Upload: Fix available file extension check

This commit is contained in:
Michael 2024-05-19 18:08:19 +00:00
parent 0eff72fa03
commit 9ae8925069

View file

@ -7,11 +7,11 @@
* Maintainer: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite> * Maintainer: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite>
*/ */
use Friendica\App;
use Friendica\Core\Hook; use Friendica\Core\Hook;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\Renderer; use Friendica\Core\Renderer;
use Friendica\DI; use Friendica\DI;
use Friendica\Util\Images;
use Friendica\Util\Strings; use Friendica\Util\Strings;
global $js_upload_jsonresponse; global $js_upload_jsonresponse;
@ -20,9 +20,9 @@ global $js_upload_result;
function js_upload_install() function js_upload_install()
{ {
Hook::register('photo_upload_form', __FILE__, 'js_upload_form'); Hook::register('photo_upload_form', __FILE__, 'js_upload_form');
Hook::register('photo_post_init', __FILE__, 'js_upload_post_init'); Hook::register('photo_post_init', __FILE__, 'js_upload_post_init');
Hook::register('photo_post_file', __FILE__, 'js_upload_post_file'); Hook::register('photo_post_file', __FILE__, 'js_upload_post_file');
Hook::register('photo_post_end', __FILE__, 'js_upload_post_end'); Hook::register('photo_post_end', __FILE__, 'js_upload_post_end');
} }
function js_upload_form(array &$b) function js_upload_form(array &$b)
@ -34,11 +34,11 @@ function js_upload_form(array &$b)
$tpl = Renderer::getMarkupTemplate('js_upload.tpl', 'addon/js_upload'); $tpl = Renderer::getMarkupTemplate('js_upload.tpl', 'addon/js_upload');
$b['addon_text'] .= Renderer::replaceMacros($tpl, [ $b['addon_text'] .= Renderer::replaceMacros($tpl, [
'$upload_msg' => DI::l10n()->t('Select files for upload'), '$upload_msg' => DI::l10n()->t('Select files for upload'),
'$drop_msg' => DI::l10n()->t('Drop files here to upload'), '$drop_msg' => DI::l10n()->t('Drop files here to upload'),
'$cancel' => DI::l10n()->t('Cancel'), '$cancel' => DI::l10n()->t('Cancel'),
'$failed' => DI::l10n()->t('Failed'), '$failed' => DI::l10n()->t('Failed'),
'$post_url' => $b['post_url'], '$post_url' => $b['post_url'],
'$maximagesize' => Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')), '$maximagesize' => Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')),
]); ]);
} }
@ -48,7 +48,10 @@ function js_upload_post_init(array &$b)
global $js_upload_result, $js_upload_jsonresponse; global $js_upload_result, $js_upload_jsonresponse;
// list of valid extensions // list of valid extensions
$allowedExtensions = ['jpeg', 'gif', 'png', 'jpg']; $allowedExtensions = [];
foreach (Images::IMAGETYPES as $type) {
$allowedExtensions[] = image_type_to_extension($type, false);
}
// max file size in bytes // max file size in bytes
$sizeLimit = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')); $sizeLimit = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
@ -75,10 +78,9 @@ function js_upload_post_file(array &$b)
$result = $js_upload_result; $result = $js_upload_result;
$b['src'] = $result['path']; $b['src'] = $result['path'];
$b['filename'] = $result['filename']; $b['filename'] = $result['filename'];
$b['filesize'] = filesize($b['src']); $b['filesize'] = filesize($b['src']);
} }
function js_upload_post_end(int &$b) function js_upload_post_end(int &$b)
@ -179,11 +181,11 @@ class qqUploadedFileForm
class qqFileUploader class qqFileUploader
{ {
private $allowedExtensions = []; private $allowedExtensions;
private $sizeLimit = 10485760; private $sizeLimit;
private $file; private $file;
function __construct(array $allowedExtensions = [], $sizeLimit = 10485760) function __construct(array $allowedExtensions = [], $sizeLimit)
{ {
$allowedExtensions = array_map('strtolower', $allowedExtensions); $allowedExtensions = array_map('strtolower', $allowedExtensions);
@ -197,7 +199,6 @@ class qqFileUploader
} else { } else {
$this->file = false; $this->file = false;
} }
} }
/** /**
@ -216,11 +217,9 @@ class qqFileUploader
} }
// if ($size > $this->sizeLimit) { // if ($size > $this->sizeLimit) {
// return array('error' => DI::l10n()->t('Uploaded file is too large')); // return array('error' => DI::l10n()->t('Uploaded file is too large'));
// } // }
$maximagesize = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')); $maximagesize = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
if (($maximagesize) && ($size > $maximagesize)) { if (($maximagesize) && ($size > $maximagesize)) {
@ -241,14 +240,14 @@ class qqFileUploader
if ($this->file->save()) { if ($this->file->save()) {
return [ return [
'success' => true, 'success' => true,
'path' => $this->file->getPath(), 'path' => $this->file->getPath(),
'filename' => $filename . '.' . $ext 'filename' => $filename . '.' . $ext
]; ];
} else { } else {
return [ return [
'error' => DI::l10n()->t('Upload was cancelled, or server error encountered'), 'error' => DI::l10n()->t('Upload was cancelled, or server error encountered'),
'path' => $this->file->getPath(), 'path' => $this->file->getPath(),
'filename' => $filename . '.' . $ext 'filename' => $filename . '.' . $ext
]; ];
} }