From 500c1ba3c17954e5d3d85cf589a2b8d86ee876b6 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Fri, 9 Sep 2022 11:31:11 +0200 Subject: [PATCH] check filetype (thx drT) --- files/routes/static.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/routes/static.py b/files/routes/static.py index ebcd86d2c..42af97baf 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -461,7 +461,8 @@ def submit_marsey(v): return {"error":"Image uploads are not allowed through TOR."} file = request.files["image"] - if not file: return {"error": "You need to submit an image!"} + if not file or not file.content_type.startswith('image/'): + return {"error": "You need to submit an image!"} name = request.values.get('name').lower() if not marsey_regex.fullmatch(name):