V8: Validate uploaded files based on the configuration of the FileUpl…

…oad property configuration (#10987)

* Add validation to uploaded file based on the DataTypeConfiguration

* Update src/Umbraco.Web/PropertyEditors/UploadFileTypeValidator.cs

Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>

Co-authored-by: Nikolaj <nel@umbraco.dk>
Co-authored-by: Elitsa Marinovska <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>

src/Umbraco.Web/PropertyEditors/FileUploadPropertyValueEditor.cs

@@ -92,14 +92,15 @@ public override object FromEditor(ContentPropertyData editorValue, object curren
             if (editorFile == null) return null;
             return filepath == null ? string.Empty : _mediaFileSystem.GetUrl(filepath);
 
-            
+
         }
 
         private string ProcessFile(ContentPropertyData editorValue, ContentPropertyFile file, string currentPath, Guid cuid, Guid puid)
         {
             // process the file
             // no file, invalid file, reject change
-            if (UploadFileTypeValidator.IsValidFileExtension(file.FileName) == false)
+            if (UploadFileTypeValidator.IsValidFileExtension(file.FileName) is false ||
+                UploadFileTypeValidator.IsAllowedInDataTypeConfiguration(file.FileName, editorValue.DataTypeConfiguration) is false)
                 return null;
 
             // get the filepath

src/Umbraco.Web/PropertyEditors/UploadFileTypeValidator.cs

@@ -36,20 +36,45 @@ public IEnumerable<ValidationResult> Validate(object value, string valueType, ob
 
             foreach (string filename in fileNames)
             {
-                if (IsValidFileExtension(filename) == false)
+                if (IsValidFileExtension(filename) is false || IsAllowedInDataTypeConfiguration(filename, dataTypeConfiguration) is false)
                 {
                     //we only store a single value for this editor so the 'member' or 'field'
                     // we'll associate this error with will simply be called 'value'
                     yield return new ValidationResult(Current.Services.TextService.Localize("errors", "dissallowedMediaType"), new[] { "value" });
                 }
             }
+
+
         }
-        
+
         internal static bool IsValidFileExtension(string fileName)
         {
-            if (fileName.IndexOf('.') <= 0) return false;
-            var extension = fileName.GetFileExtension().TrimStart(".");
+            if (TryGetFileExtension(fileName, out var extension) is false) return false;
             return Current.Configs.Settings().Content.IsFileAllowedForUpload(extension);
         }
+
+        internal static bool IsAllowedInDataTypeConfiguration(string filename, object dataTypeConfiguration)
+        {
+            if (TryGetFileExtension(filename, out var extension) is false) return false;
+
+            if (dataTypeConfiguration is FileUploadConfiguration fileUploadConfiguration)
+            {
+                // If FileExtensions is empty and no allowed extensions have been specified, we allow everything.
+                // If there are any extensions specified, we need to check that the uploaded extension is one of them.
+                return fileUploadConfiguration.FileExtensions.IsCollectionEmpty() ||
+                       fileUploadConfiguration.FileExtensions.Any(x => x.Value.InvariantEquals(extension));
+            }
+
+            return false;
+        }
+
+        internal static bool TryGetFileExtension(string fileName, out string extension)
+        {
+            extension = null;
+            if (fileName.IndexOf('.') <= 0) return false;
+
+            extension = fileName.GetFileExtension().TrimStart(".");
+            return true;
+        }
     }
 }