Documents: Validate mime type. - refs BT#17861

chamilo · Oct 13, 2020 · 45b3b72 · 45b3b72
1 parent 7b19977
commit 45b3b72
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/main/document/document.php b/main/document/document.php
@@ -275,7 +275,7 @@
                         if ($updateDocument) {
                             Display::addFlash(
                                 Display::return_message(
-                                    get_lang('DownloadEnd').': '.$documentInfo['title'],
+                                    get_lang('OverwritenFile').': '.$documentInfo['title'],
                                     'success'
                                 )
                             );
@@ -1808,7 +1808,7 @@ function convertModal (id, format) {
         );
     } else {
         $actionsLeft .= Display::url(
-            Display::return_icon('upload_file.png', get_lang('UplUploadDocument'), '', ICON_SIZE_MEDIUM),
+            Display::return_icon('upload_file.png', get_lang('FileToUpload'), '', ICON_SIZE_MEDIUM),
             api_get_path(WEB_CODE_PATH).'document/upload.php?'.api_get_cidreq().'&id='.$current_folder_id
         );
     }

diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php
@@ -5642,7 +5642,7 @@ public static function build_edit_icons($document_data, $id, $is_template, $is_r
         if ($type == 'file') {
             $randomUploadName = md5(uniqid(mt_rand(), true));
             $modify_icons[] = Display::url(
-                Display::return_icon('upload_file.png', get_lang('UplUploadDocument')),
+                Display::return_icon('upload_file.png', get_lang('ReplaceFile')),
                 "#!",
                 [
                     'data-id' => $randomUploadName,
@@ -5669,7 +5669,7 @@ public static function build_edit_icons($document_data, $id, $is_template, $is_r
                         <button class=' btn btn-primary ' id='upload_".$randomUploadName."_submitDocument'
                         name='submitDocument'
                                 type='submit'>
-                                <em class='fa fa-paper-plane'></em> ".get_lang('SendDocument')."
+                                <em class='fa fa-paper-plane'></em> ".get_lang('ReplaceFile')."
                         </button>
                     </div>
                     <div class='col-sm-2'></div>
@@ -6705,6 +6705,11 @@ public static function writeContentIntoDocument(
             return false;
         }
 
+        if (isset($file) && $file['error'] == 4) {
+            //no file
+            return false;
+        }
+
         if (empty($documentId)) {
             $documentId = self::get_document_id($_course, $path, $sessionId);
             $docInfo = self::get_document_data_by_id(
@@ -6756,6 +6761,14 @@ public static function writeContentIntoDocument(
         $fileMoved = false;
         $file_renamed_from_disk = false;
 
+        $originalMime = self::file_get_mime_type($base_work_dir.$path);
+        $newMime = finfo_file(finfo_open(FILEINFO_MIME_TYPE), $file['tmp_name']);
+        if ($originalMime != $newMime) {
+            Display::addFlash(Display::return_message(get_lang('FileError'), 'warning'));
+
+            return false;
+        }
+
         if ($document_exists_in_disk) {
             // Move old file to xxx_REPLACED_DATE_#date_ID_#id (soft delete)
             if (is_file($base_work_dir.$path) || is_dir($base_work_dir.$path)) {