Merge pull request #4919 from protich/issue/file-type-override

Issue/file type override

include/class.file.php

@@ -247,8 +247,6 @@ function download($disposition=false, $expires=false) {
         $ttl = ($expires) ? $expires - Misc::gmtime() : false;
         $this->makeCacheable($ttl);
         $type = $this->getType() ?: 'application/octet-stream';
-        if (isset($_REQUEST['overridetype']))
-            $type = $_REQUEST['overridetype'];
         Http::download($this->getName(), $type, null, 'inline');
         header('Content-Length: '.$this->getSize());
         $this->sendData(false);

include/class.forms.php

@@ -2781,6 +2781,9 @@ function ajaxUpload($bypass=false) {
         $file = array_shift($files);
         $file['name'] = urldecode($file['name']);
 
+        if (!$this->isValidFile($file))
+            Http::response(413, 'Invalid File');
+
         if (!$bypass && !$this->isValidFileType($file['name'], $file['type']))
             Http::response(415, 'File type is not allowed');
 
@@ -2807,6 +2810,9 @@ function uploadFile($file) {
         if (!$this->isValidFileType($file['name'], $file['type']))
             throw new FileUploadError(__('File type is not allowed'));
 
+        if (!$this->isValidFile($file))
+             throw new FileUploadError(__('Invalid File'));
+
         $config = $this->getConfiguration();
         if ($file['size'] > $config['size'])
             throw new FileUploadError(__('File size is too large'));
@@ -2842,6 +2848,18 @@ function uploadAttachment(&$file) {
         return $F;
     }
 
+    function isValidFile($file) {
+
+        // Check invalid image hacks
+        if ($file['tmp_name']
+                && stripos($file['type'], 'image/') === 0
+                && function_exists('exif_imagetype')
+                && !exif_imagetype($file['tmp_name']))
+            return false;
+
+        return true;
+    }
+
     function isValidFileType($name, $type=false) {
         $config = $this->getConfiguration();