From 513aecbe4d04f5935eb07e9d99937305783f63a0 Mon Sep 17 00:00:00 2001 From: CauseFX Date: Wed, 20 Apr 2022 14:41:19 -0700 Subject: [PATCH] fixed issue allowing non images to be uploaded --- api/classes/organizr.class.php | 34 ++++++++++++++++++++-------- api/functions/organizr-functions.php | 22 ++++++++++++++++-- api/pages/settings-image-manager.php | 8 +++++-- 3 files changed, 51 insertions(+), 13 deletions(-) diff --git a/api/classes/organizr.class.php b/api/classes/organizr.class.php index 8934ab15b..dc287a9df 100644 --- a/api/classes/organizr.class.php +++ b/api/classes/organizr.class.php @@ -1962,15 +1962,31 @@ public function removeImage($image = null) public function uploadImage() { $filesCheck = array_filter($_FILES); - if (!empty($filesCheck) && $this->approvedFileExtension($_FILES['file']['name'], 'image') && strpos($_FILES['file']['type'], 'image/') !== false) { - ini_set('upload_max_filesize', '10M'); - ini_set('post_max_size', '10M'); - $tempFile = $_FILES['file']['tmp_name']; - $targetPath = $this->root . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'userTabs' . DIRECTORY_SEPARATOR; - $this->makeDir($targetPath); - $targetFile = $targetPath . $this->sanitizeUserString($_FILES['file']['name']); - $this->setAPIResponse(null, pathinfo($_FILES['file']['name'], PATHINFO_BASENAME) . ' has been uploaded', null); - return move_uploaded_file($tempFile, $targetFile); + if (!empty($filesCheck)) { + if (strpos($_FILES['file']['type'], 'image/') === false) { + $this->setResponse(403, 'File Type not approved', $_FILES['file']['type']); + return false; + } + if (!$this->approvedFileType($_FILES['file']['tmp_name'])) { + $this->setResponse(403, 'File Type not approved', $_FILES['file']['tmp_name']); + return false; + } + if ($this->approvedFileExtension($_FILES['file']['name'])) { + ini_set('upload_max_filesize', '10M'); + ini_set('post_max_size', '10M'); + $tempFile = $_FILES['file']['tmp_name']; + $targetPath = $this->root . DIRECTORY_SEPARATOR . 'data' . DIRECTORY_SEPARATOR . 'userTabs' . DIRECTORY_SEPARATOR; + $this->makeDir($targetPath); + $targetFile = $targetPath . $this->sanitizeUserString($_FILES['file']['name']); + $this->setAPIResponse(null, pathinfo($_FILES['file']['name'], PATHINFO_BASENAME) . ' has been uploaded', null); + return move_uploaded_file($tempFile, $targetFile); + } else { + $this->setResponse(403, 'File Extension not approved'); + return false; + } + } else { + $this->setResponse(500, 'No File was uploaded'); + return false; } } diff --git a/api/functions/organizr-functions.php b/api/functions/organizr-functions.php index 82229ad2a..c37a7a44d 100644 --- a/api/functions/organizr-functions.php +++ b/api/functions/organizr-functions.php @@ -230,6 +230,24 @@ public function approvedFileExtension($filename, $type = 'image') } } + public function approvedFileType($file, $type = 'image') + { + $finfo = new finfo(FILEINFO_MIME_TYPE); + $ext = $finfo->file($file); + if ($type == 'image') { + switch ($ext) { + case 'image/gif': + case 'image/png': + case 'image/jpeg': + case 'image/pjpeg': + return true; + default: + return false; + } + } + return false; + } + public function getImages() { $allIconsPrep = array(); @@ -545,11 +563,11 @@ public function cacheImage($url, $name, $extension = 'jpg') $cacheTime = 604800; $ctx = stream_context_create(array( 'http' => array( - 'timeout' =>5 , + 'timeout' => 5, 'protocol_version' => 1.1, 'header' => 'Connection: close' ) - )); + )); if ((file_exists($cacheFile) && (time() - $cacheTime) > filemtime($cacheFile)) || !file_exists($cacheFile)) { @copy($url, $cacheFile, $ctx); } diff --git a/api/pages/settings-image-manager.php b/api/pages/settings-image-manager.php index 06b220b9b..1a9f9c191 100644 --- a/api/pages/settings-image-manager.php +++ b/api/pages/settings-image-manager.php @@ -19,8 +19,12 @@ function get_page_settings_image_manager($Organizr) headers:{ "formKey": local("g","formKey") }, init: function() { this.on("complete", function(file) { - buildImageManagerView(); - //$.magnificPopup.close(); + if(file["status"] === "success"){ + buildImageManagerView(); + }else{ + let response = JSON.parse(file.xhr.responseText); + message("Upload Error", response.response.message,activeInfo.settings.notifications.position,"#FFF","error","5000"); + } }); } });