Skip to content

Commit

Permalink
Merge branch 'features' of github.com:getkirby/kirby into features
Browse files Browse the repository at this point in the history
  • Loading branch information
bastianallgeier committed Dec 10, 2020
2 parents 05404af + 3397ee6 commit c16c44b
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 7 deletions.
14 changes: 11 additions & 3 deletions src/Cms/FileRules.php
Original file line number Diff line number Diff line change
Expand Up @@ -202,15 +202,23 @@ public static function validExtension(File $file, string $extension): bool
* Validates the extension, MIME type and filename
*
* @param \Kirby\Cms\File $file
* @param string|null $mime If not passed, the MIME type is detected from the file
* @param string|null|false $mime If not passed, the MIME type is detected from the file,
* if `false`, the MIME type is not validated for performance reasons
* @return bool
* @throws \Kirby\Exception\InvalidArgumentException If the extension, MIME type or filename is missing or forbidden
*/
public static function validFile(File $file, ?string $mime = null): bool
public static function validFile(File $file, $mime = null): bool
{
if ($mime === false) {
// request to skip the MIME check for performance reasons
$validMime = true;
} else {
$validMime = static::validMime($file, $mime ?? $file->mime());
}

return
$validMime &&
static::validExtension($file, $file->extension()) &&
static::validMime($file, $mime ?? $file->mime()) &&
static::validFilename($file, $file->filename());
}

Expand Down
2 changes: 1 addition & 1 deletion src/Cms/Media.php
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public static function link(Model $model = null, string $hash, string $filename)
public static function publish(File $file, string $dest): bool
{
// never publish risky files (e.g. HTML, PHP or Apache config files)
FileRules::validFile($file);
FileRules::validFile($file, false);

$src = $file->root();
$version = dirname($dest);
Expand Down
24 changes: 21 additions & 3 deletions tests/Cms/Files/FileRulesTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -245,9 +245,9 @@ public function fileProvider()
['.gitignore', 'gitignore', 'application/x-git', false, 'You are not allowed to upload invisible files'],

// rule order
['.test.htm', 'htm', 'application/php', false, 'The extension "htm" is not allowed'],
['.test.htm', 'jpg', 'application/php', false, 'You are not allowed to upload PHP files'],
['.test.htm', 'jpg', 'text/plain', false, 'You are not allowed to upload invisible files'],
['.test.jpg', 'jpg', 'application/php', false, 'You are not allowed to upload PHP files'],
['.test.htm', 'htm', 'text/plain', false, 'The extension "htm" is not allowed'],
['.test.jpg', 'jpg', 'text/plain', false, 'You are not allowed to upload invisible files'],
];
}

Expand Down Expand Up @@ -275,6 +275,24 @@ public function testValidFile($filename, $extension, $mime, $expected, $message
$this->assertTrue($result);
}

public function testValidFileSkipMime()
{
$file = $this->getMockBuilder(File::class)
->disableOriginalConstructor()
->onlyMethods(['filename', 'extension'])
->addMethods(['mime'])
->getMock();
$file->method('filename')->willReturn('test.jpg');
$file->method('extension')->willReturn('jpg');
$file->method('mime')->willReturn('text/html');

$this->assertTrue(FileRules::validFile($file, false));

$this->expectException('Kirby\Exception\InvalidArgumentException');
$this->expectExceptionMessage('The media type "text/html" is not allowed');
$this->assertTrue(FileRules::validFile($file));
}

public function filenameProvider()
{
return [
Expand Down

0 comments on commit c16c44b

Please sign in to comment.