fix mime checkes #16091
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -46,55 +46,75 @@ public static function getTypeIcon($fileName) | |
| return strtolower(substr($fileName, strrpos($fileName, '.') + 1)); | ||
| } | ||
|
|
||
| /** | ||
| * Get the Mime type | ||
| * | ||
| * @param string $file The link to the file to be checked | ||
| * @param boolean $isImage True if the passed file is a image else false | ||
| * | ||
| * @return mixed the mime type detected false on error | ||
| * | ||
| * @since __DEPLOY_VERSION__ | ||
| */ | ||
| private function getMimeType($file, $isImage = false) | ||
| { | ||
| try | ||
| { | ||
| if ($isImage && function_exists('exif_imagetype')) | ||
| { | ||
| $mime = image_type_to_mime_type(exif_imagetype($file)); | ||
| } | ||
| elseif ($isImage && function_exists('getimagesize')) | ||
| { | ||
| $imagesize = getimagesize($file); | ||
| $mime = (isset($imagesize['mime'])) ? $imagesize['mime'] : false; | ||
| } | ||
| elseif (function_exists('mime_content_type')) | ||
| { | ||
| // We have mime magic. | ||
| $mime = mime_content_type($file); | ||
| } | ||
| elseif (function_exists('finfo_open')) | ||
| { | ||
| // We have fileinfo | ||
| $finfo = finfo_open(FILEINFO_MIME_TYPE); | ||
| $mime = finfo_file($finfo, $file); | ||
| finfo_close($finfo); | ||
| } | ||
|
There was a problem hiding this comment. Looks like from the test we have cases where none of these things exist!? Probably having a final else statement here with return false to reject everything if we can't detect things is going to be important There was a problem hiding this comment. Fixed with: 298959e |
||
| } | ||
| catch (Exception $e) | ||
| { | ||
| // If we have any kind of error here => false; | ||
| return false; | ||
| } | ||
|
|
||
| // If we cant detect the mime try it again | ||
|
|
||
| if ($mime == 'application/octet-stream' && $isImage === true) | ||
|
There was a problem hiding this comment. We should probably use There was a problem hiding this comment. be99e2a done please retest |
||
| { | ||
| return $this->getMimeType($file, false); | ||
| } | ||
|
|
||
| // We have a mime here | ||
| return $mime; | ||
| } | ||
|
|
||
| /** | ||
| * Checks the Mime type | ||
| * | ||
| * @param string $mime The filename or tmp_name | ||
| * @param string $component The optional name for the component storing the parameters | ||
| * @param boolean $image True if the passed file is a image else false | ||
|
|
||
| * | ||
| * @return boolean true if mime type checking is disabled or it passes the checks else false | ||
| * | ||
| * @since 3.7 | ||
| */ | ||
| private function checkMimeType($mime, $component = 'com_media') | ||
| { | ||
| $params = JComponentHelper::getParams($component); | ||
|
|
||
| if ($params->get('check_mime', 1)) | ||
| { | ||
| // Get the mime type configuration | ||
| $allowedMime = array_map('trim', explode(',', $params->get('upload_mime'))); | ||
|
|
||
|
|
@@ -164,7 +184,7 @@ public function canUpload($file, $component = 'com_media') | |
| return false; | ||
| } | ||
|
|
||
| $filetype = array_pop($filetypes); | ||
| $allowable = array_map('trim', explode(',', $params->get('upload_extensions'))); | ||
| $ignored = array_map('trim', explode(',', $params->get('ignore_extensions'))); | ||
|
|
||
|
|
@@ -193,10 +213,24 @@ public function canUpload($file, $component = 'com_media') | |
| // If tmp_name is empty, then the file was bigger than the PHP limit | ||
| if (!empty($file['tmp_name'])) | ||
| { | ||
| // Get the mime type this is a image file | ||
|
There was a problem hiding this comment. Change |
||
| $mime = $this->getMimeType($file['tmp_name'], true); | ||
|
|
||
| // Did we got anything usefull? | ||
|
There was a problem hiding this comment. Change to |
||
| if ($mime != false) | ||
| { | ||
| $result = $this->checkMimeType($mime, $component, true); | ||
|
|
||
| // If the mime type is not allowed we don't upload it and show the mime code error to the user | ||
| if ($result === false) | ||
| { | ||
| $app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNINVALID_MIMETYPE', $mime), 'error'); | ||
|
|
||
| return false; | ||
| } | ||
| } | ||
| // We can't detect the mime type so it looks like a invalid image' | ||
|
|
||
| else | ||
| { | ||
| $app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNINVALID_IMG'), 'error'); | ||
|
|
||
|
|
@@ -212,10 +246,24 @@ public function canUpload($file, $component = 'com_media') | |
| } | ||
| elseif (!in_array($filetype, $ignored)) | ||
| { | ||
| // Get the mime type this is not a image file | ||
|
There was a problem hiding this comment. Change |
||
| $mime = $this->getMimeType($file['tmp_name'], false); | ||
|
|
||
| // Did we got anything usefull? | ||
|
There was a problem hiding this comment. Change to |
||
| if ($mime != false) | ||
| { | ||
| $result = $this->checkMimeType($mime, $component, true); | ||
|
|
||
| // If the mime type is not allowed we don't upload it and show the mime code error to the user | ||
| if ($result === false) | ||
| { | ||
| $app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNINVALID_MIMETYPE', $mime), 'error'); | ||
|
|
||
| return false; | ||
| } | ||
| } | ||
| // We can't detect the mime type so it looks like a invalid image' | ||
|
|
||
| else | ||
| { | ||
| $app->enqueueMessage(JText::_('JLIB_MEDIA_ERROR_WARNINVALID_MIME'), 'error'); | ||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
c/s remove outside
()since not required.