fix: validate icons to be images (#1167)
This commit is contained in:
parent
7d016cdaa6
commit
5d67f570a9
|
@ -109,3 +109,21 @@ function className($name)
|
||||||
{
|
{
|
||||||
return preg_replace('/[^\p{L}\p{N}]/u', '', $name);
|
return preg_replace('/[^\p{L}\p{N}]/u', '', $name);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $file
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
function isImage(string $file):bool
|
||||||
|
{
|
||||||
|
$tempFileName = tempnam("/tmp", "image-check-");
|
||||||
|
$handle = fopen($tempFileName, "w");
|
||||||
|
|
||||||
|
fwrite($handle, $file);
|
||||||
|
|
||||||
|
$size = @getimagesize($tempFileName);
|
||||||
|
|
||||||
|
fclose($handle);
|
||||||
|
|
||||||
|
return is_array($size) && str_starts_with($size['mime'], 'image');
|
||||||
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@ use Illuminate\Routing\Redirector;
|
||||||
use Illuminate\Support\Facades\Log;
|
use Illuminate\Support\Facades\Log;
|
||||||
use Illuminate\Support\Facades\Storage;
|
use Illuminate\Support\Facades\Storage;
|
||||||
use Illuminate\Support\Facades\URL;
|
use Illuminate\Support\Facades\URL;
|
||||||
|
use Illuminate\Validation\ValidationException;
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\StreamInterface;
|
use Psr\Http\Message\StreamInterface;
|
||||||
|
|
||||||
|
@ -203,6 +204,7 @@ class ItemController extends Controller
|
||||||
$validatedData = $request->validate([
|
$validatedData = $request->validate([
|
||||||
'title' => 'required|max:255',
|
'title' => 'required|max:255',
|
||||||
'url' => 'required',
|
'url' => 'required',
|
||||||
|
'file' => 'image'
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if ($request->hasFile('file')) {
|
if ($request->hasFile('file')) {
|
||||||
|
@ -219,6 +221,10 @@ class ItemController extends Controller
|
||||||
);
|
);
|
||||||
$contents = file_get_contents($request->input('icon'), false, stream_context_create($options));
|
$contents = file_get_contents($request->input('icon'), false, stream_context_create($options));
|
||||||
|
|
||||||
|
if (!isImage($contents)) {
|
||||||
|
throw ValidationException::withMessages(['file' => 'Icon must be an image.']);
|
||||||
|
}
|
||||||
|
|
||||||
if ($application) {
|
if ($application) {
|
||||||
$icon = $application->icon;
|
$icon = $application->icon;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -77,6 +77,10 @@ class SettingsController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($setting->type === 'image') {
|
if ($setting->type === 'image') {
|
||||||
|
$validatedData = $request->validate([
|
||||||
|
'value' => 'image'
|
||||||
|
]);
|
||||||
|
|
||||||
if (!$request->hasFile('value')) {
|
if (!$request->hasFile('value')) {
|
||||||
throw new \Exception(
|
throw new \Exception(
|
||||||
'file_too_big'
|
'file_too_big'
|
||||||
|
|
|
@ -57,6 +57,7 @@ class TagController extends Controller
|
||||||
{
|
{
|
||||||
$validatedData = $request->validate([
|
$validatedData = $request->validate([
|
||||||
'title' => 'required|max:255',
|
'title' => 'required|max:255',
|
||||||
|
'file' => 'image'
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if ($request->hasFile('file')) {
|
if ($request->hasFile('file')) {
|
||||||
|
@ -129,6 +130,7 @@ class TagController extends Controller
|
||||||
{
|
{
|
||||||
$validatedData = $request->validate([
|
$validatedData = $request->validate([
|
||||||
'title' => 'required|max:255',
|
'title' => 'required|max:255',
|
||||||
|
'file' => 'image'
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if ($request->hasFile('file')) {
|
if ($request->hasFile('file')) {
|
||||||
|
|
|
@ -62,7 +62,7 @@ class UserController extends Controller
|
||||||
'email' => 'required|email',
|
'email' => 'required|email',
|
||||||
'password' => 'nullable|confirmed',
|
'password' => 'nullable|confirmed',
|
||||||
'password_confirmation' => 'nullable',
|
'password_confirmation' => 'nullable',
|
||||||
|
'file' => 'image'
|
||||||
]);
|
]);
|
||||||
$user = new User;
|
$user = new User;
|
||||||
$user->username = $request->input('username');
|
$user->username = $request->input('username');
|
||||||
|
@ -129,6 +129,7 @@ class UserController extends Controller
|
||||||
'email' => 'required|email',
|
'email' => 'required|email',
|
||||||
'password' => 'nullable|confirmed',
|
'password' => 'nullable|confirmed',
|
||||||
'password_confirmation' => 'nullable',
|
'password_confirmation' => 'nullable',
|
||||||
|
'file' => 'image'
|
||||||
]);
|
]);
|
||||||
//die(print_r($request->all()));
|
//die(print_r($request->all()));
|
||||||
|
|
||||||
|
|
42
tests/Unit/helpers/IsImageTest.php
Normal file
42
tests/Unit/helpers/IsImageTest.php
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Unit\helpers;
|
||||||
|
|
||||||
|
use Tests\TestCase;
|
||||||
|
|
||||||
|
class IsImageTest extends TestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function test_isImage_returns_false_when_file_is_not_image()
|
||||||
|
{
|
||||||
|
$actual = isImage("<?php ?>");
|
||||||
|
|
||||||
|
$this->assertFalse($actual);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function test_isImage_returns_true_when_file_is_image()
|
||||||
|
{
|
||||||
|
$file = file_get_contents(__DIR__ . '/fixtures/heimdall-icon-small.png');
|
||||||
|
|
||||||
|
$actual = isImage($file);
|
||||||
|
|
||||||
|
$this->assertTrue($actual);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function test_isImage_returns_false_when_file_is_php_but_png()
|
||||||
|
{
|
||||||
|
$file = file_get_contents(__DIR__ . '/fixtures/heimdall-icon-small-php.php');
|
||||||
|
|
||||||
|
$actual = isImage($file);
|
||||||
|
|
||||||
|
$this->assertTrue($actual);
|
||||||
|
}
|
||||||
|
}
|
BIN
tests/Unit/helpers/fixtures/heimdall-icon-small-php.php
Normal file
BIN
tests/Unit/helpers/fixtures/heimdall-icon-small-php.php
Normal file
Binary file not shown.
After Width: | Height: | Size: 5.2 KiB |
BIN
tests/Unit/helpers/fixtures/heimdall-icon-small.png
Normal file
BIN
tests/Unit/helpers/fixtures/heimdall-icon-small.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 5.2 KiB |
Loading…
Reference in a new issue