From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 23 Dec 2013 18:28:59 +0000 (+0200)
Subject: Dont allow upload of non-image formats for user avatar
X-Git-Tag: v6.5.0.rc1~158^2~1
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=e6f83399f3e5d3f245428d2495552317eefe8cfe;p=wvm%2Fgitlab.git

Dont allow upload of non-image formats for user avatar

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---

diff --git a/app/models/user.rb b/app/models/user.rb
index d36af7a8b..cdf6592bc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -113,9 +113,8 @@ class User < ActiveRecord::Base
                       message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
 
   validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true
-
   validate :namespace_uniq, if: ->(user) { user.username_changed? }
-
+  validate :avatar_type, if: ->(user) { user.avatar_changed? }
   validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
 
   before_validation :generate_password, on: :create
@@ -244,6 +243,12 @@ class User < ActiveRecord::Base
     end
   end
 
+  def avatar_type
+    unless self.avatar.image?
+      self.errors.add :avatar, "only images allowed"
+    end
+  end
+
   # Groups user has access to
   def authorized_groups
     @authorized_groups ||= begin