implement MIME checks on upload
This commit is contained in:
parent
c0974ba6ce
commit
2882bffe35
3 changed files with 33 additions and 0 deletions
|
@ -167,6 +167,18 @@ class TranscodeImage extends Extension
|
||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
|
// this onDataUpload happens earlier (or could happen earlier) than handle_pixel.onDataUpload
|
||||||
|
// it mutates the image such that the incorrect mime type is not checked (checking against
|
||||||
|
// the post-transcode mime type instead). This is to give user feedback on what the mime type
|
||||||
|
// was before potential transcoding (the original) at the time of upload, and that it failed if not allowed.
|
||||||
|
// does it break bulk image importing? ZIP? SVG? there are a few flows that are untested!
|
||||||
|
if ($config->get_bool(UploadConfig::MIME_CHECK_ENABLED) == true) {
|
||||||
|
$allowed_mimes = $config->get_array(UploadConfig::ALLOWED_MIME_STRINGS);
|
||||||
|
if (!MimeType::matches_array($event->mime, $allowed_mimes)) {
|
||||||
|
throw new UploadException("MIME type not supported: " . $event->mime);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($config->get_bool(TranscodeConfig::UPLOAD) == true) {
|
if ($config->get_bool(TranscodeConfig::UPLOAD) == true) {
|
||||||
if ($event->mime === MimeType::GIF&&MimeType::is_animated_gif($event->tmpname)) {
|
if ($event->mime === MimeType::GIF&&MimeType::is_animated_gif($event->tmpname)) {
|
||||||
return;
|
return;
|
||||||
|
|
|
@ -11,4 +11,6 @@ class UploadConfig
|
||||||
public const MIN_FREE_SPACE = "upload_min_free_space";
|
public const MIN_FREE_SPACE = "upload_min_free_space";
|
||||||
public const TLSOURCE = "upload_tlsource";
|
public const TLSOURCE = "upload_tlsource";
|
||||||
public const TRANSLOAD_ENGINE = "transload_engine";
|
public const TRANSLOAD_ENGINE = "transload_engine";
|
||||||
|
public const MIME_CHECK_ENABLED = "mime_check_enabled";
|
||||||
|
public const ALLOWED_MIME_STRINGS = "allowed_mime_strings";
|
||||||
}
|
}
|
||||||
|
|
|
@ -98,6 +98,12 @@ class Upload extends Extension
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$config->set_default_bool(UploadConfig::MIME_CHECK_ENABLED, false);
|
||||||
|
$config->set_default_array(
|
||||||
|
UploadConfig::ALLOWED_MIME_STRINGS,
|
||||||
|
DataHandlerExtension::get_all_supported_mimes()
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onSetupBuilding(SetupBuildingEvent $event)
|
public function onSetupBuilding(SetupBuildingEvent $event)
|
||||||
|
@ -119,8 +125,21 @@ class Upload extends Extension
|
||||||
$sb->add_label("<i>PHP Limit = " . ini_get('upload_max_filesize') . "</i>");
|
$sb->add_label("<i>PHP Limit = " . ini_get('upload_max_filesize') . "</i>");
|
||||||
$sb->add_choice_option(UploadConfig::TRANSLOAD_ENGINE, $tes, "<br/>Transload: ");
|
$sb->add_choice_option(UploadConfig::TRANSLOAD_ENGINE, $tes, "<br/>Transload: ");
|
||||||
$sb->add_bool_option(UploadConfig::TLSOURCE, "<br/>Use transloaded URL as source if none is provided: ");
|
$sb->add_bool_option(UploadConfig::TLSOURCE, "<br/>Use transloaded URL as source if none is provided: ");
|
||||||
|
|
||||||
|
$sb->start_table();
|
||||||
|
$sb->add_bool_option(UploadConfig::MIME_CHECK_ENABLED, "Enable upload MIME checks", true);
|
||||||
|
$sb->add_multichoice_option(UploadConfig::ALLOWED_MIME_STRINGS, $this->get_mime_options(), "Allowed MIME uploads", true);
|
||||||
|
$sb->end_table();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function get_mime_options(): array
|
||||||
|
{
|
||||||
|
$output = [];
|
||||||
|
foreach (DataHandlerExtension::get_all_supported_mimes() as $mime) {
|
||||||
|
$output[MimeMap::get_name_for_mime($mime)] = $mime;
|
||||||
|
}
|
||||||
|
return $output;
|
||||||
|
}
|
||||||
|
|
||||||
public function onPageNavBuilding(PageNavBuildingEvent $event)
|
public function onPageNavBuilding(PageNavBuildingEvent $event)
|
||||||
{
|
{
|
||||||
|
|
Reference in a new issue