diff options
author | Julius Härtl <jus@bitgrid.net> | 2019-08-20 09:56:57 +0300 |
---|---|---|
committer | Julius Härtl <jus@bitgrid.net> | 2019-08-20 09:56:57 +0300 |
commit | db417fe8f75c75d6b95f026dab46e6d3dc104251 (patch) | |
tree | 1191f8093505f18c6a4fb607d113df4de7cc0ae4 /lib | |
parent | e414e0c8401a93605db3da67b7f918e7528ec9dc (diff) |
Check for mimetype during template upload
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/TemplatesController.php | 7 | ||||
-rw-r--r-- | lib/TemplateManager.php | 23 |
2 files changed, 23 insertions, 7 deletions
diff --git a/lib/Controller/TemplatesController.php b/lib/Controller/TemplatesController.php index 548c3528..1724f660 100644 --- a/lib/Controller/TemplatesController.php +++ b/lib/Controller/TemplatesController.php @@ -135,6 +135,13 @@ class TemplatesController extends Controller { ); } + if (!$this->manager->isValidTemplateMime($files['type'][0])) { + return new JSONResponse( + ['data' => ['message' => $this->l10n->t('Only template files can be uploaded')]], + Http::STATUS_BAD_REQUEST + ); + } + $templateName = $files['name'][0]; $templateFile = file_get_contents($files['tmp_name'][0]); diff --git a/lib/TemplateManager.php b/lib/TemplateManager.php index 06113733..2c5e33bb 100644 --- a/lib/TemplateManager.php +++ b/lib/TemplateManager.php @@ -203,13 +203,7 @@ class TemplateManager { return false; } - if ($type !== null && !in_array($templateFile->getMimeType(), self::$tplTypes[$type])) { - return false; - } - - //Todo validate mimetypes etc - - return true; + return $this->isValidTemplateMime($templateFile->getMimeType(), $type); }); } @@ -489,4 +483,19 @@ class TemplateManager { 'extension' => $ooxml ? self::TYPE_EXTENSION_OOXML[$documentType] : self::TYPE_EXTENTION[$documentType], ]; } + + public function isValidTemplateMime($mime, $type = null) { + if ($type === null) { + $allMimes = array_merge(self::$tplTypes['document'], self::$tplTypes['spreadsheet'], self::$tplTypes['presentation']); + if (!in_array($mime, $allMimes)) { + return false; + } + } + + if ($type !== null && !in_array($mime, self::$tplTypes[$type])) { + return false; + } + + return true; + } } |