Skip to content

Commit

Permalink
refactor: uploading files with disallowed extensions should get Inval…
Browse files Browse the repository at this point in the history 
…idExtensionException
  • Loading branch information
@streamtw
streamtw committed Aug 9, 2024
1 parent 6b3adbc commit 93c9970
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 9 deletions.
4 changes: 3 additions & 1 deletion src/LfmPath.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,12 +255,14 @@ public function validateUploadedFile($file)

$validator->mimetypeIsNotExcutable(config('lfm.disallowed_mimetypes', ['text/x-php', 'text/html', 'text/plain']));

$validator->extensionIsNotExcutable(config('lfm.disallowed_extensions', ['php', 'html']));
$validator->extensionIsNotExcutable();

if (config('lfm.should_validate_mime', false)) {
$validator->mimeTypeIsValid($this->helper->availableMimeTypes());
}

$validator->extensionIsValid(config('lfm.disallowed_extensions', []));

if (config('lfm.should_validate_size', false)) {
$validator->sizeIsLowerThanConfiguredMaximum($this->helper->maxUploadSize());
}
Expand Down
10 changes: 8 additions & 2 deletions src/LfmUploadValidator.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,12 @@ public function mimetypeIsNotExcutable($excutable_mimetypes)
return $this;
}

public function extensionIsNotExcutable($excutable_extensions)
public function extensionIsNotExcutable()
{
$extension = strtolower($this->file->getClientOriginalExtension());

$excutable_extensions = ['php', 'html'];

if (in_array($extension, $excutable_extensions)) {
throw new ExcutableFileException();
}
Expand All @@ -103,14 +105,18 @@ public function mimeTypeIsValid($available_mime_types)
return $this;
}

public function extensionIsValid()
public function extensionIsValid($disallowed_extensions)
{
$extension = strtolower($this->file->getClientOriginalExtension());

if (preg_match('/[^a-zA-Z0-9]/', $extension) > 0) {
throw new InvalidExtensionException();
}

if (in_array($extension, $disallowed_extensions)) {
throw new InvalidExtensionException();
}

return $this;
}

Expand Down
24 changes: 18 additions & 6 deletions tests/LfmUploadValidatorTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,10 +141,22 @@ public function testPassesExtensionIsNotExcutable()

$this->expectNotToPerformAssertions();

$validator->extensionIsNotExcutable(['php', 'html']);
$validator->extensionIsNotExcutable();
}

public function testFailsExtensionIsNotExcutableWithPhp()
{
$uploaded_file = m::mock(UploadedFile::class);
$uploaded_file->shouldReceive('getClientOriginalExtension')->andReturn('php');

$validator = new LfmUploadValidator($uploaded_file);

$this->expectException(ExcutableFileException::class);

$validator->extensionIsNotExcutable();
}

public function testFailsExtensionIsNotExcutable()
public function testFailsExtensionIsNotExcutableWithHtml()
{
$uploaded_file = m::mock(UploadedFile::class);
$uploaded_file->shouldReceive('getClientOriginalExtension')->andReturn('html');
Expand All @@ -153,7 +165,7 @@ public function testFailsExtensionIsNotExcutable()

$this->expectException(ExcutableFileException::class);

$validator->extensionIsNotExcutable(['php', 'html']);
$validator->extensionIsNotExcutable();
}

public function testFailsExtensionIsNotExcutableWithExtensionNotLowerCase()
Expand All @@ -165,7 +177,7 @@ public function testFailsExtensionIsNotExcutableWithExtensionNotLowerCase()

$this->expectException(ExcutableFileException::class);

$validator->extensionIsNotExcutable(['php', 'html']);
$validator->extensionIsNotExcutable();
}

public function testFailsExtensionIsNotExcutableWithExtensionsStartsWithPhp()
Expand All @@ -177,7 +189,7 @@ public function testFailsExtensionIsNotExcutableWithExtensionsStartsWithPhp()

$this->expectException(ExcutableFileException::class);

$validator->extensionIsNotExcutable(['php', 'html']);
$validator->extensionIsNotExcutable();
}

public function testFailsExtensionIsNotExcutableWithExtensionsEndsWithHtml()
Expand All @@ -201,7 +213,7 @@ public function testFailsExtensionIsValidWithSpecialCharacters()

$this->expectException(InvalidExtensionException::class);

$validator->extensionIsValid();
$validator->extensionIsValid([]);
}

public function testPassesSizeIsLowerThanConfiguredMaximum()
Expand Down

0 comments on commit 93c9970

Please sign in to comment.