Fixed missing file type validation

index.php

@@ -200,6 +200,19 @@ if (!isset($_POST['submit'])) {
             return response;
         }
 
+        function validateFileType(file) {
+            if (file.type && (file.type.startsWith('image/') || file.type.startsWith('video/'))) {
+                return true;
+            }
+            const parts = file.name.split('.');
+            const extension = parts.length > 0 ? parts[parts.length-1] : '';
+            if (['jpg', 'jpeg', 'png', 'heic', 'heif', 'mov', 'mp4', 'mkv'].includes(extension)) {
+                return true;
+            }
+            console.warn('Invalid file type', extension);
+            return false;
+        }
+
         albumInput.addEventListener('change', (event) => {
             console.log(event);
             albumAnchor.href = `https://photos.phlaym.net${albumInput.selectedOptions[0].dataset.url}`;
@@ -272,8 +285,10 @@ if (!isset($_POST['submit'])) {
                             sizeInMb,
                             'MB big, which is over the limit of',
                             maxFileSize);
+                    } else if(validateFileType(file)) {
+                        fileList.push(file);
                     }
-                    fileList.push(file);
+
                 }
             }
             totalProgress.max = fileList.length;
@@ -296,9 +311,12 @@ if (!isset($_POST['submit'])) {
                 ? 'Die folgenden Dateien sind'
                 : 'Die folgende Datei ist';
                 errorDiv.innerHTML += ```
-                    ${pluralizedMessage} zu groß: ${names}.
+                    ${pluralizedMessage} zu groß und wird beim Upload ignoriert: ${names}.
                     Jede Datei darf max. ${maxFileSize} MB groß sein.```;
+            }
+            if (!fileList.length) {
                 submitButton.disabled = true;
+                errorDiv.innerHTML += 'Keine gültigen Bilder oder Videos gefunden';
             }
         });
     </script>