using mime_content_type() through CoreController::getMimeTypeAndFileSize() when applicable

4b45446c · etienne.famery · 86e66758 · 4b45446c · 4b45446c · 4b45446c
Commit 4b45446c authored Sep 02, 2021 by etienne.famery
--- a/src/app/attachment/controllers/AttachmentController.php
+++ b/src/app/attachment/controllers/AttachmentController.php
@@ -460,9 +460,7 @@ class AttachmentController
            return $response->withStatus(404)->withJson(['errors' => 'Thumbnail not found on docserver']);
        }

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
-        $pathInfo = pathinfo($pathToThumbnail);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToThumbnail])['mime'];

        $response->write($fileContent);
        $response = $response->withAddedHeader('Content-Disposition', "inline; filename=maarch.{$pathInfo['extension']}");
@@ -557,8 +555,7 @@ class AttachmentController
                'signatoryId'     => $signatoryId
            ]);
        } else {
-            $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-            $mimeType = $finfo->buffer($fileContent);
+            $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
            $pathInfo = pathinfo($pathToDocument);

            $response->write($fileContent);
@@ -623,9 +620,8 @@ class AttachmentController
        if ($fileContent === false) {
            return $response->withStatus(400)->withJson(['errors' => 'Document not found on docserver']);
        }
-
-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+    
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
        $pathInfo = pathinfo($pathToDocument);

        $response->write($fileContent);
@@ -928,20 +924,19 @@ class AttachmentController
            if (!Validator::stringType()->notEmpty()->validate($body['format'])) {
                return ['errors' => 'Body format is empty or not a string'];
            }
-
-            $file     = base64_decode($body['encodedFile']);
-            $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-            $mimeType = $finfo->buffer($file);
-            if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeType])) {
-                return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeType}"];
+            $mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['encodedFile']]);
+            if (isset($mimeAndSize['errors'])) {
+                return $mimeAndSize['errors'];
            }

+            if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeAndSize['mime']])) {
+                return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeAndSize['mime']}"];
+            }
            $maximumSize = CoreController::getMaximumAllowedSizeFromPhpIni();
-            if ($maximumSize > 0 && strlen($file) > $maximumSize) {
+            if ($maximumSize > 0 && $mimeAndSize['size'] > $maximumSize) {
                return ['errors' => "Body encodedFile size is over limit"];
            }
        }
-
        return true;
    }


--- a/src/app/contentManagement/controllers/CollaboraOnlineController.php
+++ b/src/app/contentManagement/controllers/CollaboraOnlineController.php
@@ -115,8 +115,7 @@ class CollaboraOnlineController
            $fileContent = base64_decode($content);
        }

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
        $pathInfo = pathinfo($pathToDocument);

        if ($tokenCheckResult['type'] == 'templateEncoded') {
@@ -428,8 +427,7 @@ class CollaboraOnlineController
        }

        $fileContent = base64_decode($body['content']);
-        $finfo = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['content']])['mime'];
        if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeType]) || !in_array($mimeType, TemplateController::AUTHORIZED_MIMETYPES)) {
            return $response->withStatus(400)->withJson(['errors' => _WRONG_FILE_TYPE . ' : '.$mimeType]);
        }

--- a/src/app/contentManagement/controllers/OnlyOfficeController.php
+++ b/src/app/contentManagement/controllers/OnlyOfficeController.php
@@ -25,6 +25,7 @@ use Respect\Validation\Validator;
 use Slim\Http\Request;
 use Slim\Http\Response;
 use SrcCore\controllers\UrlController;
+use SrcCore\controllers\CoreController;
 use SrcCore\models\CoreConfigModel;
 use SrcCore\models\CurlModel;
 use SrcCore\models\ValidatorModel;
@@ -231,8 +232,7 @@ class OnlyOfficeController
            return $response->withStatus(400)->withJson(['errors' => 'No content found']);
        }

-        $finfo     = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType  = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $tmpPath . $filename])['mime'];
        $extension = pathinfo($tmpPath . $filename, PATHINFO_EXTENSION);
        unlink($tmpPath . $filename);

@@ -487,8 +487,7 @@ class OnlyOfficeController
            return $response->withStatus(404)->withJson(['errors' => 'Document not found']);
        }

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $jwt->fullFilename])['mime'];
        $pathInfo = pathinfo($jwt->fullFilename);

        $response->write($fileContent);

--- a/src/app/convert/controllers/ConvertPdfController.php
+++ b/src/app/convert/controllers/ConvertPdfController.php
@@ -26,6 +26,7 @@ use Respect\Validation\Validator;
 use Slim\Http\Request;
 use Slim\Http\Response;
 use SrcCore\controllers\LogsController;
+use SrcCore\controllers\CoreController;
 use SrcCore\controllers\UrlController;
 use SrcCore\models\CoreConfigModel;
 use SrcCore\models\ValidatorModel;
@@ -323,11 +324,11 @@ class ConvertPdfController
            return $response->withStatus(400)->withJson(['errors' => 'Body base64 is empty']);
        }

-        $file     = base64_decode($body['base64']);
-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($file);
-        $ext      = substr($body['name'], strrpos($body['name'], '.') + 1);
-        $size     = strlen($file);
+        $ext         = substr($body['name'], strrpos($body['name'], '.') + 1);
+        $file        = base64_decode($body['base64']);
+        $mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['base64']]);
+        $mimeType    = $mimeAndSize['mime'];
+        $size        = $mimeAndSize['size'];

        if (strtolower($ext) == 'pdf' && strtolower($mimeType) == 'application/pdf') {
            if ($body['context'] == 'scan') {

--- a/src/app/external/messageExchange/controllers/MessageExchangeController.php
+++ b/src/app/external/messageExchange/controllers/MessageExchangeController.php
@@ -20,6 +20,7 @@ use Resource\controllers\ResController;
 use Respect\Validation\Validator;
 use Slim\Http\Request;
 use Slim\Http\Response;
+use SrcCore\controllers\CoreController;
 use User\models\UserModel;

 class MessageExchangeController
@@ -230,8 +231,7 @@ class MessageExchangeController

        $fileContent = file_get_contents($pathToDocument);

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];

        $response->write($fileContent);
        $response = $response->withAddedHeader('Content-Disposition', "attachment; filename=maarch.zip");

--- a/src/app/external/messageExchange/controllers/ReceiveMessageExchangeController.php
+++ b/src/app/external/messageExchange/controllers/ReceiveMessageExchangeController.php
@@ -30,6 +30,7 @@ use Resource\models\ResModel;
 use Resource\models\ResourceContactModel;
 use Slim\Http\Request;
 use Slim\Http\Response;
+use SrcCore\controllers\CoreController;
 use SrcCore\models\CoreConfigModel;
 use User\models\UserModel;

@@ -159,8 +160,7 @@ class ReceiveMessageExchangeController

        $file     = base64_decode($aArgs['base64']);

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($file);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['encodedFile' => $aArgs['base64']])['mime'];
        $ext      = $aArgs['extension'];
        $tmpName  = 'tmp_file_' .$GLOBALS['userId']. '_ArchiveTransfer_' .rand(). '.' . $ext;


--- a/src/app/resource/controllers/FolderPrintController.php
+++ b/src/app/resource/controllers/FolderPrintController.php
@@ -18,6 +18,7 @@ use AcknowledgementReceipt\models\AcknowledgementReceiptModel;
 use Attachment\models\AttachmentModel;
 use Contact\controllers\ContactController;
 use Contact\models\ContactModel;
+use SrcCore\controllers\CoreController;
 use Convert\controllers\ConvertPdfController;
 use Docserver\models\DocserverModel;
 use Docserver\models\DocserverTypeModel;
@@ -506,12 +507,9 @@ class FolderPrintController
            if (!file_exists($filePathOnTmp)) {
                return $response->withStatus(500)->withJson(['errors' => 'Merged file not created']);
            } else {
-                $finfo = new \finfo(FILEINFO_MIME_TYPE);
+                $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $filePathOnTmp])['mime'];

-                $fileContent = file_get_contents($filePathOnTmp);
-                $mimeType = $finfo->buffer($fileContent);
-
-                $response->write($fileContent);
+                $response->write(file_get_contents($filePathOnTmp));

                $response = $response->withAddedHeader('Content-Disposition', "inline; filename=maarch.pdf");
                return $response->withHeader('Content-Type', $mimeType);

--- a/src/app/resource/controllers/ResController.php
+++ b/src/app/resource/controllers/ResController.php
@@ -31,6 +31,7 @@ use Folder\models\FolderModel;
 use Folder\models\ResourceFolderModel;
 use Group\controllers\GroupController;
 use Group\controllers\PrivilegeController;
+use SrcCore\controllers\CoreController;
 use Group\models\GroupModel;
 use History\controllers\HistoryController;
 use IndexingModel\models\IndexingModelFieldModel;
@@ -503,8 +504,7 @@ class ResController extends ResourceControlController
                'signatoryId'       => $signatoryId
            ]);
        } else {
-            $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-            $mimeType = $finfo->buffer($fileContent);
+            $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
            $pathInfo = pathinfo($pathToDocument);

            $response->write($fileContent);
@@ -672,8 +672,7 @@ class ResController extends ResourceControlController
            return $response->withStatus(404)->withJson(['errors' => 'Document not found on docserver']);
        }

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToDocument])['mime'];
        $pathInfo = pathinfo($pathToDocument);

        $response->write($fileContent);
@@ -729,8 +728,7 @@ class ResController extends ResourceControlController
            return $response->withStatus(404)->withJson(['errors' => 'Thumbnail not found on docserver']);
        }

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($fileContent);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToThumbnail])['mime'];
        $pathInfo = pathinfo($pathToThumbnail);

        $response->write($fileContent);

--- a/src/app/resource/controllers/ResourceControlController.php
+++ b/src/app/resource/controllers/ResourceControlController.php
@@ -237,26 +237,19 @@ class ResourceControlController
            if (!Validator::stringType()->notEmpty()->validate($body['format'])) {
                return ['errors' => 'Body format is empty or not a string'];
            }
-
-            $fileTmp = fopen('php://temp', 'r+');
-            $streamFilterBase64 = stream_filter_append($fileTmp, 'convert.base64-decode', STREAM_FILTER_WRITE);
-            stream_set_chunk_size($fileTmp, 1024);
-            $tmpFilesize = fwrite($fileTmp, $body['encodedFile']);
-            rewind($fileTmp);
-            stream_filter_remove($streamFilterBase64);
-            $mimeType = mime_content_type($fileTmp);
-            fclose($fileTmp);
-
-            if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeType])) {
-                return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeType}"];
+            $mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $body['encodedFile']]);
+            if (isset($mimeAndSize['errors'])) {
+                return $mimeAndSize['errors'];
            }

+            if (!StoreController::isFileAllowed(['extension' => $body['format'], 'type' => $mimeAndSize['mime']])) {
+                return ['errors' => "Format with this mimeType is not allowed : {$body['format']} {$mimeAndSize['mime']}"];
+            }
            $maximumSize = CoreController::getMaximumAllowedSizeFromPhpIni();
-            if ($maximumSize > 0 && $tmpFilesize > $maximumSize) {
+            if ($maximumSize > 0 && $mimeAndSize['size'] > $maximumSize) {
                return ['errors' => "Body encodedFile size is over limit"];
            }
        }
-
        return true;
    }


--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -44,6 +44,7 @@ use SrcCore\controllers\AuthenticationController;
 use SrcCore\controllers\PasswordController;
 use SrcCore\controllers\UrlController;
 use SrcCore\models\AuthenticationModel;
+use SrcCore\controllers\CoreController;
 use SrcCore\models\CoreConfigModel;
 use SrcCore\models\DatabaseModel;
 use SrcCore\models\PasswordModel;
@@ -917,8 +918,7 @@ class UserController
            return $response->withStatus(404)->withJson(['errors' => 'Signature not found on docserver']);
        }

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($image);
+        $mimeType = CoreController::getMimeTypeAndFileSize(['path' => $pathToSignature])['mime'];

        $response->write($image);

@@ -946,9 +946,9 @@ class UserController
        $file     = base64_decode($data['base64']);
        $tmpName  = "tmp_file_{$aArgs['id']}_" .rand(). "_{$data['name']}";

-        $finfo    = new \finfo(FILEINFO_MIME_TYPE);
-        $mimeType = $finfo->buffer($file);
-        $size     = strlen($file);
+        $mimeAndSize = CoreController::getMimeTypeAndFileSize(['encodedFile' => $data['base64']]);
+        $mimeType    = $mimeAndSize['mime'];
+        $size        = $mimeAndSize['size'];
        $type     = explode('/', $mimeType);
        $ext      = strtoupper(substr($data['name'], strrpos($data['name'], '.') + 1));


--- a/src/core/controllers/CoreController.php
+++ b/src/core/controllers/CoreController.php
@@ -133,4 +133,53 @@ class CoreController

        return $maximumSize;
    }
-}
+
+
+    /**
+     * getMimeTypeAndFileSize
+     * 
+     * @param args array with either an 'encodedFile' (base64 string), a 'resource' (resource), or a 'path' (file path as string)
+     * @return array with 'mime' and 'size' entries
+     */
+    public static function getMimeTypeAndFileSize(array $args) {
+        $resource = null;
+        $size = null;
+        if (!empty($args['encodedFile'])) {
+            if (!is_string($args['encodedFile'])) {
+                return ['errors' => 'args encodedFile is not a string'];
+            }
+            $resource = fopen('php://temp', 'r+');
+            $streamFilterBase64 = stream_filter_append($resource, 'convert.base64-decode', STREAM_FILTER_WRITE);
+            stream_set_chunk_size($resource, 1024*1024);
+            $size = fwrite($resource, $args['encodedFile']);
+            stream_filter_remove($streamFilterBase64);
+        } elseif (!empty($args['resource'])) {
+            if (!is_resource($args['resource'])) {
+                return ['errors' => 'args resource is not a resource'];
+            }
+            $resource = $args['resource'];
+            $devNull = fopen('/dev/null', 'a');
+            $size = stream_copy_to_stream($resource, $devNull);
+        } elseif (!empty($args['path'])) {
+            if (!is_file($args['path']) || !is_readable($args['path'])) {
+                return ['errors' => 'args filename does not refer to a regular file or said file is not readable'];
+            }
+            $resource = fopen($args['path'], 'r');
+            $size = filesize($args['path']);
+        }
+        
+        if (empty($resource)) {
+            return ['errors' => 'missing parameter: getMimeType requires encodedFile, resource, or filename'];
+        }
+
+        rewind($resource);
+        $mimeType = mime_content_type($resource);
+        fclose($resource);
+
+        if (empty($mimeType) || empty($size)) {
+            return ['errors' => "could not compute mime type ($mimeType) or file size ($size)"];
+        }
+
+        return ['mime' => $mimeType, 'size' => $size];
+    }
+}
\ No newline at end of file