Skip to content
Snippets Groups Projects
Commit 31dc5931 authored by Florian Azizian's avatar Florian Azizian
Browse files

FIX #14075 TIME 0:25 improve control in administration templates

parent 5a021850
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/app/template/controllers/TemplateController.php
+ 6
4
View file @ 31dc5931
...@@ -14,13 +14,16 @@ ...@@ -14,13 +14,16 @@
namespace Template\controllers; namespace Template\controllers;
use Attachment\models\AttachmentModel;
use ContentManagement\controllers\MergeController; use ContentManagement\controllers\MergeController;
use Convert\controllers\ConvertPdfController; use Convert\controllers\ConvertPdfController;
use Docserver\controllers\DocserverController; use Docserver\controllers\DocserverController;
use Docserver\models\DocserverModel; use Docserver\models\DocserverModel;
use Entity\models\EntityModel;
use Group\controllers\PrivilegeController; use Group\controllers\PrivilegeController;
use History\controllers\HistoryController; use History\controllers\HistoryController;
use Resource\controllers\ResController; use Resource\controllers\ResController;
use Resource\controllers\StoreController;
use Resource\models\ResModel; use Resource\models\ResModel;
use Respect\Validation\Validator; use Respect\Validation\Validator;
use Slim\Http\Request; use Slim\Http\Request;
...@@ -29,13 +32,12 @@ use SrcCore\models\CoreConfigModel; ...@@ -29,13 +32,12 @@ use SrcCore\models\CoreConfigModel;
use SrcCore\models\ValidatorModel; use SrcCore\models\ValidatorModel;
use Template\models\TemplateAssociationModel; use Template\models\TemplateAssociationModel;
use Template\models\TemplateModel; use Template\models\TemplateModel;
use Attachment\models\AttachmentModel;
use Entity\models\EntityModel;
use User\models\UserModel; use User\models\UserModel;
class TemplateController class TemplateController
{ {
const AUTHORIZED_MIMETYPES = [ const AUTHORIZED_MIMETYPES = [
'application/zip',
'application/msword', 'application/msword',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
...@@ -139,7 +141,7 @@ class TemplateController ...@@ -139,7 +141,7 @@ class TemplateController
$fileContent = base64_decode($content); $fileContent = base64_decode($content);
$finfo = new \finfo(FILEINFO_MIME_TYPE); $finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent); $mimeType = $finfo->buffer($fileContent);
if (!in_array($mimeType, self::AUTHORIZED_MIMETYPES)) { if (!StoreController::isFileAllowed(['extension' => $format, 'type' => $mimeType]) || !in_array($mimeType, self::AUTHORIZED_MIMETYPES)) {
return $response->withStatus(400)->withJson(['errors' => _WRONG_FILE_TYPE . ' : '.$mimeType]); return $response->withStatus(400)->withJson(['errors' => _WRONG_FILE_TYPE . ' : '.$mimeType]);
} }
...@@ -216,7 +218,7 @@ class TemplateController ...@@ -216,7 +218,7 @@ class TemplateController
$fileContent = base64_decode($content); $fileContent = base64_decode($content);
$finfo = new \finfo(FILEINFO_MIME_TYPE); $finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent); $mimeType = $finfo->buffer($fileContent);
if (!in_array($mimeType, self::AUTHORIZED_MIMETYPES)) { if (!StoreController::isFileAllowed(['extension' => $format, 'type' => $mimeType]) || !in_array($mimeType, self::AUTHORIZED_MIMETYPES)) {
return $response->withStatus(400)->withJson(['errors' => _WRONG_FILE_TYPE . ' : '.$mimeType]); return $response->withStatus(400)->withJson(['errors' => _WRONG_FILE_TYPE . ' : '.$mimeType]);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment