Update uploadController.js

* fixed blacklist from being bypassed due to case insensitive extension names
author: EpikPhailure <[email protected]> 2017-06-22 17:35:56 -0700
committer: GitHub <[email protected]> 2017-06-22 17:35:56 -0700
commit: daf8f0130c1f7978d2bd221c1b0151f4a24a6335 (patch)
tree: a2f0b4aa2075063563d7e623b7f81cb35f7f18b3
parent: Made that an ID (diff)
download: host.fuwn.me-daf8f0130c1f7978d2bd221c1b0151f4a24a6335.tar.xz
host.fuwn.me-daf8f0130c1f7978d2bd221c1b0151f4a24a6335.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index ee2dab5..af80d1f 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -23,7 +23,7 @@ const upload = multer({
 	limits: { fileSize: config.uploads.maxSize },
 	fileFilter: function(req, file, cb) {
 		if (config.blockedExtensions !== undefined) {
-			if (config.blockedExtensions.some(extension => path.extname(file.originalname) === extension)) {
+			if (config.blockedExtensions.some(extension => path.extname(file.originalname).toLowerCase() === extension)) {
 				return cb('This file extension is not allowed');
 			}
 			return cb(null, true);
author	EpikPhailure <[email protected]>	2017-06-22 17:35:56 -0700
committer	GitHub <[email protected]>	2017-06-22 17:35:56 -0700
commit	daf8f0130c1f7978d2bd221c1b0151f4a24a6335 (patch)
tree	a2f0b4aa2075063563d7e623b7f81cb35f7f18b3
parent	Made that an ID (diff)
download	host.fuwn.me-daf8f0130c1f7978d2bd221c1b0151f4a24a6335.tar.xz host.fuwn.me-daf8f0130c1f7978d2bd221c1b0151f4a24a6335.zip