Add latest changes from gitlab-org/gitlab@13-4-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-19 04:45:44 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-09-19 04:45:44 +0300
commit: 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch)
tree: 9160f299afd8c80c038f08e1545be119f5e3f1e1 /lib/gitlab/file_type_detection.rb
parent: 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/gitlab/file_type_detection.rb b/lib/gitlab/file_type_detection.rb
index 475d50e37bf..38ccd2c38a9 100644
--- a/lib/gitlab/file_type_detection.rb
+++ b/lib/gitlab/file_type_detection.rb
@@ -20,6 +20,8 @@
 module Gitlab
   module FileTypeDetection
     SAFE_IMAGE_EXT = %w[png jpg jpeg gif bmp tiff ico].freeze
+    SAFE_IMAGE_FOR_SCALING_EXT = %w[png jpg jpeg].freeze
+
     PDF_EXT = 'pdf'
     # We recommend using the .mp4 format over .mov. Videos in .mov format can
     # still be used but you really need to make sure they are served with the
@@ -46,6 +48,12 @@ module Gitlab
       extension_match?(SAFE_IMAGE_EXT)
     end
 
+    # For the time being, we restrict image scaling requests to the most popular and safest formats only,
+    # which are JPGs and PNGs. See https://gitlab.com/gitlab-org/gitlab/-/issues/237848 for more info.
+    def image_safe_for_scaling?
+      extension_match?(SAFE_IMAGE_FOR_SCALING_EXT)
+    end
+
     def video?
       extension_match?(SAFE_VIDEO_EXT)
     end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-19 04:45:44 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-09-19 04:45:44 +0300
commit	85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch)
tree	9160f299afd8c80c038f08e1545be119f5e3f1e1 /lib/gitlab/file_type_detection.rb
parent	15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff)