From f9823d10280db91ba25787f8b025f7eb480b896a Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Tue, 20 Dec 2016 08:52:26 +0000
Subject: [PATCH] Restricts the list of file types that can be thumbnailed.

git-svn-id: http://svn.redmine.org/redmine/trunk@16092 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 lib/redmine/thumbnail.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/redmine/thumbnail.rb b/lib/redmine/thumbnail.rb
index 9321c7bb3..79eaf4ab7 100644
--- a/lib/redmine/thumbnail.rb
+++ b/lib/redmine/thumbnail.rb
@@ -23,13 +23,14 @@ module Redmine
     extend Redmine::Utils::Shell
 
     CONVERT_BIN = (Redmine::Configuration['imagemagick_convert_command'] || 'convert').freeze
+    ALLOWED_TYPES = %w(image/bmp image/gif image/jpeg image/png)
 
     # Generates a thumbnail for the source image to target
     def self.generate(source, target, size)
       return nil unless convert_available?
       unless File.exists?(target)
-        # Make sure we only invoke Imagemagick if this is actually an image
-        unless File.open(source) {|f| MimeMagic.by_magic(f).try(:image?)}
+        # Make sure we only invoke Imagemagick if the file type is allowed
+        unless File.open(source) {|f| ALLOWED_TYPES.include? MimeMagic.by_magic(f).try(:type) }
           return nil
         end
         directory = File.dirname(target)
-- 
2.39.5