File tree 2 files changed +8
-2
lines changed
2 files changed +8
-2
lines changed Original file line number Diff line number Diff line change 11# Release Notes
22
3+ ## WIP
4+
5+ - Fix mime type detection on asset upload
6+
37## 2.6.3 (2023-08-15)
48
59- Prevent uploading .phps + .(x)html files in assets manager
Original file line number Diff line number Diff line change 8181 for ($ i = 0 ; $ i < $ cnt ; $ i ++) {
8282
8383 $ _file = $ this ->app ->path ('#tmp: ' ).'/ ' .$ files ['name ' ][$ i ];
84- $ _mime = finfo_file ( $ finfo, $ _file );
84+ $ _mime = $ finfo-> file ( $ files [ ' tmp_name ' ][ $ i ] );
8585 $ _isAllowed = $ allowed === true ? true : preg_match ("/\.( {$ allowed })$/i " , $ _file );
8686 $ _sizeAllowed = $ max_size ? filesize ($ files ['tmp_name ' ][$ i ]) < $ max_size : true ;
8787
88+ $ extension = strtolower (pathinfo (parse_url ($ _file , PHP_URL_PATH ), PATHINFO_EXTENSION ));
89+
8890 // prevent uploading php / html files
8991 if ($ _isAllowed && (
90- in_array (strtolower ( pathinfo ( $ _file , PATHINFO_EXTENSION )) , $ forbiddenExtension ) ||
92+ in_array ($ extension , $ forbiddenExtension ) ||
9193 in_array (strtolower ($ _mime ), $ forbiddenMime )
9294 )) {
9395 $ _isAllowed = false ;
You can’t perform that action at this time.
0 commit comments