From a1f5b9163077f7210764fc5d6d37f440b65c334e Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Thu, 28 Jul 2022 04:15:06 +0200
Subject: [PATCH] enhanced setavatar image check

---
 server.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server.js b/server.js
index 7997aa5..118417e 100644
--- a/server.js
+++ b/server.js
@@ -478,10 +478,11 @@ router.post("/api/setavatar",function(req,res) {
   }
 
   let DOSbuf = Buffer.from( 'ffd8ffc1f151d800ff51d800ffdaffde', 'hex' ); //causes DOS
-  if(avatar.data.equals(DOSbuf)) {
+  if(avatar.data.includes(DOSbuf)) { 
     console.log(3,"DOS image was caught")
     return res.status(400).send('No files were uploaded. (req.files.)');
   }
+  //DOS introduced through jimp (uses jpeg-js)
 
   const avatars = __dirname + '/avatars/'
   ensureExists(avatars, function(err) {