From 9a420d0fcefca2c4e1812d43bcd88f318073efe2 Mon Sep 17 00:00:00 2001 From: chinesepowered Date: Fri, 17 Apr 2026 18:32:58 -0700 Subject: [PATCH] fix(weixin): check full 4-byte PNG magic signature (#2970) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PNG's magic bytes are 89 50 4E 47, but detectImageMime only checked the first three. The WebP branch in the same function correctly checks all four bytes of its signature — the PNG path was clearly an oversight. Extend the PNG check to include 0x47 ('G') for consistency and to eliminate the (admittedly rare) false-positive window. --- packages/channels/weixin/src/WeixinAdapter.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/packages/channels/weixin/src/WeixinAdapter.ts b/packages/channels/weixin/src/WeixinAdapter.ts index 7a5b36b97..561a366f4 100644 --- a/packages/channels/weixin/src/WeixinAdapter.ts +++ b/packages/channels/weixin/src/WeixinAdapter.ts @@ -205,7 +205,12 @@ export class WeixinChannel extends ChannelBase { /** Detect image MIME type from magic bytes. */ function detectImageMime(data: Buffer): string { - if (data[0] === 0x89 && data[1] === 0x50 && data[2] === 0x4e) { + if ( + data[0] === 0x89 && + data[1] === 0x50 && + data[2] === 0x4e && + data[3] === 0x47 + ) { return 'image/png'; } if (data[0] === 0x47 && data[1] === 0x49 && data[2] === 0x46) {