From 3fd2849a3783a4c20086d92be15e17ef30546de1 Mon Sep 17 00:00:00 2001
From: Pavel Djundik <github@xpaw.me>
Date: Thu, 22 Jun 2017 22:32:13 +0300
Subject: [PATCH] Make sure thumbnail is a valid image

Fixes #1239.
Fixes #1180.
---
 src/plugins/irc-events/link.js | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/plugins/irc-events/link.js b/src/plugins/irc-events/link.js
index 1d3531f7..e7e6131f 100644
--- a/src/plugins/irc-events/link.js
+++ b/src/plugins/irc-events/link.js
@@ -58,6 +58,25 @@ function parse(msg, url, res, client) {
 			$("meta[property=\"og:image\"]").attr("content")
 			|| $("meta[name=\"twitter:image:src\"]").attr("content")
 			|| "";
+
+		// Make sure thumbnail is a valid url
+		if (!/^https?:\/\//.test(toggle.thumb)) {
+			toggle.thumb = "";
+		}
+
+		// Verify that thumbnail pic exists and is under allowed size
+		if (toggle.thumb.length) {
+			fetch(escapeHeader(toggle.thumb), (resThumb) => {
+				if (!(/^image\/.+/.test(resThumb.type)) || resThumb.size > (Helper.config.prefetchMaxImageSize * 1024)) {
+					toggle.thumb = "";
+				}
+
+				client.emit("toggle", toggle);
+			});
+
+			return;
+		}
+
 		break;
 
 	case "image/png":
@@ -96,7 +115,7 @@ function fetch(url, cb) {
 	var limit = Helper.config.prefetchMaxImageSize * 1024;
 	req
 		.on("response", function(res) {
-			if (!(/(image\/.+)/.test(res.headers["content-type"]))) {
+			if (!(/^image\/.+/.test(res.headers["content-type"]))) {
 				// if not image, limit download to 10kb, since we need only meta tags
 				limit = 1024 * 10;
 			}