fix: don't allow to upload arbitrary binary data

phpmyfaq/admin/api/attachment.php

@@ -81,7 +81,7 @@
             if (
                 is_uploaded_file($file['tmp_name']) &&
                 !($file['size'] > $faqConfig->get('records.maxAttachmentSize')) &&
-                $file['type'] !== "text/html"
+                $file['type'] !== 'text/html' && $file['type'] !== 'application/octet-stream'
             ) {
                 $attachment = AttachmentFactory::create();
                 $attachment->setRecordId($recordId);
@@ -101,7 +101,7 @@
                 ];
             } else {
                 $response->setStatusCode(Response::HTTP_BAD_REQUEST);
-                $response->setData('The image is too large.');
+                $response->setData('The file is too large or unsupported.');
                 $response->send();
                 return;
             }

phpmyfaq/src/phpMyFAQ/Attachment/File.php

@@ -103,7 +103,7 @@ public function save($filePath, $filename = null): bool
             $targetFile = $this->buildFilePath();
 
             if (null !== $this->id && $this->createSubDirs($targetFile)) {
-                // Doing this check we're sure not to unnecessary
+                // Doing this check, we're sure not to unnecessarily
                 // overwrite existing unencrypted file duplicates.
                 if (!$this->linkedRecords()) {
                     $source = new VanillaFile($filePath);