Browse Source

Limit uploaded avatar image-size to 4096x3072 by default (#4353)

for-closed-social
Kim "BKC" Carlbäcker 6 years ago
committed by Lauris BH
parent
commit
cbee921c28
3 changed files with 19 additions and 0 deletions
  1. +4
    -0
      custom/conf/app.ini.sample
  2. +11
    -0
      models/user.go
  3. +4
    -0
      modules/setting/setting.go

+ 4
- 0
custom/conf/app.ini.sample View File

@ -402,6 +402,10 @@ SESSION_LIFE_TIME = 86400
[picture] [picture]
AVATAR_UPLOAD_PATH = data/avatars AVATAR_UPLOAD_PATH = data/avatars
; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
; used when resizing the image.
AVATAR_MAX_WIDTH = 4096
AVATAR_MAX_HEIGHT = 3072
; Chinese users can choose "duoshuo" ; Chinese users can choose "duoshuo"
; or a custom avatar source, like: http://cn.gravatar.com/avatar/ ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
GRAVATAR_SOURCE = gravatar GRAVATAR_SOURCE = gravatar

+ 11
- 0
models/user.go View File

@ -433,6 +433,17 @@ func (u *User) IsPasswordSet() bool {
// UploadAvatar saves custom avatar for user. // UploadAvatar saves custom avatar for user.
// FIXME: split uploads to different subdirs in case we have massive users. // FIXME: split uploads to different subdirs in case we have massive users.
func (u *User) UploadAvatar(data []byte) error { func (u *User) UploadAvatar(data []byte) error {
imgCfg, _, err := image.DecodeConfig(bytes.NewReader(data))
if err != nil {
return fmt.Errorf("DecodeConfig: %v", err)
}
if imgCfg.Width > setting.AvatarMaxWidth {
return fmt.Errorf("Image width is to large: %d > %d", imgCfg.Width, setting.AvatarMaxWidth)
}
if imgCfg.Height > setting.AvatarMaxHeight {
return fmt.Errorf("Image height is to large: %d > %d", imgCfg.Height, setting.AvatarMaxHeight)
}
img, _, err := image.Decode(bytes.NewReader(data)) img, _, err := image.Decode(bytes.NewReader(data))
if err != nil { if err != nil {
return fmt.Errorf("Decode: %v", err) return fmt.Errorf("Decode: %v", err)

+ 4
- 0
modules/setting/setting.go View File

@ -341,6 +341,8 @@ var (
// Picture settings // Picture settings
AvatarUploadPath string AvatarUploadPath string
AvatarMaxWidth int
AvatarMaxHeight int
GravatarSource string GravatarSource string
GravatarSourceURL *url.URL GravatarSourceURL *url.URL
DisableGravatar bool DisableGravatar bool
@ -1024,6 +1026,8 @@ func NewContext() {
if !filepath.IsAbs(AvatarUploadPath) { if !filepath.IsAbs(AvatarUploadPath) {
AvatarUploadPath = path.Join(AppWorkPath, AvatarUploadPath) AvatarUploadPath = path.Join(AppWorkPath, AvatarUploadPath)
} }
AvatarMaxWidth = sec.Key("AVATAR_MAX_WIDTH").MustInt(4096)
AvatarMaxHeight = sec.Key("AVATAR_MAX_HEIGHT").MustInt(3072)
switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source { switch source := sec.Key("GRAVATAR_SOURCE").MustString("gravatar"); source {
case "duoshuo": case "duoshuo":
GravatarSource = "http://gravatar.duoshuo.com/avatar/" GravatarSource = "http://gravatar.duoshuo.com/avatar/"

Loading…
Cancel
Save