploaded

Server Setup Information:

  • Version of Rocket.Chat Server: 1.0.3
  • Operating System: RHEL 7.2 (reports as 4.15.0-1035-aws)
  • Deployment Method: docker
  • Number of Running Instances: 3
  • DB Replicaset Oplog:
  • NodeJS Version: 8.11.4
  • MongoDB Version: 3.6.12

Metadata

Metadata

Assignees

No one assigned

    Labels

    TaskedAdded to the internal issue tracking

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions