beenull/Heimdall
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

fix: validate icons to be images (#1167)

Browse source
This commit is contained in:
Attila Kerekes 2023-06-05 18:27:30 +02:00 committed by GitHub
parent 7d016cdaa6
commit 5d67f570a9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 74 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
app/Helper.php
View file

@ -109,3 +109,21 @@ function className($name)
{ {
return preg_replace('/[^\p{L}\p{N}]/u', '', $name); return preg_replace('/[^\p{L}\p{N}]/u', '', $name);
} }
/**
* @param string $file
* @return bool
*/
function isImage(string $file):bool
{
$tempFileName = tempnam("/tmp", "image-check-");
$handle = fopen($tempFileName, "w");
fwrite($handle, $file);
$size = @getimagesize($tempFileName);
fclose($handle);
return is_array($size) && str_starts_with($size['mime'], 'image');
}

6
app/Http/Controllers/ItemController.php
View file

@ -18,6 +18,7 @@ use Illuminate\Routing\Redirector;
use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
use Illuminate\Support\Facades\URL; use Illuminate\Support\Facades\URL;
use Illuminate\Validation\ValidationException;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\StreamInterface; use Psr\Http\Message\StreamInterface;
@ -203,6 +204,7 @@ class ItemController extends Controller
$validatedData = $request->validate([ $validatedData = $request->validate([
'title' => 'required|max:255', 'title' => 'required|max:255',
'url' => 'required', 'url' => 'required',
'file' => 'image'
]); ]);
if ($request->hasFile('file')) { if ($request->hasFile('file')) {
@ -219,6 +221,10 @@ class ItemController extends Controller
); );
$contents = file_get_contents($request->input('icon'), false, stream_context_create($options)); $contents = file_get_contents($request->input('icon'), false, stream_context_create($options));
if (!isImage($contents)) {
throw ValidationException::withMessages(['file' => 'Icon must be an image.']);
}
if ($application) { if ($application) {
$icon = $application->icon; $icon = $application->icon;
} else { } else {

4
app/Http/Controllers/SettingsController.php
View file

@ -77,6 +77,10 @@ class SettingsController extends Controller
} }
if ($setting->type === 'image') { if ($setting->type === 'image') {
$validatedData = $request->validate([
'value' => 'image'
]);
if (!$request->hasFile('value')) { if (!$request->hasFile('value')) {
throw new \Exception( throw new \Exception(
'file_too_big' 'file_too_big'

2
app/Http/Controllers/TagController.php
View file

@ -57,6 +57,7 @@ class TagController extends Controller
{ {
$validatedData = $request->validate([ $validatedData = $request->validate([
'title' => 'required|max:255', 'title' => 'required|max:255',
'file' => 'image'
]); ]);
if ($request->hasFile('file')) { if ($request->hasFile('file')) {
@ -129,6 +130,7 @@ class TagController extends Controller
{ {
$validatedData = $request->validate([ $validatedData = $request->validate([
'title' => 'required|max:255', 'title' => 'required|max:255',
'file' => 'image'
]); ]);
if ($request->hasFile('file')) { if ($request->hasFile('file')) {

3
app/Http/Controllers/UserController.php
View file

@ -62,7 +62,7 @@ class UserController extends Controller
'email' => 'required|email', 'email' => 'required|email',
'password' => 'nullable|confirmed', 'password' => 'nullable|confirmed',
'password_confirmation' => 'nullable', 'password_confirmation' => 'nullable',
'file' => 'image'
]); ]);
$user = new User; $user = new User;
$user->username = $request->input('username'); $user->username = $request->input('username');
@ -129,6 +129,7 @@ class UserController extends Controller
'email' => 'required|email', 'email' => 'required|email',
'password' => 'nullable|confirmed', 'password' => 'nullable|confirmed',
'password_confirmation' => 'nullable', 'password_confirmation' => 'nullable',
'file' => 'image'
]); ]);
//die(print_r($request->all())); //die(print_r($request->all()));

42
tests/Unit/helpers/IsImageTest.php Normal file
View file

@ -0,0 +1,42 @@
<?php
namespace Tests\Unit\helpers;
use Tests\TestCase;
class IsImageTest extends TestCase
{
/**
* @return void
*/
public function test_isImage_returns_false_when_file_is_not_image()
{
$actual = isImage("<?php ?>");
$this->assertFalse($actual);
}
/**
* @return void
*/
public function test_isImage_returns_true_when_file_is_image()
{
$file = file_get_contents(__DIR__ . '/fixtures/heimdall-icon-small.png');
$actual = isImage($file);
$this->assertTrue($actual);
}
/**
* @return void
*/
public function test_isImage_returns_false_when_file_is_php_but_png()
{
$file = file_get_contents(__DIR__ . '/fixtures/heimdall-icon-small-php.php');
$actual = isImage($file);
$this->assertTrue($actual);
}
}

BIN
tests/Unit/helpers/fixtures/heimdall-icon-small-php.php Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 5.2 KiB

BIN
tests/Unit/helpers/fixtures/heimdall-icon-small.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 5.2 KiB