maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

check mime types

Browse Source
This commit is contained in:
Daniel Schmitz
2021-07-09 16:42:21 +08:00
parent c4c4279171
commit 48f6601003
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@@ -43,6 +43,7 @@
"ext-curl": "*", "ext-curl": "*",
"ext-json": "*", "ext-json": "*",
"ext-openssl": "*", "ext-openssl": "*",
"ext-fileinfo": "*",
"phpmailer/phpmailer": "~6.0", "phpmailer/phpmailer": "~6.0",
"monolog/monolog": "^1.24", "monolog/monolog": "^1.24",
"robthree/twofactorauth": "^1.6", "robthree/twofactorauth": "^1.6",

5
lib/Froxlor/Settings/Store.php
View File

@@ -388,6 +388,11 @@ class Store
} }
} }
// Make sure mime-type matches an image
if (!in_array(mime_content_type($_FILES[$fieldname]['tmp_name']), ['image/jpeg','image/jpg','image/png','image/gif'])) {
throw new \Exception("Uploaded file not a valid image");
}
// Determine file extension // Determine file extension
$spl = explode('.', $_FILES[$fieldname]['name']); $spl = explode('.', $_FILES[$fieldname]['name']);
$file_extension = strtolower(array_pop($spl)); $file_extension = strtolower(array_pop($spl));

2
templates/Sparkle/formfields/image.tpl vendored
View File

@@ -6,6 +6,6 @@
<input type="checkbox" value="1" name="{$fieldname}_delete" /> {$lng['panel']['image_field_delete']} <input type="checkbox" value="1" name="{$fieldname}_delete" /> {$lng['panel']['image_field_delete']}
<br><br> <br><br>
</if> </if>
<input <if $do_show == 0>disabled="disabled"</if> type="file" class="file" name="{$fieldname}" accept=".jpg, .jpeg, .png" /> <input <if $do_show == 0>disabled="disabled"</if> type="file" class="file" name="{$fieldname}" accept="image/jpeg, image/jpg, image/png, image/gif" />
</td> </td>
</tr> </tr>