Browse Source
Properly check mime type of the uploaded file
Signed-off-by: Julius Härtl <jus@bitgrid.net>tags/v14.0.0beta1
Julius Härtl
6 years ago
2 changed files with 10 additions and 8 deletions
+ 3
- 2
apps/theming/lib/Controller/ThemingController.php
View File
| } | } | ||||
| $target = $folder->newFile($key); | $target = $folder->newFile($key); | ||||
| $supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'text/svg']; | |||||
| if (!in_array($image['type'], $supportedFormats)) { | |||||
| $supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'image/svg']; | |||||
| $detectedMimeType = mime_content_type($image['tmp_name']); | |||||
| if (!in_array($image['type'], $supportedFormats) || !in_array($detectedMimeType, $supportedFormats)) { | |||||
| return new DataResponse( | return new DataResponse( | ||||
| [ | [ | ||||
| 'data' => [ | 'data' => [ |
+ 7
- 6
apps/theming/tests/Controller/ThemingControllerTest.php
View File
| ->method('getUploadedFile') | ->method('getUploadedFile') | ||||
| ->with('image') | ->with('image') | ||||
| ->willReturn([ | ->willReturn([ | ||||
| 'tmp_name' => 'logo.pdf', | |||||
| 'tmp_name' => __DIR__ . '/../../../../tests/data/lorem.txt', | |||||
| 'type' => 'application/pdf', | 'type' => 'application/pdf', | ||||
| 'name' => 'logo.pdf', | 'name' => 'logo.pdf', | ||||
| 'error' => 0, | 'error' => 0, | ||||
| ['image/gif'], | ['image/gif'], | ||||
| ['image/png'], | ['image/png'], | ||||
| ['image/svg+xml'], | ['image/svg+xml'], | ||||
| ['text/svg'], | |||||
| ['image/svg'] | |||||
| ]; | ]; | ||||
| } | } | ||||
| $destination = \OC::$server->getTempManager()->getTemporaryFolder(); | $destination = \OC::$server->getTempManager()->getTemporaryFolder(); | ||||
| touch($tmpLogo); | touch($tmpLogo); | ||||
| copy(__DIR__ . '/../../../../tests/data/testimagelarge.svg', $tmpLogo); | |||||
| $this->request | $this->request | ||||
| ->expects($this->at(0)) | ->expects($this->at(0)) | ||||
| ->method('getParam') | ->method('getParam') | ||||
| /** @dataProvider dataUpdateImages */ | /** @dataProvider dataUpdateImages */ | ||||
| public function testUpdateLogoLoginScreenUpload($folderExists) { | public function testUpdateLogoLoginScreenUpload($folderExists) { | ||||
| $tmpLogo = \OC::$server->getTempManager()->getTemporaryFolder() . '/logo.svg'; | |||||
| $tmpLogo = \OC::$server->getTempManager()->getTemporaryFolder() . 'logo.png'; | |||||
| touch($tmpLogo); | touch($tmpLogo); | ||||
| file_put_contents($tmpLogo, file_get_contents(__DIR__ . '/../../../../tests/data/desktopapp.png')); | |||||
| copy(__DIR__ . '/../../../../tests/data/desktopapp.png', $tmpLogo); | |||||
| $this->request | $this->request | ||||
| ->expects($this->at(0)) | ->expects($this->at(0)) | ||||
| ->method('getParam') | ->method('getParam') | ||||
| ->with('image') | ->with('image') | ||||
| ->willReturn([ | ->willReturn([ | ||||
| 'tmp_name' => $tmpLogo, | 'tmp_name' => $tmpLogo, | ||||
| 'type' => 'text/svg', | |||||
| 'type' => 'image/svg+xml', | |||||
| 'name' => 'logo.svg', | 'name' => 'logo.svg', | ||||
| 'error' => 0, | 'error' => 0, | ||||
| ]); | ]); | ||||
| ->with('image') | ->with('image') | ||||
| ->willReturn([ | ->willReturn([ | ||||
| 'tmp_name' => '', | 'tmp_name' => '', | ||||
| 'type' => 'text/svg', | |||||
| 'type' => 'image/svg+xml', | |||||
| 'name' => 'logo.svg', | 'name' => 'logo.svg', | ||||
| 'error' => $error, | 'error' => $error, | ||||
| ]); | ]); |
Loading…