Commit 4b45446c authored by etienne.famery's avatar etienne.famery
Browse files

using mime_content_type() through CoreController::getMimeTypeAndFileSize() when applicable

parent 86e66758
......@@ -460,9 +460,7 @@ class AttachmentController
return $response->withStatus(404)->withJson(['errors' => 'Thumbnail not found on docserver']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$pathInfo = pathinfo($pathToThumbnail);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToThumbnail])['mime'];
$response->write($fileContent);
$response = $response->withAddedHeader('Content-Disposition', "inline; filename=maarch.{$pathInfo['extension']}");
......@@ -557,8 +555,7 @@ class AttachmentController
'signatoryId' => $signatoryId
]);
} else {
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
$pathInfo = pathinfo($pathToDocument);
$response->write($fileContent);
......@@ -623,9 +620,8 @@ class AttachmentController
if ($fileContent === false) {
return $response->withStatus(400)->withJson(['errors' => 'Document not found on docserver']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
$pathInfo = pathinfo($pathToDocument);
$response->write($fileContent);
......@@ -928,20 +924,19 @@ class AttachmentController
if (!Validator::stringType()->notEmpty()->validate($body['format'])) {
return ['errors' => 'Body format is empty or not a string'];
}
$file = base64_decode($body['encodedFile']);
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($file);
if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeType])) {
return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeType}"];
$mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['encodedFile']]);
if (isset($mimeAndSize['errors'])) {
return $mimeAndSize['errors'];
}
if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeAndSize['mime']])) {
return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeAndSize['mime']}"];
}
$maximumSize = CoreController::getMaximumAllowedSizeFromPhpIni();
if ($maximumSize > 0 && strlen($file) > $maximumSize) {
if ($maximumSize > 0 && $mimeAndSize['size'] > $maximumSize) {
return ['errors' => "Body encodedFile size is over limit"];
}
}
return true;
}
......
......@@ -115,8 +115,7 @@ class CollaboraOnlineController
$fileContent = base64_decode($content);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
$pathInfo = pathinfo($pathToDocument);
if ($tokenCheckResult['type'] == 'templateEncoded') {
......@@ -428,8 +427,7 @@ class CollaboraOnlineController
}
$fileContent = base64_decode($body['content']);
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['content']])['mime'];
if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeType]) || !in_array($mimeType, TemplateController::AUTHORIZED_MIMETYPES)) {
return $response->withStatus(400)->withJson(['errors' => _WRONG_FILE_TYPE . ' : '.$mimeType]);
}
......
......@@ -25,6 +25,7 @@ use Respect\Validation\Validator;
use Slim\Http\Request;
use Slim\Http\Response;
use SrcCore\controllers\UrlController;
use SrcCore\controllers\CoreController;
use SrcCore\models\CoreConfigModel;
use SrcCore\models\CurlModel;
use SrcCore\models\ValidatorModel;
......@@ -231,8 +232,7 @@ class OnlyOfficeController
return $response->withStatus(400)->withJson(['errors' => 'No content found']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $tmpPath . $filename])['mime'];
$extension = pathinfo($tmpPath . $filename, PATHINFO_EXTENSION);
unlink($tmpPath . $filename);
......@@ -487,8 +487,7 @@ class OnlyOfficeController
return $response->withStatus(404)->withJson(['errors' => 'Document not found']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $jwt->fullFilename])['mime'];
$pathInfo = pathinfo($jwt->fullFilename);
$response->write($fileContent);
......
......@@ -26,6 +26,7 @@ use Respect\Validation\Validator;
use Slim\Http\Request;
use Slim\Http\Response;
use SrcCore\controllers\LogsController;
use SrcCore\controllers\CoreController;
use SrcCore\controllers\UrlController;
use SrcCore\models\CoreConfigModel;
use SrcCore\models\ValidatorModel;
......@@ -323,11 +324,11 @@ class ConvertPdfController
return $response->withStatus(400)->withJson(['errors' => 'Body base64 is empty']);
}
$file = base64_decode($body['base64']);
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($file);
$ext = substr($body['name'], strrpos($body['name'], '.') + 1);
$size = strlen($file);
$ext = substr($body['name'], strrpos($body['name'], '.') + 1);
$file = base64_decode($body['base64']);
$mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['base64']]);
$mimeType = $mimeAndSize['mime'];
$size = $mimeAndSize['size'];
if (strtolower($ext) == 'pdf' && strtolower($mimeType) == 'application/pdf') {
if ($body['context'] == 'scan') {
......
......@@ -20,6 +20,7 @@ use Resource\controllers\ResController;
use Respect\Validation\Validator;
use Slim\Http\Request;
use Slim\Http\Response;
use SrcCore\controllers\CoreController;
use User\models\UserModel;
class MessageExchangeController
......@@ -230,8 +231,7 @@ class MessageExchangeController
$fileContent = file_get_contents($pathToDocument);
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
$response->write($fileContent);
$response = $response->withAddedHeader('Content-Disposition', "attachment; filename=maarch.zip");
......
......@@ -30,6 +30,7 @@ use Resource\models\ResModel;
use Resource\models\ResourceContactModel;
use Slim\Http\Request;
use Slim\Http\Response;
use SrcCore\controllers\CoreController;
use SrcCore\models\CoreConfigModel;
use User\models\UserModel;
......@@ -159,8 +160,7 @@ class ReceiveMessageExchangeController
$file = base64_decode($aArgs['base64']);
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($file);
$mimeType = CoreController::getMimeTypeAndFileSize(['encodedFile' => $aArgs['base64']])['mime'];
$ext = $aArgs['extension'];
$tmpName = 'tmp_file_' .$GLOBALS['userId']. '_ArchiveTransfer_' .rand(). '.' . $ext;
......
......@@ -18,6 +18,7 @@ use AcknowledgementReceipt\models\AcknowledgementReceiptModel;
use Attachment\models\AttachmentModel;
use Contact\controllers\ContactController;
use Contact\models\ContactModel;
use SrcCore\controllers\CoreController;
use Convert\controllers\ConvertPdfController;
use Docserver\models\DocserverModel;
use Docserver\models\DocserverTypeModel;
......@@ -506,12 +507,9 @@ class FolderPrintController
if (!file_exists($filePathOnTmp)) {
return $response->withStatus(500)->withJson(['errors' => 'Merged file not created']);
} else {
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $filePathOnTmp])['mime'];
$fileContent = file_get_contents($filePathOnTmp);
$mimeType = $finfo->buffer($fileContent);
$response->write($fileContent);
$response->write(file_get_contents($filePathOnTmp));
$response = $response->withAddedHeader('Content-Disposition', "inline; filename=maarch.pdf");
return $response->withHeader('Content-Type', $mimeType);
......
......@@ -31,6 +31,7 @@ use Folder\models\FolderModel;
use Folder\models\ResourceFolderModel;
use Group\controllers\GroupController;
use Group\controllers\PrivilegeController;
use SrcCore\controllers\CoreController;
use Group\models\GroupModel;
use History\controllers\HistoryController;
use IndexingModel\models\IndexingModelFieldModel;
......@@ -503,8 +504,7 @@ class ResController extends ResourceControlController
'signatoryId' => $signatoryId
]);
} else {
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
$pathInfo = pathinfo($pathToDocument);
$response->write($fileContent);
......@@ -672,8 +672,7 @@ class ResController extends ResourceControlController
return $response->withStatus(404)->withJson(['errors' => 'Document not found on docserver']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
$pathInfo = pathinfo($pathToDocument);
$response->write($fileContent);
......@@ -729,8 +728,7 @@ class ResController extends ResourceControlController
return $response->withStatus(404)->withJson(['errors' => 'Thumbnail not found on docserver']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($fileContent);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToThumbnail])['mime'];
$pathInfo = pathinfo($pathToThumbnail);
$response->write($fileContent);
......
......@@ -237,26 +237,19 @@ class ResourceControlController
if (!Validator::stringType()->notEmpty()->validate($body['format'])) {
return ['errors' => 'Body format is empty or not a string'];
}
$fileTmp = fopen('php://temp', 'r+');
$streamFilterBase64 = stream_filter_append($fileTmp, 'convert.base64-decode', STREAM_FILTER_WRITE);
stream_set_chunk_size($fileTmp, 1024);
$tmpFilesize = fwrite($fileTmp, $body['encodedFile']);
rewind($fileTmp);
stream_filter_remove($streamFilterBase64);
$mimeType = mime_content_type($fileTmp);
fclose($fileTmp);
if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeType])) {
return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeType}"];
$mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['encodedFile']]);
if (isset($mimeAndSize['errors'])) {
return $mimeAndSize['errors'];
}
if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeAndSize['mime']])) {
return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeAndSize['mime']}"];
}
$maximumSize = CoreController::getMaximumAllowedSizeFromPhpIni();
if ($maximumSize > 0 && $tmpFilesize > $maximumSize) {
if ($maximumSize > 0 && $mimeAndSize['size'] > $maximumSize) {
return ['errors' => "Body encodedFile size is over limit"];
}
}
return true;
}
......
......@@ -44,6 +44,7 @@ use SrcCore\controllers\AuthenticationController;
use SrcCore\controllers\PasswordController;
use SrcCore\controllers\UrlController;
use SrcCore\models\AuthenticationModel;
use SrcCore\controllers\CoreController;
use SrcCore\models\CoreConfigModel;
use SrcCore\models\DatabaseModel;
use SrcCore\models\PasswordModel;
......@@ -917,8 +918,7 @@ class UserController
return $response->withStatus(404)->withJson(['errors' => 'Signature not found on docserver']);
}
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($image);
$mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToSignature])['mime'];
$response->write($image);
......@@ -946,9 +946,9 @@ class UserController
$file = base64_decode($data['base64']);
$tmpName = "tmp_file_{$aArgs['id']}_" .rand(). "_{$data['name']}";
$finfo = new \finfo(FILEINFO_MIME_TYPE);
$mimeType = $finfo->buffer($file);
$size = strlen($file);
$mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $data['base64']]);
$mimeType = $mimeAndSize['mime'];
$size = $mimeAndSize['size'];
$type = explode('/', $mimeType);
$ext = strtoupper(substr($data['name'], strrpos($data['name'], '.') + 1));
......
......@@ -133,4 +133,53 @@ class CoreController
return $maximumSize;
}
}
/**
* getMimeTypeAndFileSize
*
* @param args array with either an 'encodedFile' (base64 string), a 'resource' (resource), or a 'path' (file path as string)
* @return array with 'mime' and 'size' entries
*/
public static function getMimeTypeAndFileSize(array $args) {
$resource = null;
$size = null;
if (!empty($args['encodedFile'])) {
if (!is_string($args['encodedFile'])) {
return ['errors' => 'args encodedFile is not a string'];
}
$resource = fopen('php://temp', 'r+');
$streamFilterBase64 = stream_filter_append($resource, 'convert.base64-decode', STREAM_FILTER_WRITE);
stream_set_chunk_size($resource, 1024*1024);
$size = fwrite($resource, $args['encodedFile']);
stream_filter_remove($streamFilterBase64);
} elseif (!empty($args['resource'])) {
if (!is_resource($args['resource'])) {
return ['errors' => 'args resource is not a resource'];
}
$resource = $args['resource'];
$devNull = fopen('/dev/null', 'a');
$size = stream_copy_to_stream($resource, $devNull);
} elseif (!empty($args['path'])) {
if (!is_file($args['path']) || !is_readable($args['path'])) {
return ['errors' => 'args filename does not refer to a regular file or said file is not readable'];
}
$resource = fopen($args['path'], 'r');
$size = filesize($args['path']);
}
if (empty($resource)) {
return ['errors' => 'missing parameter: getMimeType requires encodedFile, resource, or filename'];
}
rewind($resource);
$mimeType = mime_content_type($resource);
fclose($resource);
if (empty($mimeType) || empty($size)) {
return ['errors' => "could not compute mime type ($mimeType) or file size ($size)"];
}
return ['mime' => $mimeType, 'size' => $size];
}
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment