Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
peter-mw committed Jun 8, 2023
1 parent 6ed7ebf commit f7eb9e1
Show file tree
Hide file tree
Showing 5 changed files with 51 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -358,9 +358,9 @@ public function upload()
$fileName = preg_replace('/\s+\d+%|\)/', '', $fileName);
$fileName = preg_replace("/[\/\&%#\$]/", "_", $fileName);
$fileName = preg_replace("/[\"\']/", " ", $fileName);
$fileName = str_replace(array('(', ')', "'", "!", "`", "*", "#"), '_', $fileName);
$fileName = str_replace(' ', '_', $fileName);
$fileName = str_replace('..', '.', $fileName);
$fileName = str_replace(array('(', ')', "'", "!", "`", "*", "#", "<", ">"), '-', $fileName);
$fileName = str_replace(' ', '-', $fileName);
$fileName = str_replace('..', '-', $fileName);
$fileName = strtolower($fileName);
$fileName = mw()->url_manager->clean_url_wrappers($fileName);
$fileName = substr($fileName, 0, -(strlen($fileNameExtension)));
Expand Down
13 changes: 6 additions & 7 deletions src/MicroweberPackages/Media/MediaManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ public function get($params)
public function save($data)
{
$data = app()->html_clean->cleanArray($data);

$data = xss_clean($data);
$s = array();

if (isset($data['content-id'])) {
Expand Down Expand Up @@ -513,6 +513,9 @@ public function save($data)

$s['filename'] = $data['src'];
}
if (isset($s['filename']) && !is_string($s['filename'])) {
return false;
}

if (!isset($data['position']) and !isset($s['id'])) {
$s['position'] = 9999999;
Expand All @@ -525,6 +528,7 @@ public function save($data)

if ((!isset($s['id']) or (isset($s['id']) and $s['id'] == 0))
and isset($s['filename'])
and is_string($s['filename'])
and isset($s['rel_id'])
and isset($s['rel_type'])
) {
Expand All @@ -540,7 +544,7 @@ public function save($data)
}
}

if (!isset($s['id']) and isset($s['filename']) and !isset($data['media_type'])) {
if (!isset($s['id']) and isset($s['filename']) and is_string($s['filename']) and !isset($data['media_type'])) {
$ext = get_file_extension($s['filename']);
$data['media_type'] = $this->_guess_media_type_from_file_ext($ext);
}
Expand All @@ -559,11 +563,6 @@ public function save($data)
$s['image_options'] = @json_encode($data['image_options']);
}

if (isset($s['filename']) && is_array($s['filename'])) {
if (isset($s['filename']['error'])) {
return false;
}
}

if (isset($s['rel_type']) and isset($s['rel_id'])) {
$s['rel_id'] = trim($s['rel_id']);
Expand Down
2 changes: 1 addition & 1 deletion src/MicroweberPackages/Media/Traits/MediaTrait.php
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ public static function bootMediaTrait()
'rel_id' => $model->id,
'title' => 'Picture',
'media_type' => 'picture',
'src' => $url,
'filename' => $url,
));
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ public function up()
$table->id();
$table->text('title')->nullable();
$table->text('description')->nullable();
$table->text('embed_code')->nullable();
//$table->text('embed_code')->nullable();
$table->text('filename')->nullable();
$table->text('media_type')->nullable()->index();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

use MicroweberPackages\Core\tests\TestCase;

class MediaTest extends TestCase
class LegacyMediaTest extends TestCase
{
public function testSaveMedia()
{
Expand All @@ -13,7 +13,7 @@ public function testSaveMedia()
'rel_id' => 3,
'title' => 'My new pic',
'media_type' => 'picture',
'src' => 'http://lorempixel.com/400/200/',
'filename' => 'http://lorempixel.com/400/200/',
);
$saved_pic_id = save_media($picture);

Expand All @@ -35,7 +35,7 @@ public function testDeleteMedia()
'rel_id' => 3,
'title' => 'My new pic to del',
'media_type' => 'picture',
'src' => 'http://lorempixel.com/400/200/',
'filename' => 'http://lorempixel.com/400/200/',
);
$saved_pic_id = save_media($picture);
$picture_data = get_media_by_id($saved_pic_id);
Expand All @@ -48,5 +48,42 @@ public function testDeleteMedia()
$this->assertEquals(is_array($picture_data), true);
$this->assertEquals($title, 'My new pic to del');
$this->assertEquals(!($delete), false);
}

public function testSaveMediaArrayInFilename()
{
$picture = array(
'rel_type' => 'content',
'rel_id' => 3,
'title' => 'My new pic',
'media_type' => 'picture',
'filename' => ['http://lorempixel.com/400/200/', 'http://lorempixel.com/400/200/'],
);
$saved_pic_id = save_media($picture);

$this->assertFalse($saved_pic_id);
}
public function testSaveMediaXssFilename()
{
$xss = '<style>@keyframes x{}</style><xss style="animation-name:x" onanimationend="alert(document.cookie)"></xss>';

$picture = array(
'rel_type' => 'content',
'rel_id' => 3,
'title' => 'My new pic to xss'.$xss,
'description' => 'My new pic description xss'.$xss,
'media_type' => 'picture',
'filename' => 'http://lorempixel.com/400/200/'.$xss,
);
$saved_pic_id = save_media($picture);
$picture_data = get_media_by_id($saved_pic_id);

$this->assertNotEquals($picture_data['title'], $picture['title']);
$this->assertNotEquals($picture_data['description'], $picture['description']);
$this->assertNotEquals($picture_data['filename'], $picture['filename']);




}
}

0 comments on commit f7eb9e1

Please sign in to comment.