isFaultyImage returns false positive response when file.filepath is empty
#20309
Assignees
Labels
issue: bug
Issue reporting a bug
severity: low
If the issue only affects a very niche base of users and an easily implemented workaround can solve
source: core:upload
Source is core/upload package
status: pending reproduction
Waiting for free time to reproduce the issue, or more information
Comments
|
Can you please feel out reproduction steps. |
|
To reproduce the bug you can extend @strapi/plugin-upload. The bug is in the version 4.24.2 of the plugin. src/extensions/upload/overrides.ts /**
* Overriding enhanceAndValidateFile method to validate available file extensions
* node_modules/@strapi/plugin-upload/server/services/upload.js
*/
import { errors } from '@strapi/utils';
import fs from 'fs';
const { ApplicationError } = errors;
const allowedExtensions = [
'.jpg',
'.jpeg',
'.png',
'.webp',
'.svg',
'.pdf',
'.mp4',
];
const isFileExtensionAllowed = (fileExtension) => {
return allowedExtensions.includes(fileExtension);
};
export async function enhanceAndValidateFile(file, fileInfo = {}, metas = {}) {
// @ts-expect-error this will be available on override
const currentFile = await this.formatFileInfo(
{
filename: file.name,
type: file.type,
size: file.size,
},
fileInfo,
{
...metas,
tmpWorkingDirectory: file.tmpWorkingDirectory,
}
);
if (!isFileExtensionAllowed(currentFile?.ext)) {
throw new ApplicationError(
`File type is not allowed. Allowed extentions: ${allowedExtensions.join(
','
)}`
);
}
currentFile.getStream = () => fs.createReadStream(file.path);
const { optimize, isImage, isFaultyImage, isOptimizableImage } = strapi
.plugin('upload')
.service('image-manipulation');
if (await isImage(currentFile)) {
if (await isFaultyImage(currentFile)) {
throw new ApplicationError('File is not a valid image');
}
if (await isOptimizableImage(currentFile)) {
return optimize(currentFile);
}
}
return currentFile;
}src/index.ts import { enhanceAndValidateFile } from './extensions/upload/overrides';
export default {
register({ strapi }) {
/**
* Overriding enhanceAndValidateFile function to validate available file extensions
*/
strapi.plugin('upload').service('upload').enhanceAndValidateFile =
enhanceAndValidateFile;
},
};With this configuration, I get an error `throw new ApplicationError('File is not a valid image') ' when trying to upload an image to the media library. ' Everything worked with the plugin's 4.24.1 version. |
joshuaellis
added
issue: bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Required System information
Describe the bug
I believe there is a bug in the
isFaultyImagefunction implementation on this line. Now, when thestatsfunction returns correct result it will be passed to theresolvecallback and will make the result ofisFaultyImagepositive, which is not the correct result.The correct implementation should be something like this:
pipeline.stats().then(() => resolve(false)).catch(() => resolve(true));The text was updated successfully, but these errors were encountered: