Don't use client file extension of uploaded file for icons and logos

aimeos · Jul 22, 2023 · bfd7221 · bfd7221
1 parent b3bc399
commit bfd7221
Showing 1 changed file with 23 additions and 4 deletions.
diff --git a/src/Admin/JQAdm/Settings/Standard.php b/src/Admin/JQAdm/Settings/Standard.php
@@ -306,15 +306,14 @@ protected function fromArrayIcon( \Aimeos\MShop\Locale\Item\Site\Iface $item, ar
 
 			$options = $context->config()->get( 'controller/common/media/options', [] );
 			$image = \Aimeos\MW\Media\Factory::get( $file->getStream(), $options );
-			$ext = pathinfo( $file->getClientFilename(), PATHINFO_EXTENSION );
 
 			if( !in_array( $image->getMimetype(), ['image/webp', 'image/jpeg', 'image/png', 'image/gif'] ) )
 			{
 				$msg = $context->i18n()->dt( 'admin', 'Only .jpg, .png and .gif are allowed for icons' );
 				throw new \Aimeos\Admin\JQAdm\Exception( $msg );
 			}
 
-			$filepath = $siteId . 'd/icon.' . $ext;
+			$filepath = $siteId . 'd/icon.' . $this->extension( $image->getMimetype() );
 			$context->fs( 'fs-media' )->write( $filepath, $image->save() );
 
 			$item->setIcon( $filepath );
@@ -342,7 +341,6 @@ protected function fromArrayLogo( \Aimeos\MShop\Locale\Item\Site\Iface $item, ar
 
 			$options = $context->config()->get( 'controller/common/media/options', [] );
 			$image = \Aimeos\MW\Media\Factory::get( $file->getStream(), $options );
-			$ext = pathinfo( $file->getClientFilename(), PATHINFO_EXTENSION );
 			$filepaths = [];
 
 			if( !in_array( $image->getMimetype(), ['image/webp', 'image/jpeg', 'image/png', 'image/gif', 'image/svg+xml'] ) )
@@ -356,7 +354,7 @@ protected function fromArrayLogo( \Aimeos\MShop\Locale\Item\Site\Iface $item, ar
 				$w = $size['maxwidth'] ?? null;
 				$h = $size['maxheight'] ?? null;
 
-				$filepath = $siteId . 'd/logo' . $w . '.' . $ext;
+				$filepath = $siteId . 'd/logo' . $w . '.' . $this->extension( $image->getMimetype() );
 				$context->fs( 'fs-media' )->write( $filepath, $image->scale( $w, $h )->save() );
 				$filepaths[(int) $w ?: 1] = $filepath;
 			}
@@ -368,6 +366,27 @@ protected function fromArrayLogo( \Aimeos\MShop\Locale\Item\Site\Iface $item, ar
 	}
 
 
+	/**
+	 * Returns the file extension for the passed mime type
+	 *
+	 * @param string $mimetype Mime type, e.g. "image/svg+xml"
+	 * @return string File extension
+	 */
+	protected function extension( string $mimetype ) : string
+	{
+		switch( $mimetype )
+		{
+			case 'image/webp': return 'webp';
+			case 'image/jpeg': return 'jpg';
+			case 'image/png': return 'png';
+			case 'image/gif': return 'gif';
+			case 'image/svg+xml': return 'svg';
+		}
+
+		return 'txt';
+	}
+
+
 	/**
 	 * Constructs the data array for the view from the given item
 	 *