Merge branch 'develop'

author: syuilo <syuilotan@yahoo.co.jp> 2019-06-16 16:09:04 +0900
committer: syuilo <syuilotan@yahoo.co.jp> 2019-06-16 16:09:04 +0900
commit: 5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d (patch)
tree: ed1475a6bf243dcff6af71d90c8c299ee9d2cedb /src/server/proxy
parent: Merge branch 'develop' (diff)
parent: 11.21.0 (diff)
download: misskey-5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d.tar.gz
misskey-5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d.tar.bz2
misskey-5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/server/proxy/proxy-media.ts b/src/server/proxy/proxy-media.ts
index e16665f6cd..4535a0fb5d 100644
--- a/src/server/proxy/proxy-media.ts
+++ b/src/server/proxy/proxy-media.ts
@@ -17,6 +17,8 @@ export async function proxyMedia(ctx: Koa.BaseContext) {
 
 		const [type, ext] = await detectMine(path);
 
+		if (!type.startsWith('image/')) throw 403;
+
 		let image: IImage;
 
 		if ('static' in ctx.query && ['image/png', 'image/gif'].includes(type)) {
author	syuilo <syuilotan@yahoo.co.jp>	2019-06-16 16:09:04 +0900
committer	syuilo <syuilotan@yahoo.co.jp>	2019-06-16 16:09:04 +0900
commit	5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d (patch)
tree	ed1475a6bf243dcff6af71d90c8c299ee9d2cedb /src/server/proxy
parent	Merge branch 'develop' (diff)
parent	11.21.0 (diff)
download	misskey-5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d.tar.gz misskey-5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d.tar.bz2 misskey-5cc1aab5301ad1f9166bbf0420fbaf35fd623c0d.zip