Change extension checking method
modifié: core/lib/Thelia/Config/Resources/config.xml modifié: core/lib/Thelia/Controller/Admin/FileController.php supprimé: core/lib/Thelia/Tools/MimeTypeTools.php supprimé: local/config/mime.types
This commit is contained in:
Benjamin Perche
@@ -138,7 +138,6 @@
|
|||||||
<tag name="kernel.event_subscriber"/>
|
<tag name="kernel.event_subscriber"/>
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
<service id="tools.mime_type" class="Thelia\Tools\MimeTypeTools" />
|
|
||||||
<!-- Archive builders -->
|
<!-- Archive builders -->
|
||||||
|
|
||||||
<service id="thelia.manager.archive_builder_manager" class="Thelia\Core\FileFormat\Archive\ArchiveBuilderManager">
|
<service id="thelia.manager.archive_builder_manager" class="Thelia\Core\FileFormat\Archive\ArchiveBuilderManager">
|
||||||
|
|||||||
@@ -54,16 +54,6 @@ class FileController extends BaseAdminController
|
|||||||
return $this->container->get('thelia.file_manager');
|
return $this->container->get('thelia.file_manager');
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the mime type tools
|
|
||||||
*
|
|
||||||
* @return MimeTypeTools
|
|
||||||
*/
|
|
||||||
public function getMimeTypeTools()
|
|
||||||
{
|
|
||||||
return $this->container->get('tools.mime_type');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Manage how a file collection has to be saved
|
* Manage how a file collection has to be saved
|
||||||
*
|
*
|
||||||
@@ -71,7 +61,7 @@ class FileController extends BaseAdminController
|
|||||||
* @param string $parentType Parent Type owning files being saved (product, category, content, etc.)
|
* @param string $parentType Parent Type owning files being saved (product, category, content, etc.)
|
||||||
* @param string $objectType Object type, e.g. image or document
|
* @param string $objectType Object type, e.g. image or document
|
||||||
* @param array $validMimeTypes an array of valid mime types. If empty, any mime type is allowed.
|
* @param array $validMimeTypes an array of valid mime types. If empty, any mime type is allowed.
|
||||||
* @param array $blackList an array of blacklisted mime types.
|
* @param array $extBlackList an array of blacklisted extensions.
|
||||||
* @return Response
|
* @return Response
|
||||||
*/
|
*/
|
||||||
public function saveFileAjaxAction(
|
public function saveFileAjaxAction(
|
||||||
@@ -79,7 +69,7 @@ class FileController extends BaseAdminController
|
|||||||
$parentType,
|
$parentType,
|
||||||
$objectType,
|
$objectType,
|
||||||
$validMimeTypes = array(),
|
$validMimeTypes = array(),
|
||||||
$blackList = array()
|
$extBlackList = array()
|
||||||
) {
|
) {
|
||||||
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
|
if (null !== $response = $this->checkAuth(AdminResources::retrieve($parentType), array(), AccessManager::UPDATE)) {
|
||||||
return $response;
|
return $response;
|
||||||
@@ -106,17 +96,23 @@ class FileController extends BaseAdminController
|
|||||||
return new ResponseRest($message, 'text', 403);
|
return new ResponseRest($message, 'text', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
$mimeType = $fileBeingUploaded->getMimeType();
|
|
||||||
$mimeTypeTools = $this->getMimeTypeTools();
|
|
||||||
$validateMimeType = $mimeTypeTools
|
|
||||||
->validateMimeTypeExtension(
|
|
||||||
$mimeType,
|
|
||||||
$fileBeingUploaded->getClientOriginalName()
|
|
||||||
);
|
|
||||||
|
|
||||||
$message = null;
|
$message = null;
|
||||||
|
$realFileName = $fileBeingUploaded->getClientOriginalName();
|
||||||
|
|
||||||
if ($validateMimeType === $mimeTypeTools::TYPE_NOT_MATCH) {
|
if (! empty($validMimeTypes)) {
|
||||||
|
$mimeType = $fileBeingUploaded->getMimeType();
|
||||||
|
|
||||||
|
if (!isset($validMimeTypes[$mimeType])) {
|
||||||
|
$message = $this->getTranslator()
|
||||||
|
->trans(
|
||||||
|
'Only files having the following mime type are allowed: %types%',
|
||||||
|
[ '%types%' => implode(', ', $validMimeTypes)]
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
$regex = "#(".implode("|", $validMimeTypes[$mimeType]).")$#i";
|
||||||
|
|
||||||
|
if (!preg_match($regex, $realFileName)) {
|
||||||
$message = $this->getTranslator()
|
$message = $this->getTranslator()
|
||||||
->trans(
|
->trans(
|
||||||
"There's a conflict between your file extension \"%ext\" and the mime type \"%mime\"",
|
"There's a conflict between your file extension \"%ext\" and the mime type \"%mime\"",
|
||||||
@@ -126,31 +122,18 @@ class FileController extends BaseAdminController
|
|||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! empty($validMimeTypes)) {
|
|
||||||
|
|
||||||
// Check if we have the proper file type
|
|
||||||
$isValid = false;
|
|
||||||
|
|
||||||
if (in_array($mimeType, $validMimeTypes)) {
|
|
||||||
$isValid = true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! $isValid) {
|
if (!empty($extBlackList)) {
|
||||||
|
$regex = "#(".implode("|", $extBlackList).")$#i";
|
||||||
|
|
||||||
|
if (preg_match($regex, $realFileName)) {
|
||||||
$message = $this->getTranslator()
|
$message = $this->getTranslator()
|
||||||
->trans(
|
->trans(
|
||||||
'Only files having the following mime type are allowed: %types%',
|
'Files with the following extension are not allowed: %extension, please do an archive of the file if you want to upload it',
|
||||||
[ '%types%' => implode(', ', $validMimeTypes)]
|
[
|
||||||
);
|
'%extension' => $fileBeingUploaded->getClientOriginalExtension(),
|
||||||
}
|
]
|
||||||
}
|
|
||||||
|
|
||||||
if (!empty($blackList)) {
|
|
||||||
if (in_array($mimeType, $blackList)) {
|
|
||||||
$message = $this->getTranslator()
|
|
||||||
->trans(
|
|
||||||
'Files with the following mime type are not allowed: %type, please do an archive of the file if you want to upload it',
|
|
||||||
[ '%type' => $mimeType]
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -219,7 +202,16 @@ class FileController extends BaseAdminController
|
|||||||
*/
|
*/
|
||||||
public function saveImageAjaxAction($parentId, $parentType)
|
public function saveImageAjaxAction($parentId, $parentType)
|
||||||
{
|
{
|
||||||
return $this->saveFileAjaxAction($parentId, $parentType, 'image', ['image/jpeg' , 'image/png' ,'image/gif']);
|
return $this->saveFileAjaxAction(
|
||||||
|
$parentId,
|
||||||
|
$parentType,
|
||||||
|
'image',
|
||||||
|
[
|
||||||
|
'image/jpeg' => ["jpg", "jpeg"],
|
||||||
|
'image/png' => ["png"],
|
||||||
|
'image/gif' => ["gif"],
|
||||||
|
]
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -238,11 +230,13 @@ class FileController extends BaseAdminController
|
|||||||
'document',
|
'document',
|
||||||
[],
|
[],
|
||||||
[
|
[
|
||||||
'text/x-php',
|
"php",
|
||||||
'application/x-httpd-php',
|
"php3",
|
||||||
'application/x-httpd-php3',
|
"php4",
|
||||||
'application/x-httpd-php4',
|
"php5",
|
||||||
'application/x-httpd-php5',
|
"php6",
|
||||||
|
"asp",
|
||||||
|
"aspx",
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,143 +0,0 @@
|
|||||||
<?php
|
|
||||||
/*************************************************************************************/
|
|
||||||
/* This file is part of the Thelia package. */
|
|
||||||
/* */
|
|
||||||
/* Copyright (c) OpenStudio */
|
|
||||||
/* email : dev@thelia.net */
|
|
||||||
/* web : http://www.thelia.net */
|
|
||||||
/* */
|
|
||||||
/* For the full copyright and license information, please view the LICENSE.txt */
|
|
||||||
/* file that was distributed with this source code. */
|
|
||||||
/*************************************************************************************/
|
|
||||||
|
|
||||||
namespace Thelia\Tools;
|
|
||||||
use Thelia\Core\Translation\Translator;
|
|
||||||
use Thelia\Exception\FileException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Class MimeTypeTools
|
|
||||||
* @package Thelia\Tools
|
|
||||||
* @author Benjamin Perche <bperche@openstudio.fr>
|
|
||||||
*/
|
|
||||||
class MimeTypeTools
|
|
||||||
{
|
|
||||||
const TYPES_FILE = "local/config/mime.types";
|
|
||||||
|
|
||||||
const TYPE_UNKNOWN = 0;
|
|
||||||
const TYPE_NOT_MATCH = 1;
|
|
||||||
const TYPE_MATCH = 2;
|
|
||||||
|
|
||||||
protected static $typesCache;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $mimeType
|
|
||||||
* @return array|bool
|
|
||||||
*/
|
|
||||||
public function guessExtensionsFromMimeType($mimeType)
|
|
||||||
{
|
|
||||||
if (null === static::$typesCache) {
|
|
||||||
static::$typesCache = $this->parseFile();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!is_scalar($mimeType) || !isset(static::$typesCache[$mimeType])) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return static::$typesCache[$mimeType];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $mimeType
|
|
||||||
* @param $fileName
|
|
||||||
* @return bool
|
|
||||||
*/
|
|
||||||
public function validateMimeTypeExtension($mimeType, $fileName)
|
|
||||||
{
|
|
||||||
$mimeType = strtolower($mimeType);
|
|
||||||
|
|
||||||
$extensions = $this->guessExtensionsFromMimeType($mimeType);
|
|
||||||
|
|
||||||
if (false === $extensions || !is_scalar($fileName)) {
|
|
||||||
return static::TYPE_UNKNOWN;
|
|
||||||
}
|
|
||||||
|
|
||||||
$extensions = implode("|", $extensions);
|
|
||||||
|
|
||||||
$oneMatch = preg_match("#\.$extensions{1}$#i", $fileName);
|
|
||||||
|
|
||||||
return (bool) $oneMatch ? static::TYPE_MATCH : static::TYPE_NOT_MATCH;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param null $filePath
|
|
||||||
* @return array
|
|
||||||
* @throws \Thelia\Exception\FileException
|
|
||||||
*/
|
|
||||||
public function parseFile($filePath = null)
|
|
||||||
{
|
|
||||||
if (null === $filePath) {
|
|
||||||
$filePath = THELIA_ROOT . static::TYPES_FILE;
|
|
||||||
}
|
|
||||||
|
|
||||||
$fileHandle = @fopen($filePath, "r");
|
|
||||||
|
|
||||||
if ($fileHandle === false) {
|
|
||||||
throw new FileException(
|
|
||||||
Translator::getInstance()->trans(
|
|
||||||
"The file %file could not be opened",
|
|
||||||
[
|
|
||||||
"%file" => $filePath,
|
|
||||||
]
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
$typesArray = [];
|
|
||||||
|
|
||||||
while (false !== $line = fgets($fileHandle)) {
|
|
||||||
$line = $this->realTrim($line);
|
|
||||||
|
|
||||||
$line = preg_replace("#\#.*$#", "", $line);
|
|
||||||
|
|
||||||
$table = explode(" ", $line);
|
|
||||||
|
|
||||||
$mime = array_shift($table);
|
|
||||||
|
|
||||||
if (!empty($table) && !empty($mime)) {
|
|
||||||
$typesArray[$mime] = $table;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!feof($fileHandle)) {
|
|
||||||
throw new FileException(
|
|
||||||
Translator::getInstance()->trans(
|
|
||||||
"An error occurred while reading the file %file",
|
|
||||||
[
|
|
||||||
"%file" => $filePath,
|
|
||||||
]
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $typesArray;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $string
|
|
||||||
* @param string $characterMask
|
|
||||||
* @return mixed|string
|
|
||||||
*/
|
|
||||||
public function realTrim($string, $characterMask = "\t\n\r ")
|
|
||||||
{
|
|
||||||
$string = trim($string, $characterMask);
|
|
||||||
$charLen = strlen($characterMask);
|
|
||||||
|
|
||||||
$string = preg_replace(
|
|
||||||
"#[$characterMask]+#",
|
|
||||||
" ",
|
|
||||||
$string
|
|
||||||
);
|
|
||||||
|
|
||||||
return $string;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user