GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CORE][GSFile] Add check_is_supported_mimetype option to GSFile::storeFileAsAttachment

Browse Source
This commit is contained in:
Hugo Sales 2021-10-28 17:29:57 +01:00
parent 4d9a5aae5a
commit e6c5312025
Signed by: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/Core/GSFile.php
View File

@ -24,11 +24,11 @@ declare(strict_types = 1);
namespace App\Core; namespace App\Core;
use App\Core\DB\DB; use App\Core\DB\DB;
use App\Util\Exception\FileNotAllowedException;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Entity\Attachment; use App\Entity\Attachment;
use App\Util\Common; use App\Util\Common;
use App\Util\Exception\DuplicateFoundException; use App\Util\Exception\DuplicateFoundException;
use App\Util\Exception\FileNotAllowedException;
use App\Util\Exception\NoSuchFileException; use App\Util\Exception\NoSuchFileException;
use App\Util\Exception\NotFoundException; use App\Util\Exception\NotFoundException;
use App\Util\Exception\NotStoredLocallyException; use App\Util\Exception\NotStoredLocallyException;
@ -58,7 +58,7 @@ class GSFile
* *
* @throws DuplicateFoundException * @throws DuplicateFoundException
*/ */
public static function storeFileAsAttachment(TemporaryFile|SymfonyFile $file): Attachment public static function storeFileAsAttachment(TemporaryFile|SymfonyFile $file, bool $check_is_supported_mimetype = true): Attachment
{ {
$hash = null; $hash = null;
Event::handle('HashFile', [$file->getPathname(), &$hash]); Event::handle('HashFile', [$file->getPathname(), &$hash]);
@ -93,11 +93,11 @@ class GSFile
$attachment->setWidth($width); $attachment->setWidth($width);
$attachment->setHeight($height); $attachment->setHeight($height);
$attachment->setSize($file->getSize()); $attachment->setSize($file->getSize());
if (self::isMimetypeAllowed($mimetype)) { if (!$check_is_supported_mimetype || self::isMimetypeAllowed($mimetype)) {
$file->move(Common::config('attachments', 'dir'), $hash); $file->move(Common::config('attachments', 'dir'), $hash);
DB::persist($attachment); DB::persist($attachment);
} else { } else {
throw new FileNotAllowedException(); throw new FileNotAllowedException($mimetype);
} }
} }
} catch (NotFoundException) { } catch (NotFoundException) {
@ -105,7 +105,7 @@ class GSFile
// The following properly gets the mimetype with `file` or other // The following properly gets the mimetype with `file` or other
// available methods, so should be safe // available methods, so should be safe
$mimetype = mb_substr($file->getMimeType(), 0, 64); $mimetype = mb_substr($file->getMimeType(), 0, 64);
$width = $height = null; $width = $height = null;
$event_map[$mimetype] = []; $event_map[$mimetype] = [];
$major_mime = self::mimetypeMajor($mimetype); $major_mime = self::mimetypeMajor($mimetype);
$event_map[$major_mime] = []; $event_map[$major_mime] = [];
@ -129,7 +129,7 @@ class GSFile
'width' => $width, 'width' => $width,
'height' => $height, 'height' => $height,
]); ]);
if (self::isMimetypeAllowed($mimetype)) { if (!$check_is_supported_mimetype || self::isMimetypeAllowed($mimetype)) {
$file->move(Common::config('attachments', 'dir'), $hash); $file->move(Common::config('attachments', 'dir'), $hash);
DB::persist($attachment); DB::persist($attachment);
} else { } else {
@ -149,13 +149,13 @@ class GSFile
/** /**
* Tests against common config attachment `supported` mimetypes and `ext_blacklist`. * Tests against common config attachment `supported` mimetypes and `ext_blacklist`.
* *
* @param string $mimetype
* @return bool true if allowed, false otherwise * @return bool true if allowed, false otherwise
*/ */
public static function isMimetypeAllowed(string $mimetype): bool { public static function isMimetypeAllowed(string $mimetype): bool
$passed_whitelist = in_array($mimetype, array_keys(Common::config('attachments', 'supported'))); {
$mime = new MimeTypes(); $passed_whitelist = \in_array($mimetype, array_keys(Common::config('attachments', 'supported')));
$passed_blacklist = count(array_intersect($mime->getExtensions($mimetype), Common::config('attachments', 'ext_blacklist'))) === 0; $mime = new MimeTypes();
$passed_blacklist = \count(array_intersect($mime->getExtensions($mimetype), Common::config('attachments', 'ext_blacklist'))) === 0;
unset($mime); unset($mime);
return $passed_whitelist && $passed_blacklist; return $passed_whitelist && $passed_blacklist;
} }