summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
Diffstat (limited to 'models')
-rw-r--r--models/user.go11
1 files changed, 11 insertions, 0 deletions
diff --git a/models/user.go b/models/user.go
index 653e994263..5ac8658796 100644
--- a/models/user.go
+++ b/models/user.go
@@ -433,6 +433,17 @@ func (u *User) IsPasswordSet() bool {
// UploadAvatar saves custom avatar for user.
// FIXME: split uploads to different subdirs in case we have massive users.
func (u *User) UploadAvatar(data []byte) error {
+ imgCfg, _, err := image.DecodeConfig(bytes.NewReader(data))
+ if err != nil {
+ return fmt.Errorf("DecodeConfig: %v", err)
+ }
+ if imgCfg.Width > setting.AvatarMaxWidth {
+ return fmt.Errorf("Image width is to large: %d > %d", imgCfg.Width, setting.AvatarMaxWidth)
+ }
+ if imgCfg.Height > setting.AvatarMaxHeight {
+ return fmt.Errorf("Image height is to large: %d > %d", imgCfg.Height, setting.AvatarMaxHeight)
+ }
+
img, _, err := image.Decode(bytes.NewReader(data))
if err != nil {
return fmt.Errorf("Decode: %v", err)
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-15 02:20:30 +0000