Properly check mime type of the uploaded file

Signed-off-by: Julius Härtl <jus@bitgrid.net>
author: Julius Härtl <jus@bitgrid.net> 2018-05-17 11:24:19 +0200
committer: Julius Härtl <jus@bitgrid.net> 2018-05-17 11:46:01 +0200
commit: 2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa (patch)
tree: d2f7f86fe148a3f583046322c9082fd72363c4c1 /apps/theming/lib/Controller/ThemingController.php
parent: 0dcb6b267524b645d3e058b935bf8f6b31bf1f56 (diff)
download: nextcloud-server-2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa.tar.gz
nextcloud-server-2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php
index 421af051998..5e1e3d08dc9 100644
--- a/apps/theming/lib/Controller/ThemingController.php
+++ b/apps/theming/lib/Controller/ThemingController.php
@@ -248,8 +248,9 @@ class ThemingController extends Controller {
 		}
 
 		$target = $folder->newFile($key);
-		$supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'text/svg'];
-		if (!in_array($image['type'], $supportedFormats)) {
+		$supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'image/svg'];
+		$detectedMimeType = mime_content_type($image['tmp_name']);
+		if (!in_array($image['type'], $supportedFormats) || !in_array($detectedMimeType, $supportedFormats)) {
 			return new DataResponse(
 				[
 					'data' => [
author	Julius Härtl <jus@bitgrid.net>	2018-05-17 11:24:19 +0200
committer	Julius Härtl <jus@bitgrid.net>	2018-05-17 11:46:01 +0200
commit	2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa (patch)
tree	d2f7f86fe148a3f583046322c9082fd72363c4c1 /apps/theming/lib/Controller/ThemingController.php
parent	0dcb6b267524b645d3e058b935bf8f6b31bf1f56 (diff)
download	nextcloud-server-2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa.tar.gz nextcloud-server-2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa.zip