Georges-Antoine Assi 53f14f5710 fix(backend): validate uploaded images with libmagic before storing ...

Avatar, ROM artwork, and collection artwork uploads now sniff the file
header with libmagic and reject anything that isn't PNG/JPEG/WebP/GIF,
saving the file with an extension derived from the detected MIME rather
than the user-supplied filename. Pairs with the raw asset endpoint,
which decides inline vs attachment from the on-disk extension.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-09 09:18:02 -04:00

20 KiB

Raw Permalink Blame History

View Raw