From b01adce1564cde8496e2a7688e936a9fb9c3729f Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sat, 20 Sep 2014 20:42:19 +0200
Subject: [PATCH] Added stricter validation to user avatars

---
 src/FormData/UserEditFormData.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/FormData/UserEditFormData.php b/src/FormData/UserEditFormData.php
index 241c8fd0..21935108 100644
--- a/src/FormData/UserEditFormData.php
+++ b/src/FormData/UserEditFormData.php
@@ -38,6 +38,16 @@ class UserEditFormData implements \Szurubooru\IValidatable
 		if ($this->email !== null)
 			$validator->validateEmail($this->email);
 
+		if (strlen($this->avatarContent) > 1024 * 512)
+			throw new \DomainException('Avatar content must have at most 512 kilobytes.');
+
+		if ($this->avatarContent)
+		{
+			$avatarContentMimeType = \Szurubooru\Helpers\MimeHelper::getMimeTypeFromBuffer($this->avatarContent);
+			if (!\Szurubooru\Helpers\MimeHelper::isImage($avatarContentMimeType))
+				throw new \DomainException('Avatar must be an image (detected: ' . $avatarContentMimeType . ').');
+		}
+
 		if ($this->browsingSettings !== null)
 		{
 			if (!is_string($this->browsingSettings))