Commit af589236 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Refs #5103. Upload any file type: *, *.* or */*

parent 2632c4a2
Pipeline #1793 passed with stage
in 2 minutes
......@@ -3676,16 +3676,16 @@ See also `downloadButton`_ to offer a download of an uploaded file.
* *accept* = `<mime type>,image/*,video/*,audio/*,.doc,.docx,.pdf`
* List of mime types (also known as 'media types'): http://www.iana.org/assignments/media-types/media-types.xhtml
* If none is specified, 'application/pdf' is set. This forces that always (!) one type is specified.
* To allow any type, specify ``*`` or ``*.*``
* If none mime type is specified, 'application/pdf' is set. This forces that always (!) one type is specified.
* To allow any type, specify ``*`` or ``*/*`` or ``*.*``.
* One or more media types might be specified, separated by ','.
* Different browser respect the given definitions in different ways. Typically the 'file choose' dialog offer:
* the specified mime type (some browers only show 'custom', if more than one mime type is given),
* the option 'All files' (the user is always free to **try** to upload other filetypes) - but the server won't accept them,
* the option 'All files' (the user is always free to **try** to upload other file types) - but the server won't accept them,
* the 'file choose' dialog only offers files of the selected (in the dialog) type.
* If for a specific filetype is no mime type available, the definition of file extension(s) is possible. This is **less
* If for a specific file type is no mime type available, the definition of file extension(s) is possible. This is **less
secure**, cause there is no *content* check on the server after the upload.
* *maxFileSize* = `<size>` - max filesize in bytes (no unit), kilobytes (k/K) or megabytes (m/M) for an uploaded file.
......
......@@ -697,7 +697,7 @@ abstract class AbstractBuildForm {
$storeUse = str_replace(STORE_TABLE_DEFAULT, '', $storeUse); // Remove STORE_DEFAULT
}
// Retrieve value via FSRVD
$sanitizeClass=($mode == FORM_UPDATE) ? SANITIZE_ALLOW_ALL : $formElement[FE_CHECK_TYPE];
$sanitizeClass = ($mode == FORM_UPDATE) ? SANITIZE_ALLOW_ALL : $formElement[FE_CHECK_TYPE];
$value = $this->store->getVar($name, $storeUse, $sanitizeClass, $foundInStore);
}
......@@ -3033,7 +3033,7 @@ abstract class AbstractBuildForm {
$formElement[FE_FILE_MIME_TYPE_ACCEPT] = 'image/*';
}
if ($formElement[FE_FILE_MIME_TYPE_ACCEPT] == '*' || $formElement[FE_FILE_MIME_TYPE_ACCEPT] == '*.*') {
if ($formElement[FE_FILE_MIME_TYPE_ACCEPT] == '*' || $formElement[FE_FILE_MIME_TYPE_ACCEPT] == '*.*' || $formElement[FE_FILE_MIME_TYPE_ACCEPT] == '*/*') {
$formElement[FE_FILE_MIME_TYPE_ACCEPT] = '';
}
......@@ -3047,14 +3047,16 @@ abstract class AbstractBuildForm {
$arr[CLIENT_PAGE_ID] = 'fake';
$arr[EXISTING_PATH_FILE_NAME] = $value;
$arr[FE_FILE_MIME_TYPE_ACCEPT] = $formElement[FE_FILE_MIME_TYPE_ACCEPT];
// Check Safari Bug #5578: in case Safari (Mac OS X or iOS) loads an 'upload element' with more than one file type, fall back to 'no preselection'.
// Still do the file type check on the server side!
if (strpos($formElement[FE_FILE_MIME_TYPE_ACCEPT], ',') !== false) {
$ua = $this->store->getVar('HTTP_USER_AGENT', STORE_CLIENT, SANITIZE_ALLOW_ALNUMX);
// Look for " Version/11.0 Mobile/15A5370a Safari/" or " Version/9.0.2 Safari/"
$rc = preg_match('; Version/.*Safari/;', $ua, $matches);
// But not like " Version/4.0 Chrome/52.0.2743.98 Safari/"
if ($rc == 1 && false === strpos($matches[0], ' Chrome/')) {
$formElement[FE_FILE_MIME_TYPE_ACCEPT] = '';
$formElement[FE_FILE_MIME_TYPE_ACCEPT] = ''; // This only fakes the upload dialog. But the server file type check is still active due to $arr[FE_FILE_MIME_TYPE_ACCEPT]
}
}
......
......@@ -138,10 +138,8 @@ class File {
$this->checkMaxFileSize($statusUpload['size']);
$accept = $this->store->getVar(FE_FILE_MIME_TYPE_ACCEPT, STORE_SIP);
if (!($accept == '' || $accept == '*.*' || $accept == '*')) {
if (!HelperFile::checkFileType($statusUpload['tmp_name'], $statusUpload['name'], $accept)) {
throw new UserFormException('Filetype not allowed. Allowed: ' . $accept, ERROR_UPLOAD_FILE_TYPE);
}
if ($accept != '' && !HelperFile::checkFileType($statusUpload['tmp_name'], $statusUpload['name'], $accept)) {
throw new UserFormException('Filetype not allowed. Allowed: ' . $accept, ERROR_UPLOAD_FILE_TYPE);
}
// rename uploaded file: ?.cached
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment