Upload: Fix available file extension check

This commit is contained in:
Michael 2024-05-19 18:08:19 +00:00
parent 0eff72fa03
commit 9ae8925069

View file

@ -7,11 +7,11 @@
* Maintainer: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite>
*/
use Friendica\App;
use Friendica\Core\Hook;
use Friendica\Core\Logger;
use Friendica\Core\Renderer;
use Friendica\DI;
use Friendica\Util\Images;
use Friendica\Util\Strings;
global $js_upload_jsonresponse;
@ -20,9 +20,9 @@ global $js_upload_result;
function js_upload_install()
{
Hook::register('photo_upload_form', __FILE__, 'js_upload_form');
Hook::register('photo_post_init', __FILE__, 'js_upload_post_init');
Hook::register('photo_post_file', __FILE__, 'js_upload_post_file');
Hook::register('photo_post_end', __FILE__, 'js_upload_post_end');
Hook::register('photo_post_init', __FILE__, 'js_upload_post_init');
Hook::register('photo_post_file', __FILE__, 'js_upload_post_file');
Hook::register('photo_post_end', __FILE__, 'js_upload_post_end');
}
function js_upload_form(array &$b)
@ -34,11 +34,11 @@ function js_upload_form(array &$b)
$tpl = Renderer::getMarkupTemplate('js_upload.tpl', 'addon/js_upload');
$b['addon_text'] .= Renderer::replaceMacros($tpl, [
'$upload_msg' => DI::l10n()->t('Select files for upload'),
'$drop_msg' => DI::l10n()->t('Drop files here to upload'),
'$cancel' => DI::l10n()->t('Cancel'),
'$failed' => DI::l10n()->t('Failed'),
'$post_url' => $b['post_url'],
'$upload_msg' => DI::l10n()->t('Select files for upload'),
'$drop_msg' => DI::l10n()->t('Drop files here to upload'),
'$cancel' => DI::l10n()->t('Cancel'),
'$failed' => DI::l10n()->t('Failed'),
'$post_url' => $b['post_url'],
'$maximagesize' => Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')),
]);
}
@ -48,7 +48,10 @@ function js_upload_post_init(array &$b)
global $js_upload_result, $js_upload_jsonresponse;
// list of valid extensions
$allowedExtensions = ['jpeg', 'gif', 'png', 'jpg'];
$allowedExtensions = [];
foreach (Images::IMAGETYPES as $type) {
$allowedExtensions[] = image_type_to_extension($type, false);
}
// max file size in bytes
$sizeLimit = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
@ -75,10 +78,9 @@ function js_upload_post_file(array &$b)
$result = $js_upload_result;
$b['src'] = $result['path'];
$b['src'] = $result['path'];
$b['filename'] = $result['filename'];
$b['filesize'] = filesize($b['src']);
}
function js_upload_post_end(int &$b)
@ -179,11 +181,11 @@ class qqUploadedFileForm
class qqFileUploader
{
private $allowedExtensions = [];
private $sizeLimit = 10485760;
private $allowedExtensions;
private $sizeLimit;
private $file;
function __construct(array $allowedExtensions = [], $sizeLimit = 10485760)
function __construct(array $allowedExtensions = [], $sizeLimit)
{
$allowedExtensions = array_map('strtolower', $allowedExtensions);
@ -197,7 +199,6 @@ class qqFileUploader
} else {
$this->file = false;
}
}
/**
@ -216,11 +217,9 @@ class qqFileUploader
}
// if ($size > $this->sizeLimit) {
// return array('error' => DI::l10n()->t('Uploaded file is too large'));
// }
$maximagesize = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
if (($maximagesize) && ($size > $maximagesize)) {
@ -241,14 +240,14 @@ class qqFileUploader
if ($this->file->save()) {
return [
'success' => true,
'path' => $this->file->getPath(),
'success' => true,
'path' => $this->file->getPath(),
'filename' => $filename . '.' . $ext
];
} else {
return [
'error' => DI::l10n()->t('Upload was cancelled, or server error encountered'),
'path' => $this->file->getPath(),
'error' => DI::l10n()->t('Upload was cancelled, or server error encountered'),
'path' => $this->file->getPath(),
'filename' => $filename . '.' . $ext
];
}