Added support for whitelisting file types

author: Simon Bartlett <simon@securitycompass.com> 2015-01-24 12:11:38 -0500
committer: Simon Bartlett <simon@securitycompass.com> 2015-01-24 12:11:38 -0500
commit: bd26e35b4f0889d13223e1266596207e18c7f91a (patch)
tree: 9335362d74bc1e35b10c0008d292f9a3fcf3f62e /app/core/files.js
parent: 060dde04965f82cda38da63010e8c0c2e65442b5 (diff)
download: lets-chat-bd26e35b4f0889d13223e1266596207e18c7f91a.zip
lets-chat-bd26e35b4f0889d13223e1266596207e18c7f91a.tar.gz
lets-chat-bd26e35b4f0889d13223e1266596207e18c7f91a.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/app/core/files.js b/app/core/files.js
index f4d6674..5565a19 100644
--- a/app/core/files.js
+++ b/app/core/files.js
@@ -23,6 +23,12 @@ FileManager.prototype.create = function(options, cb) {
         return cb('Files are disabled.');
     }
 
+    if (settings.allowed_file_types &&
+        settings.allowed_file_types.length &&
+        !_.include(settings.allowed_file_types, options.file.type)) {
+            return cb('The MIME type ' + options.file.type + ' is not allowed');
+    }
+
     Room.findById(options.room, function(err, room) {
         if (err) {
             console.error(err);
author	Simon Bartlett <simon@securitycompass.com>	2015-01-24 12:11:38 -0500
committer	Simon Bartlett <simon@securitycompass.com>	2015-01-24 12:11:38 -0500
commit	bd26e35b4f0889d13223e1266596207e18c7f91a (patch)
tree	9335362d74bc1e35b10c0008d292f9a3fcf3f62e /app/core/files.js
parent	060dde04965f82cda38da63010e8c0c2e65442b5 (diff)
download	lets-chat-bd26e35b4f0889d13223e1266596207e18c7f91a.zip lets-chat-bd26e35b4f0889d13223e1266596207e18c7f91a.tar.gz lets-chat-bd26e35b4f0889d13223e1266596207e18c7f91a.tar.bz2