Stop treating .swf as directly downloadable file

플래시 첨부파일을 본문에 직접 삽입하는 방식에서 다운로드만 가능한 방식에서 변경 file, importer, integration_search 등 모든 모듈에 일관성있게 적용 xpressengine/xe-core#2149
2026-01-04 01:01:41 +09:00 · 2017-10-12 00:29:22 +09:00 · 2017-10-12 00:29:22 +09:00 · 1f9f449fb0
commit 1f9f449fb0
parent 7948059c91
4 changed files with 4 additions and 4 deletions
--- a/common/framework/filters/filenamefilter.php
+++ b/common/framework/filters/filenamefilter.php
@ -94,7 +94,7 @@ class FilenameFilter
 	 */
 	public static function isDirectDownload($filename)
 	{
-		if (preg_match('/\.(as[fx]|avi|flac|flv|gif|jpe?g|m4[av]|midi?|mkv|moov|mov|mp[1234]|mpe?g|ogg|png|qt|ram?|rmm?|swf|wav|web[mp]|wm[av])$/i', $filename))
+		if (preg_match('/\.(as[fx]|avi|flac|flv|gif|jpe?g|m4[av]|midi?|mkv|moov|mov|mp[1234]|mpe?g|ogg|png|qt|ram?|rmm?|wav|web[mp]|wm[av])$/i', $filename))
 		{
 			return true;
 		}
--- a/modules/file/file.controller.php
+++ b/modules/file/file.controller.php
@ -831,7 +831,7 @@ class fileController extends file
 		$file_info['name'] = Rhymix\Framework\Filters\FilenameFilter::clean($file_info['name']);

 		// Set upload path by checking if the attachement is an image or other kinds of file
-		if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
+		if(Rhymix\Framework\Filters\FilenameFilter::isDirectDownload($file_info['name']))
 		{
 			$path = RX_BASEDIR . sprintf("files/attach/images/%s/%s", $module_srl,getNumberingPath($upload_target_srl,3));

--- a/modules/importer/importer.admin.controller.php
+++ b/modules/importer/importer.admin.controller.php
@ -1061,7 +1061,7 @@ class importerAdminController extends importer
 				{
 					$random = new Password();
 					// Set upload path by checking if the attachement is an image or other kind of file
-					if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_obj->source_filename))
+					if(Rhymix\Framework\Filters\FilenameFilter::isDirectDownload($file_obj->source_filename))
 					{
 						// Immediately remove the direct file if it has any kind of extensions for hacking
 						$file_obj->source_filename = preg_replace('/\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_obj->source_filename);
--- a/modules/integration_search/integration_search.model.php
+++ b/modules/integration_search/integration_search.model.php
@ -197,7 +197,7 @@ class integration_searchModel extends module
 				$obj->src = sprintf('<img src="%s" alt="%s" width="%d" height="%d" class="thumb" />', $thumbnail_url, htmlspecialchars($obj->filename, ENT_COMPAT | ENT_HTML401, 'UTF-8', false), 120, 120);
 				// Videos
 			}
-			else if(preg_match('/\.(swf|flv|wmv|avi|mpg|mpeg|asx|asf|mp3)$/i', $val->source_filename))
+			elseif(Rhymix\Framework\Filters\FilenameFilter::isDirectDownload($val->source_filename))
 			{
 				$obj->type = 'multimedia';
 				$obj->src = sprintf('<script>displayMultimedia("%s",80,80);</script>', $val->uploaded_filename);