From bd53eaec28c6966e3bf8f828bc2f5ae6a8f0444f Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Wed, 13 Nov 2024 12:04:55 +0530
Subject: [PATCH] [server] Add validation for object_keys

---
 server/pkg/controller/file.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/pkg/controller/file.go b/server/pkg/controller/file.go
index 1774e4cc1c..30e3fddc7b 100644
--- a/server/pkg/controller/file.go
+++ b/server/pkg/controller/file.go
@@ -64,6 +64,9 @@ func (c *FileController) validateFileCreateOrUpdateReq(userID int64, file ente.F
 	if !strings.HasPrefix(file.File.ObjectKey, objectPathPrefix) || !strings.HasPrefix(file.Thumbnail.ObjectKey, objectPathPrefix) {
 		return stacktrace.Propagate(ente.ErrBadRequest, "Incorrect object key reported")
 	}
+	if file.File.ObjectKey == file.Thumbnail.ObjectKey {
+		return stacktrace.Propagate(ente.ErrBadRequest, "file and thumbnail object keys are same")
+	}
 	isCreateFileReq := file.ID == 0
 	// Check for attributes for fileCreation. We don't send key details on update
 	if isCreateFileReq {