aboutsummaryrefslogtreecommitdiffstats
path: root/apps/theming
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2018-05-17 15:48:44 +0200
committerGitHub <noreply@github.com>2018-05-17 15:48:44 +0200
commit63d5491a73732e3345c0a026cffbc77c42906173 (patch)
tree4b8fe0a7ab96d99e94ec9a42ef5adbdcf327d662 /apps/theming
parentef665fde426d770f31d8d4349d047734d27b87d0 (diff)
parent5b3ca8f7c69f5fd44e0970f2bf10eb3ba4dad7ab (diff)
downloadnextcloud-server-63d5491a73732e3345c0a026cffbc77c42906173.tar.gz
nextcloud-server-63d5491a73732e3345c0a026cffbc77c42906173.zip
Merge pull request #9503 from nextcloud/bugfix/noid/theming-mime-check
Check mime type properly in theming app
Diffstat (limited to 'apps/theming')
-rw-r--r--apps/theming/lib/Controller/ThemingController.php6
-rw-r--r--apps/theming/tests/Controller/ThemingControllerTest.php15
2 files changed, 13 insertions, 8 deletions
diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php
index 421af051998..e4a8f0b5036 100644
--- a/apps/theming/lib/Controller/ThemingController.php
+++ b/apps/theming/lib/Controller/ThemingController.php
@@ -248,8 +248,9 @@ class ThemingController extends Controller {
}
$target = $folder->newFile($key);
- $supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'text/svg'];
- if (!in_array($image['type'], $supportedFormats)) {
+ $supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'image/svg'];
+ $detectedMimeType = mime_content_type($image['tmp_name']);
+ if (!in_array($image['type'], $supportedFormats) || !in_array($detectedMimeType, $supportedFormats)) {
return new DataResponse(
[
'data' => [
@@ -353,6 +354,7 @@ class ThemingController extends Controller {
$response->addHeader('Expires', $expires->format(\DateTime::RFC2822));
$response->addHeader('Pragma', 'cache');
$response->addHeader('Content-Type', $this->config->getAppValue($this->appName, $key . 'Mime', ''));
+ $response->addHeader('Content-Disposition', 'attachment; filename="' . $key . '"');
return $response;
}
diff --git a/apps/theming/tests/Controller/ThemingControllerTest.php b/apps/theming/tests/Controller/ThemingControllerTest.php
index dda881525f0..eddf5bc56dc 100644
--- a/apps/theming/tests/Controller/ThemingControllerTest.php
+++ b/apps/theming/tests/Controller/ThemingControllerTest.php
@@ -255,7 +255,7 @@ class ThemingControllerTest extends TestCase {
->method('getUploadedFile')
->with('image')
->willReturn([
- 'tmp_name' => 'logo.pdf',
+ 'tmp_name' => __DIR__ . '/../../../../tests/data/lorem.txt',
'type' => 'application/pdf',
'name' => 'logo.pdf',
'error' => 0,
@@ -295,7 +295,7 @@ class ThemingControllerTest extends TestCase {
['image/gif'],
['image/png'],
['image/svg+xml'],
- ['text/svg'],
+ ['image/svg']
];
}
@@ -305,6 +305,7 @@ class ThemingControllerTest extends TestCase {
$destination = \OC::$server->getTempManager()->getTemporaryFolder();
touch($tmpLogo);
+ copy(__DIR__ . '/../../../../tests/data/testimage.png', $tmpLogo);
$this->request
->expects($this->at(0))
->method('getParam')
@@ -377,10 +378,10 @@ class ThemingControllerTest extends TestCase {
/** @dataProvider dataUpdateImages */
public function testUpdateLogoLoginScreenUpload($folderExists) {
- $tmpLogo = \OC::$server->getTempManager()->getTemporaryFolder() . '/logo.svg';
+ $tmpLogo = \OC::$server->getTempManager()->getTemporaryFolder() . 'logo.png';
touch($tmpLogo);
- file_put_contents($tmpLogo, file_get_contents(__DIR__ . '/../../../../tests/data/desktopapp.png'));
+ copy(__DIR__ . '/../../../../tests/data/desktopapp.png', $tmpLogo);
$this->request
->expects($this->at(0))
->method('getParam')
@@ -392,7 +393,7 @@ class ThemingControllerTest extends TestCase {
->with('image')
->willReturn([
'tmp_name' => $tmpLogo,
- 'type' => 'text/svg',
+ 'type' => 'image/svg+xml',
'name' => 'logo.svg',
'error' => 0,
]);
@@ -524,7 +525,7 @@ class ThemingControllerTest extends TestCase {
->with('image')
->willReturn([
'tmp_name' => '',
- 'type' => 'text/svg',
+ 'type' => 'image/svg+xml',
'name' => 'logo.svg',
'error' => $error,
]);
@@ -700,6 +701,7 @@ class ThemingControllerTest extends TestCase {
$expected->addHeader('Expires', $expires->format(\DateTime::RFC2822));
$expected->addHeader('Pragma', 'cache');
$expected->addHeader('Content-Type', 'text/svg');
+ $expected->addHeader('Content-Disposition', 'attachment; filename="logo"');
@$this->assertEquals($expected, $this->themingController->getImage('logo'));
}
@@ -732,6 +734,7 @@ class ThemingControllerTest extends TestCase {
$expected->addHeader('Expires', $expires->format(\DateTime::RFC2822));
$expected->addHeader('Pragma', 'cache');
$expected->addHeader('Content-Type', 'image/png');
+ $expected->addHeader('Content-Disposition', 'attachment; filename="background"');
@$this->assertEquals($expected, $this->themingController->getImage('background'));
}