wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Properly check mime type of the uploaded file

Browse source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl 2018-05-17 11:24:19 +02:00
parent 0dcb6b2675
commit 2bf51c7b9e
No known key found for this signature in database
GPG key ID: 4C614C6ED2CDE6DF
2 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apps/theming/lib/Controller/ThemingController.php
View file

@ -248,8 +248,9 @@ class ThemingController extends Controller {
}
$target = $folder->newFile($key);
$supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'text/svg'];
if (!in_array($image['type'], $supportedFormats)) {
$supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'image/svg'];
$detectedMimeType = mime_content_type($image['tmp_name']);
if (!in_array($image['type'], $supportedFormats) || !in_array($detectedMimeType, $supportedFormats)) {
return new DataResponse(
[
'data' => [

13
apps/theming/tests/Controller/ThemingControllerTest.php
View file

@ -255,7 +255,7 @@ class ThemingControllerTest extends TestCase {
->method('getUploadedFile')
->with('image')
->willReturn([
'tmp_name' => 'logo.pdf',
'tmp_name' => __DIR__ . '/../../../../tests/data/lorem.txt',
'type' => 'application/pdf',
'name' => 'logo.pdf',
'error' => 0,
@ -295,7 +295,7 @@ class ThemingControllerTest extends TestCase {
['image/gif'],
['image/png'],
['image/svg+xml'],
['text/svg'],
['image/svg']
];
}
@ -305,6 +305,7 @@ class ThemingControllerTest extends TestCase {
$destination = \OC::$server->getTempManager()->getTemporaryFolder();
touch($tmpLogo);
copy(__DIR__ . '/../../../../tests/data/testimagelarge.svg', $tmpLogo);
$this->request
->expects($this->at(0))
->method('getParam')
@ -377,10 +378,10 @@ class ThemingControllerTest extends TestCase {
/** @dataProvider dataUpdateImages */
public function testUpdateLogoLoginScreenUpload($folderExists) {
$tmpLogo = \OC::$server->getTempManager()->getTemporaryFolder() . '/logo.svg';
$tmpLogo = \OC::$server->getTempManager()->getTemporaryFolder() . 'logo.png';
touch($tmpLogo);
file_put_contents($tmpLogo, file_get_contents(__DIR__ . '/../../../../tests/data/desktopapp.png'));
copy(__DIR__ . '/../../../../tests/data/desktopapp.png', $tmpLogo);
$this->request
->expects($this->at(0))
->method('getParam')
@ -392,7 +393,7 @@ class ThemingControllerTest extends TestCase {
->with('image')
->willReturn([
'tmp_name' => $tmpLogo,
'type' => 'text/svg',
'type' => 'image/svg+xml',
'name' => 'logo.svg',
'error' => 0,
]);
@ -524,7 +525,7 @@ class ThemingControllerTest extends TestCase {
->with('image')
->willReturn([
'tmp_name' => '',
'type' => 'text/svg',
'type' => 'image/svg+xml',
'name' => 'logo.svg',
'error' => $error,
]);