fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-01 08:12:17 +09:00
Code Issues Projects Releases Packages Wiki Activity

XEVE-19-001, XEVE-19-003, XEVE-19-006

Browse source 
xpressengine/xe-core@18ec8078eb
This commit is contained in:
Kijin Sung 2019-05-04 17:36:41 +09:00
parent 880ae97e31
commit 70108f858d
9 changed files with 86 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

47
common/framework/filters/filecontentfilter.php
View file

@ -7,6 +7,11 @@ namespace Rhymix\Framework\Filters;
*/
class FileContentFilter
{
/**
* Fileinfo instance cache
*/
protected static $_finfo = null;
/**
* Generic checker
*
@ -28,8 +33,9 @@ class FileContentFilter
return false;
}
// Get the extension.
// Get the extension and MIME type.
$ext = $filename ? strtolower(substr(strrchr($filename, '.'), 1)) : '';
$mime_type = self::_getMimetype($file, true);
// Check the first 4KB of the file for possible XML content.
$fp = fopen($file, 'rb');
@ -43,6 +49,20 @@ class FileContentFilter
return false;
}
// Check other image files.
if (in_array($ext, array('jpg', 'jpeg', 'png', 'gif')) && $mime_type !== false && $mime_type !== 'image')
{
fclose($fp);
return false;
}
// Check audio and video files.
if (preg_match('/(wm[va]|mpe?g|avi|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/', $file) && $mime_type !== false && $mime_type !== 'audio' && $mime_type !== 'video')
{
fclose($fp);
return false;
}
// Check XML files.
if (($ext === 'xml' || $is_xml) && !self::_checkXML($fp, 0, $filesize))
{
@ -149,4 +169,29 @@ class FileContentFilter
}
return false;
}
/**
* Attempt to detect the MIME type of a file.
*
* @param string $file Path of file to check
* @param bool $trim_subtype Whether to remove the subtype from the return value
* @return string|false
*/
protected static function _getMimetype($file, $trim_subtype = false)
{
if (!class_exists('finfo'))
{
return false;
}
if (!self::$_finfo)
{
self::$_finfo = new \finfo(FILEINFO_MIME_TYPE);
}
$mime_type = self::$_finfo->file($file);
if ($trim_subtype)
{
$mime_type = strstr($mime_type, '/', true);
}
return $mime_type;
}
}