From e6f83399f3e5d3f245428d2495552317eefe8cfe Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 23 Dec 2013 20:28:59 +0200
Subject: [PATCH] Dont allow upload of non-image formats for user avatar

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/models/user.rb | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index d36af7a8b..cdf6592bc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -113,9 +113,8 @@ class User < ActiveRecord::Base
                       message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" }
 
   validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true
-
   validate :namespace_uniq, if: ->(user) { user.username_changed? }
-
+  validate :avatar_type, if: ->(user) { user.avatar_changed? }
   validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
 
   before_validation :generate_password, on: :create
@@ -244,6 +243,12 @@ class User < ActiveRecord::Base
     end
   end
 
+  def avatar_type
+    unless self.avatar.image?
+      self.errors.add :avatar, "only images allowed"
+    end
+  end
+
   # Groups user has access to
   def authorized_groups
     @authorized_groups ||= begin
-- 
2.11.0