From fd7622d9c903f273b5eea1fd7b5dff42ec539351 Mon Sep 17 00:00:00 2001
From: Socks <me@sockspls.com>
Date: Mon, 2 Apr 2018 17:15:35 +0100
Subject: [PATCH] Only allow profile pictures to be image/jpeg, image/jpg,
 image/png

---
 Tweeder.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Tweeder.py b/Tweeder.py
index d5083b6..8c3f93b 100644
--- a/Tweeder.py
+++ b/Tweeder.py
@@ -143,7 +143,12 @@ def user_settings():
         }
         if 'profile_pic' in request.files.keys():
             profile_pic = files.upload_file(request.files['profile_pic'])
-            updated_profile['profile_pic'] = profile_pic
+            if request.files['profile_pic'].content_type in ['image/jpg', 'image/jpeg', 'image/png']:
+                updated_profile['profile_pic'] = profile_pic
+            else:
+                if 'profile_pic' in accounts.account_details(session['username'].lower())['profile'].keys():
+                    profile_pic = accounts.account_details(session['username'].lower())['profile']['profile_pic']
+                    updated_profile['profile_pic'] = profile_pic
         else:
             if 'profile_pic' in accounts.account_details(session['username'].lower())['profile'].keys():
                 profile_pic = accounts.account_details(session['username'].lower())['profile']['profile_pic']