From b693d0e7285825e684e088cf559155dcc3b2fdcb Mon Sep 17 00:00:00 2001
From: Boy132 <Boy132@users.noreply.github.com>
Date: Sun, 22 Mar 2026 19:18:46 +0100
Subject: [PATCH] Do not allow all file extensions for egg image in egg
 importer (#2279)

---
 app/Services/Eggs/Sharing/EggImporterService.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/app/Services/Eggs/Sharing/EggImporterService.php b/app/Services/Eggs/Sharing/EggImporterService.php
index c8fced139..10e8cfa9c 100644
--- a/app/Services/Eggs/Sharing/EggImporterService.php
+++ b/app/Services/Eggs/Sharing/EggImporterService.php
@@ -264,7 +264,7 @@ class EggImporterService
             return;
         }
 
-        $extension = $matches[1];
+        $extension = strtolower($matches[1]);
         $data = base64_decode($matches[2]);
 
         if (!$data) {
@@ -272,11 +272,17 @@ class EggImporterService
         }
 
         $normalizedExtension = match ($extension) {
-            'svg+xml' => 'svg',
-            'jpeg' => 'jpg',
-            default => $extension,
+            'svg+xml', 'svg' => 'svg',
+            'jpeg', 'jpg' => 'jpg',
+            'png' => 'png',
+            'webp' => 'webp',
+            default => null,
         };
 
+        if (is_null($normalizedExtension)) {
+            return;
+        }
+
         Storage::disk('public')->put(Egg::ICON_STORAGE_PATH . "/$egg->uuid.$normalizedExtension", $data);
     }