Skip to content

Commit 36d1d4d

Browse files
committed
Fix mime type detection on asset upload
1 parent 61599e6 commit 36d1d4d

File tree

2 files changed

+8
-2
lines changed

2 files changed

+8
-2
lines changed

Diff for: CHANGELOG.md

+4
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
# Release Notes
22

3+
## WIP
4+
5+
- Fix mime type detection on asset upload
6+
37
## 2.6.3 (2023-08-15)
48

59
- Prevent uploading .phps + .(x)html files in assets manager

Diff for: modules/Assets/bootstrap.php

+4-2
Original file line numberDiff line numberDiff line change
@@ -81,13 +81,15 @@
8181
for ($i = 0; $i < $cnt; $i++) {
8282

8383
$_file = $this->app->path('#tmp:').'/'.$files['name'][$i];
84-
$_mime = finfo_file($finfo, $_file);
84+
$_mime = $finfo->file($files['tmp_name'][$i]);
8585
$_isAllowed = $allowed === true ? true : preg_match("/\.({$allowed})$/i", $_file);
8686
$_sizeAllowed = $max_size ? filesize($files['tmp_name'][$i]) < $max_size : true;
8787

88+
$extension = strtolower(pathinfo(parse_url($_file, PHP_URL_PATH), PATHINFO_EXTENSION));
89+
8890
// prevent uploading php / html files
8991
if ($_isAllowed && (
90-
in_array(strtolower(pathinfo($_file, PATHINFO_EXTENSION)), $forbiddenExtension) ||
92+
in_array($extension, $forbiddenExtension) ||
9193
in_array(strtolower($_mime), $forbiddenMime)
9294
)) {
9395
$_isAllowed = false;

0 commit comments

Comments
 (0)