From daf8f0130c1f7978d2bd221c1b0151f4a24a6335 Mon Sep 17 00:00:00 2001
From: EpikPhailure <epikphailure@protonmail.com>
Date: Thu, 22 Jun 2017 17:35:56 -0700
Subject: [PATCH] Update uploadController.js

* fixed blacklist from being bypassed due to case insensitive extension names
---
 controllers/uploadController.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/uploadController.js b/controllers/uploadController.js
index ee2dab5..af80d1f 100644
--- a/controllers/uploadController.js
+++ b/controllers/uploadController.js
@@ -23,7 +23,7 @@ const upload = multer({
 	limits: { fileSize: config.uploads.maxSize },
 	fileFilter: function(req, file, cb) {
 		if (config.blockedExtensions !== undefined) {
-			if (config.blockedExtensions.some(extension => path.extname(file.originalname) === extension)) {
+			if (config.blockedExtensions.some(extension => path.extname(file.originalname).toLowerCase() === extension)) {
 				return cb('This file extension is not allowed');
 			}
 			return cb(null, true);