diff options
| author | Julius Härtl <jus@bitgrid.net> | 2018-05-17 12:24:19 +0300 |
|---|---|---|
| committer | Julius Härtl <jus@bitgrid.net> | 2018-05-17 12:46:01 +0300 |
| commit | 2bf51c7b9eee1da51e7c0f7a5cbcd76d06fdc9fa (patch) | |
| tree | d2f7f86fe148a3f583046322c9082fd72363c4c1 /apps/theming/lib/Controller | |
| parent | 0dcb6b267524b645d3e058b935bf8f6b31bf1f56 (diff) | |
Properly check mime type of the uploaded file
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Diffstat (limited to 'apps/theming/lib/Controller')
| -rw-r--r-- | apps/theming/lib/Controller/ThemingController.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/apps/theming/lib/Controller/ThemingController.php b/apps/theming/lib/Controller/ThemingController.php index 421af051998..5e1e3d08dc9 100644 --- a/apps/theming/lib/Controller/ThemingController.php +++ b/apps/theming/lib/Controller/ThemingController.php @@ -248,8 +248,9 @@ class ThemingController extends Controller { } $target = $folder->newFile($key); - $supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'text/svg']; - if (!in_array($image['type'], $supportedFormats)) { + $supportedFormats = ['image/jpeg', 'image/png', 'image/gif', 'image/svg+xml', 'image/svg']; + $detectedMimeType = mime_content_type($image['tmp_name']); + if (!in_array($image['type'], $supportedFormats) || !in_array($detectedMimeType, $supportedFormats)) { return new DataResponse( [ 'data' => [ |