Upload: Fix available file extension check

js_upload/js_upload.php

@@ -7,11 +7,11 @@
  * Maintainer: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite>
  */
 
-use Friendica\App;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\Renderer;
 use Friendica\DI;
+use Friendica\Util\Images;
 use Friendica\Util\Strings;
 
 global $js_upload_jsonresponse;
@@ -20,9 +20,9 @@ global $js_upload_result;
 function js_upload_install()
 {
 	Hook::register('photo_upload_form', __FILE__, 'js_upload_form');
-	Hook::register('photo_post_init', __FILE__, 'js_upload_post_init');
-	Hook::register('photo_post_file', __FILE__, 'js_upload_post_file');
-	Hook::register('photo_post_end', __FILE__, 'js_upload_post_end');
+	Hook::register('photo_post_init',   __FILE__, 'js_upload_post_init');
+	Hook::register('photo_post_file',   __FILE__, 'js_upload_post_file');
+	Hook::register('photo_post_end',    __FILE__, 'js_upload_post_end');
 }
 
 function js_upload_form(array &$b)
@@ -34,11 +34,11 @@ function js_upload_form(array &$b)
 
 	$tpl = Renderer::getMarkupTemplate('js_upload.tpl', 'addon/js_upload');
 	$b['addon_text'] .= Renderer::replaceMacros($tpl, [
-		'$upload_msg' => DI::l10n()->t('Select files for upload'),
-		'$drop_msg' => DI::l10n()->t('Drop files here to upload'),
-		'$cancel' => DI::l10n()->t('Cancel'),
-		'$failed' => DI::l10n()->t('Failed'),
-		'$post_url' => $b['post_url'],
+		'$upload_msg'   => DI::l10n()->t('Select files for upload'),
+		'$drop_msg'     => DI::l10n()->t('Drop files here to upload'),
+		'$cancel'       => DI::l10n()->t('Cancel'),
+		'$failed'       => DI::l10n()->t('Failed'),
+		'$post_url'     => $b['post_url'],
 		'$maximagesize' => Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')),
 	]);
 }
@@ -48,7 +48,10 @@ function js_upload_post_init(array &$b)
 	global $js_upload_result, $js_upload_jsonresponse;
 
 	// list of valid extensions
-	$allowedExtensions = ['jpeg', 'gif', 'png', 'jpg'];
+	$allowedExtensions = [];
+	foreach (Images::IMAGETYPES as $type) {
+		$allowedExtensions[] = image_type_to_extension($type, false);
+	}
 
 	// max file size in bytes
 	$sizeLimit = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
@@ -75,10 +78,9 @@ function js_upload_post_file(array &$b)
 
 	$result = $js_upload_result;
 
-	$b['src'] = $result['path'];
+	$b['src']      = $result['path'];
 	$b['filename'] = $result['filename'];
 	$b['filesize'] = filesize($b['src']);
-
 }
 
 function js_upload_post_end(int &$b)
@@ -179,11 +181,11 @@ class qqUploadedFileForm
 
 class qqFileUploader
 {
-	private $allowedExtensions = [];
-	private $sizeLimit = 10485760;
+	private $allowedExtensions;
+	private $sizeLimit;
 	private $file;
 
-	function __construct(array $allowedExtensions = [], $sizeLimit = 10485760)
+	function __construct(array $allowedExtensions = [], $sizeLimit)
 	{
 		$allowedExtensions = array_map('strtolower', $allowedExtensions);
 
@@ -197,7 +199,6 @@ class qqFileUploader
 		} else {
 			$this->file = false;
 		}
-
 	}
 
 	/**
@@ -216,11 +217,9 @@ class qqFileUploader
 		}
 
 //		if ($size > $this->sizeLimit) {
-
 //			return array('error' => DI::l10n()->t('Uploaded file is too large'));
 //		}
 
-
 		$maximagesize = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
 
 		if (($maximagesize) && ($size > $maximagesize)) {
@@ -241,14 +240,14 @@ class qqFileUploader
 
 		if ($this->file->save()) {
 			return [
-				'success' => true,
-				'path' => $this->file->getPath(),
+				'success'  => true,
+				'path'     => $this->file->getPath(),
 				'filename' => $filename . '.' . $ext
 			];
 		} else {
 			return [
-				'error' => DI::l10n()->t('Upload was cancelled, or server error encountered'),
-				'path' => $this->file->getPath(),
+				'error'    => DI::l10n()->t('Upload was cancelled, or server error encountered'),
+				'path'     => $this->file->getPath(),
 				'filename' => $filename . '.' . $ext
 			];
 		}