màj
This commit is contained in:
@@ -20,11 +20,13 @@ use Grav\Common\Security;
|
||||
use Grav\Common\Utils;
|
||||
use Grav\Framework\Filesystem\Filesystem;
|
||||
use Grav\Framework\Form\FormFlashFile;
|
||||
use Grav\Framework\Mime\MimeTypes;
|
||||
use Psr\Http\Message\UploadedFileInterface;
|
||||
use RocketTheme\Toolbox\File\YamlFile;
|
||||
use RocketTheme\Toolbox\ResourceLocator\UniformResourceLocator;
|
||||
use RuntimeException;
|
||||
use function dirname;
|
||||
use function in_array;
|
||||
|
||||
/**
|
||||
* Implements media upload and delete functionality.
|
||||
@@ -179,16 +181,20 @@ trait MediaUploadTrait
|
||||
}
|
||||
}
|
||||
|
||||
$grav = Grav::instance();
|
||||
/** @var MimeTypes $mimeChecker */
|
||||
$mimeChecker = $grav['mime'];
|
||||
|
||||
// Handle Accepted file types. Accept can only be mime types (image/png | image/*) or file extensions (.pdf | .jpg)
|
||||
$accepted = false;
|
||||
$errors = [];
|
||||
// Do not trust mime type sent by the browser.
|
||||
$mime = Utils::getMimeByFilename($filename);
|
||||
$mimeTest = $metadata['mime'] ?? $mime;
|
||||
if ($mime !== $mimeTest) {
|
||||
$mime = $metadata['mime'] ?? $mimeChecker->getMimeType($extension);
|
||||
$validExtensions = $mimeChecker->getExtensions($mime);
|
||||
if (!in_array($extension, $validExtensions, true)) {
|
||||
throw new RuntimeException('The mime type does not match to file extension', 400);
|
||||
}
|
||||
|
||||
$accepted = false;
|
||||
$errors = [];
|
||||
foreach ((array)$settings['accept'] as $type) {
|
||||
// Force acceptance of any file when star notation
|
||||
if ($type === '*') {
|
||||
@@ -418,6 +424,17 @@ trait MediaUploadTrait
|
||||
$uploadedFile->moveTo($filepath);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get upload settings.
|
||||
*
|
||||
* @param array|null $settings Form field specific settings (override).
|
||||
* @return array
|
||||
*/
|
||||
public function getUploadSettings(?array $settings = null): array
|
||||
{
|
||||
return null !== $settings ? $settings + $this->_upload_defaults : $this->_upload_defaults;
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal logic to copy file.
|
||||
*
|
||||
@@ -604,17 +621,6 @@ trait MediaUploadTrait
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get upload settings.
|
||||
*
|
||||
* @param array|null $settings Form field specific settings (override).
|
||||
* @return array
|
||||
*/
|
||||
protected function getUploadSettings(?array $settings = null): array
|
||||
{
|
||||
return null !== $settings ? $settings + $this->_upload_defaults : $this->_upload_defaults;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $filename
|
||||
* @param string $path
|
||||
|
||||
Reference in New Issue
Block a user