From 930a441d63e628dc1e672cbcbaa4ef73f172e9a0 Mon Sep 17 00:00:00 2001
From: Anish Kapoor <107356645+cinderbrick1212@users.noreply.github.com>
Date: Tue, 19 May 2026 01:45:37 +0530
Subject: [PATCH 1/2] [AO3-7473] Restrict allowed icon formats to specific
 image types

---
 app/models/skin.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/skin.rb b/app/models/skin.rb
index 78d8734e01d..0dd1c4e7df3 100755
--- a/app/models/skin.rb
+++ b/app/models/skin.rb
@@ -55,7 +55,7 @@ class Skin < ApplicationRecord
   # i18n-tasks-use t("errors.attributes.icon.invalid_format")
   # i18n-tasks-use t("errors.attributes.icon.too_large")
   validates :icon, attachment: {
-    allowed_formats: %r{image/\S+},
+    allowed_formats: %w[image/gif image/jpeg image/png],
     maximum_size: ArchiveConfig.ICON_SIZE_KB_MAX.kilobytes
   }
 

From e2465325f020561039d38f7dfc2dde4a94a302cb Mon Sep 17 00:00:00 2001
From: Anish Kapoor <107356645+cinderbrick1212@users.noreply.github.com>
Date: Tue, 19 May 2026 01:46:26 +0530
Subject: [PATCH 2/2] [AO3-7473] Restrict allowed icon formats to specific
 image types

---
 app/models/collection.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/collection.rb b/app/models/collection.rb
index b51005911f7..eec1fa746a8 100755
--- a/app/models/collection.rb
+++ b/app/models/collection.rb
@@ -10,7 +10,7 @@ class Collection < ApplicationRecord
   # i18n-tasks-use t("errors.attributes.icon.invalid_format")
   # i18n-tasks-use t("errors.attributes.icon.too_large")
   validates :icon, attachment: {
-    allowed_formats: %r{image/\S+},
+    allowed_formats: %w[image/gif image/jpeg image/png],
     maximum_size: ArchiveConfig.ICON_SIZE_KB_MAX.kilobytes
   }