Merge pull request #468 from christeredvartsen/issue-467

Use finfo to determine mime type

ChangeLog.markdown

@@ -14,6 +14,12 @@ Bug fixes:
 * #463: Fixed issue with an error model being formatted as an image (Christer Edvartsen)
 * #462: Adding short URLs to an image that does not exist now results in 404 (Christer Edvartsen)
 
+Imbo-2.1.2
+----------
+__N/A__
+
+* #467: Use finfo to determine mime type of uploaded images before loading them into ImageMagick (Christer Edvartsen)
+
 Imbo-2.1.1
 ----------
 __2016-03-11__

library/Imbo/Image/ImagePreparation.php

@@ -17,7 +17,8 @@
     Imbo\Exception,
     Imbo\Model\Image,
     Imagick,
-    ImagickException;
+    ImagickException,
+    finfo;
 
 /**
  * Image preparation
@@ -57,12 +58,21 @@ public function prepareImage(EventInterface $event) {
             throw $e;
         }
 
-        // Open the image with imagick to fetch the mime type
+        // Fetch mime using finfo
+        $mime = (new finfo(FILEINFO_MIME_TYPE))->buffer($imageBlob);
+
+        if (!Image::supportedMimeType($mime)) {
+            $e = new ImageException('Unsupported image type: ' . $mime, 415);
+            $e->setImboErrorCode(Exception::IMAGE_UNSUPPORTED_MIMETYPE);
+
+            throw $e;
+        }
+
+        // Open the image with imagick to make sure it's valid and to fetch dimensions
         $imagick = new Imagick();
 
         try {
             $imagick->readImageBlob($imageBlob);
-            $mime = $imagick->getImageMimeType();
             $size = $imagick->getImageGeometry();
         } catch (ImagickException $e) {
             $e = new ImageException('Invalid image', 415);
@@ -71,13 +81,6 @@ public function prepareImage(EventInterface $event) {
             throw $e;
         }
 
-        if (!Image::supportedMimeType($mime)) {
-            $e = new ImageException('Unsupported image type: ' . $mime, 415);
-            $e->setImboErrorCode(Exception::IMAGE_UNSUPPORTED_MIMETYPE);
-
-            throw $e;
-        }
-
         // Store relevant information in the image instance and attach it to the request
         $image = new Image();
         $image->setMimeType($mime)

tests/behat/features/cors-event-listener.feature

@@ -75,7 +75,7 @@ Feature: Imbo provides an event listener for CORS
         And I sign the request
         And I attach "ChangeLog.markdown" to the request body
         When I request "/users/user/images" using HTTP "POST"
-        Then I should get a response with "415 Invalid image"
+        Then I should get a response with "415 Unsupported image type: text/plain"
         And the "Vary" response header contains "Origin"
         And the following response headers should be present:
         """

tests/phpunit/ImboUnitTest/Image/ImagePreparationTest.php

@@ -89,7 +89,7 @@ public function testThrowsExceptionWhenNoImageIsAttached() {
     /**
      * @covers Imbo\Image\ImagePreparation::prepareImage
      * @expectedException Imbo\Exception\ImageException
-     * @expectedExceptionMessage Invalid image
+     * @expectedExceptionMessage Unsupported image type: text/x-php
      * @expectedExceptionCode 415
      */
     public function testThrowsExceptionWhenImageTypeIsNotSupported() {
@@ -116,7 +116,7 @@ public function testThrowsExceptionWhenImageIsBroken() {
      * @expectedExceptionMessage Invalid image
      * @expectedExceptionCode 415
      */
-    public function testThrowsExceptionWhenImageIsBrokenButSizeIsReadable() {
+    public function testThrowsExceptionWhenImageIsSlightlyBroken() {
         $filePath = FIXTURES_DIR . '/slightly-broken-image.png';
 
         $this->request->expects($this->once())->method('getContent')->will($this->returnValue(file_get_contents($filePath)));