From eb4f625bbdadd63a32b9d6f09714b721e510defe Mon Sep 17 00:00:00 2001
From: syuilo <syuilotan@yahoo.co.jp>
Date: Mon, 10 Sep 2018 02:09:33 +0900
Subject: [PATCH] Fix #2096

---
 src/server/api/endpoints/i/update.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/server/api/endpoints/i/update.ts b/src/server/api/endpoints/i/update.ts
index 585339e249..953a6aec2a 100644
--- a/src/server/api/endpoints/i/update.ts
+++ b/src/server/api/endpoints/i/update.ts
@@ -84,6 +84,7 @@ export default async (params: any, user: ILocalUser, app: IApp) => new Promise(a
 		});
 
 		if (avatar == null) return rej('avatar not found');
+		if (!avatar.contentType.startsWith('image/')) return rej('avatar not an image');
 
 		updates.avatarUrl = avatar.metadata.thumbnailUrl || avatar.metadata.url || `${config.drive_url}/${avatar._id}`;
 
@@ -98,6 +99,7 @@ export default async (params: any, user: ILocalUser, app: IApp) => new Promise(a
 		});
 
 		if (banner == null) return rej('banner not found');
+		if (!banner.contentType.startsWith('image/')) return rej('banner not an image');
 
 		updates.bannerUrl = banner.metadata.url || `${config.drive_url}/${banner._id}`;