From 6ff64845c69eafbbf98cae759f186ed3248cb808 Mon Sep 17 00:00:00 2001
From: Martii <martii@users.noreply.github.com>
Date: Tue, 5 Dec 2017 02:10:55 -0700
Subject: [PATCH] Bump icon dimension limits one more time

* Consolidate test into an inline function for reuse
* Check detected types and reject the rest... may add to later

NOTES:
* This is as much as I prefer to go *(may change)*... otherwise the user experience on OUJS will be diminished by excessive bandwidth from client to whatever target.
* Ideally these shouldn't be more than 48px by 48px if an author is being nice to their users as well as visitors but do understand some hosting sites kick it up a bit without scaling.

Post #1303
---
 controllers/scriptStorage.js | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/controllers/scriptStorage.js b/controllers/scriptStorage.js
index 228808d5f..fba9a6530 100644
--- a/controllers/scriptStorage.js
+++ b/controllers/scriptStorage.js
@@ -1384,8 +1384,6 @@ exports.storeScript = function (aUser, aMeta, aBuf, aUpdate, aCallback) {
     function (aInnerCallback) {
       // `@icon` validations
       var icon = null;
-      var maxX = 128; // px
-      var maxY = 128; // px
       var buffer = null;
       var fn = null;
       var dimensions = null;
@@ -1393,6 +1391,27 @@ exports.storeScript = function (aUser, aMeta, aBuf, aUpdate, aCallback) {
       var data = null;
       var rDataURIbase64 = /^data:image\/.+;base64,(.*)$/;
 
+      function acceptedImage(aDimensions) {
+        var maxX = 256; //px
+        var maxY = 256; //px
+
+        switch (aDimensions.type) {
+          case 'gif':
+            // fallthrough
+          case 'jpeg':
+            // fallthrough
+          case 'png':
+            // fallthrough
+          case 'svg':
+            // fallthrough
+          case 'ico':
+            if (dimensions.width <= maxX && dimensions.height <= maxY) {
+              return true;
+            }
+        }
+        return false;
+      }
+
       icon = findMeta(aMeta, 'UserScript.icon.0.value');
       if (icon) {
         if (!isFQUrl(icon, false, true)) {
@@ -1421,9 +1440,9 @@ exports.storeScript = function (aUser, aMeta, aBuf, aUpdate, aCallback) {
               return;
             }
 
-            if (dimensions.width > maxX || dimensions.height > maxY) {
+            if (!acceptedImage(dimensions)) {
               aInnerCallback(new statusError({
-                message: '`@icon` dimensions are too large.',
+                message: '`@icon` unsupported file type or dimensions are too large.',
                 code: 400
               }), null);
             } else {
@@ -1453,9 +1472,9 @@ exports.storeScript = function (aUser, aMeta, aBuf, aUpdate, aCallback) {
                 return;
               }
 
-              if (dimensions.width > maxX || dimensions.height > maxY) {
+              if (!acceptedImage(dimensions)) {
                 aInnerCallback(new statusError({
-                  message: '`@icon` dimensions are too large.',
+                  message: '`@icon` unsupported file type or dimensions are too large.',
                   code: 400
                 }), null);
               } else {