From 33829d5576ea8899dbf0d73c4ec4cf418310372d Mon Sep 17 00:00:00 2001 From: shum Date: Tue, 5 May 2026 07:52:40 +0000 Subject: [PATCH] cli: enforce profile image size limit in --user-image-file Reject the file if the encoded data URL exceeds 12500 bytes - matches the cap mobile and desktop UIs pass to resizeImageToStrSize for profile images. Without this, oversized images would be silently set on the user profile. --- src/Simplex/Chat/Core.hs | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Simplex/Chat/Core.hs b/src/Simplex/Chat/Core.hs index b5db702162..a9e2b77516 100644 --- a/src/Simplex/Chat/Core.hs +++ b/src/Simplex/Chat/Core.hs @@ -228,9 +228,14 @@ loadImageFile path = case map toLower (takeExtension path) of ".jpeg" -> readAs "image/jpg" ext -> pure $ Left $ "--user-image-file: unsupported image extension " <> show ext <> " (only .png, .jpg, .jpeg)" where + -- matches the cap mobile/desktop UIs pass to resizeImageToStrSize for profile images + maxProfileImageSize = 12500 readAs mime = do bs <- BS.readFile path - pure $ Right $ ImageData $ "data:" <> mime <> ";base64," <> decodeUtf8 (B64.encode bs) + let url = "data:" <> mime <> ";base64," <> decodeUtf8 (B64.encode bs) + pure $ if T.length url > maxProfileImageSize + then Left $ "--user-image-file: encoded image size " <> show (T.length url) <> " bytes exceeds max " <> show maxProfileImageSize <> " bytes" + else Right $ ImageData url userStr :: User -> String userStr User {localDisplayName, profile = LocalProfile {fullName}} =