akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

various security fixes

Browse Source 
Sync secrets encrypted at rest
Sync endpoint hardening
Avatar upload SVG restriction
This commit is contained in:
fuomag9
2026-01-25 11:27:14 +01:00
parent 6fb39dc809
commit 90916bd709
5 changed files with 281 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/api/user/update-avatar/route.ts
+4 -3
View File
@@ -22,11 +22,12 @@ export async function POST(request: NextRequest) {
);
}
// If avatarUrl is provided, validate it's a base64 image
// If avatarUrl is provided, validate it's a base64 image (png/jpeg/webp only)
if (avatarUrl !== null) {
if (!avatarUrl.startsWith("data:image/")) {
const match = avatarUrl.match(/^data:(image\/(png|jpeg|jpg|webp));base64,/i);
if (!match) {
return NextResponse.json(
{ error: "Avatar must be a base64-encoded image" },
{ error: "Avatar must be a base64-encoded PNG, JPEG, or WebP image" },
{ status: 400 }
);
}