From 85dc423f7090da0a52c73eb66faf22ddb20efff9 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Sat, 19 Sep 2020 01:45:44 +0000
Subject: Add latest changes from gitlab-org/gitlab@13-4-stable-ee

---
 lib/gitlab/file_type_detection.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib/gitlab/file_type_detection.rb')

diff --git a/lib/gitlab/file_type_detection.rb b/lib/gitlab/file_type_detection.rb
index 475d50e37bf..38ccd2c38a9 100644
--- a/lib/gitlab/file_type_detection.rb
+++ b/lib/gitlab/file_type_detection.rb
@@ -20,6 +20,8 @@
 module Gitlab
   module FileTypeDetection
     SAFE_IMAGE_EXT = %w[png jpg jpeg gif bmp tiff ico].freeze
+    SAFE_IMAGE_FOR_SCALING_EXT = %w[png jpg jpeg].freeze
+
     PDF_EXT = 'pdf'
     # We recommend using the .mp4 format over .mov. Videos in .mov format can
     # still be used but you really need to make sure they are served with the
@@ -46,6 +48,12 @@ module Gitlab
       extension_match?(SAFE_IMAGE_EXT)
     end
 
+    # For the time being, we restrict image scaling requests to the most popular and safest formats only,
+    # which are JPGs and PNGs. See https://gitlab.com/gitlab-org/gitlab/-/issues/237848 for more info.
+    def image_safe_for_scaling?
+      extension_match?(SAFE_IMAGE_FOR_SCALING_EXT)
+    end
+
     def video?
       extension_match?(SAFE_VIDEO_EXT)
     end
-- 
cgit v1.2.3