Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
typo3
qfq
Commits
af589236
Commit
af589236
authored
Mar 29, 2019
by
Carsten Rose
Browse files
Refs #5103. Upload any file type: *, *.* or */*
parent
2632c4a2
Pipeline
#1793
passed with stage
in 2 minutes
Changes
3
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
extension/Documentation/Manual.rst
View file @
af589236
...
...
@@ -3676,16 +3676,16 @@ See also `downloadButton`_ to offer a download of an uploaded file.
* *accept* = `
<mime
type
>
,image/*,video/*,audio/*,.doc,.docx,.pdf`
* List of mime types (also known as 'media types'): http://www.iana.org/assignments/media-types/media-types.xhtml
* If none is specified, 'application/pdf' is set. This forces that always (!) one type is specified.
* To allow any type, specify ``*`` or ``*.*``
* If none
mime type
is specified, 'application/pdf' is set. This forces that always (!) one type is specified.
* To allow any type, specify ``*`` or
``*/*`` or
``*.*``
.
* One or more media types might be specified, separated by ','.
* Different browser respect the given definitions in different ways. Typically the 'file choose' dialog offer:
* the specified mime type (some browers only show 'custom', if more than one mime type is given),
* the option 'All files' (the user is always free to **try** to upload other filetypes) - but the server won't accept them,
* the option 'All files' (the user is always free to **try** to upload other file
types) - but the server won't accept them,
* the 'file choose' dialog only offers files of the selected (in the dialog) type.
* If for a specific filetype is no mime type available, the definition of file extension(s) is possible. This is **less
* If for a specific file
type is no mime type available, the definition of file extension(s) is possible. This is **less
secure**, cause there is no *content* check on the server after the upload.
* *maxFileSize* = `
<size>
` - max filesize in bytes (no unit), kilobytes (k/K) or megabytes (m/M) for an uploaded file.
...
...
extension/Source/core/AbstractBuildForm.php
View file @
af589236
...
...
@@ -697,7 +697,7 @@ abstract class AbstractBuildForm {
$storeUse
=
str_replace
(
STORE_TABLE_DEFAULT
,
''
,
$storeUse
);
// Remove STORE_DEFAULT
}
// Retrieve value via FSRVD
$sanitizeClass
=
(
$mode
==
FORM_UPDATE
)
?
SANITIZE_ALLOW_ALL
:
$formElement
[
FE_CHECK_TYPE
];
$sanitizeClass
=
(
$mode
==
FORM_UPDATE
)
?
SANITIZE_ALLOW_ALL
:
$formElement
[
FE_CHECK_TYPE
];
$value
=
$this
->
store
->
getVar
(
$name
,
$storeUse
,
$sanitizeClass
,
$foundInStore
);
}
...
...
@@ -3033,7 +3033,7 @@ abstract class AbstractBuildForm {
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
=
'image/*'
;
}
if
(
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
==
'*'
||
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
==
'*.*'
)
{
if
(
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
==
'*'
||
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
==
'*.*'
||
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
==
'*/*'
)
{
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
=
''
;
}
...
...
@@ -3047,14 +3047,16 @@ abstract class AbstractBuildForm {
$arr
[
CLIENT_PAGE_ID
]
=
'fake'
;
$arr
[
EXISTING_PATH_FILE_NAME
]
=
$value
;
$arr
[
FE_FILE_MIME_TYPE_ACCEPT
]
=
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
];
// Check Safari Bug #5578: in case Safari (Mac OS X or iOS) loads an 'upload element' with more than one file type, fall back to 'no preselection'.
// Still do the file type check on the server side!
if
(
strpos
(
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
],
','
)
!==
false
)
{
$ua
=
$this
->
store
->
getVar
(
'HTTP_USER_AGENT'
,
STORE_CLIENT
,
SANITIZE_ALLOW_ALNUMX
);
// Look for " Version/11.0 Mobile/15A5370a Safari/" or " Version/9.0.2 Safari/"
$rc
=
preg_match
(
'; Version/.*Safari/;'
,
$ua
,
$matches
);
// But not like " Version/4.0 Chrome/52.0.2743.98 Safari/"
if
(
$rc
==
1
&&
false
===
strpos
(
$matches
[
0
],
' Chrome/'
))
{
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
=
''
;
$formElement
[
FE_FILE_MIME_TYPE_ACCEPT
]
=
''
;
// This only fakes the upload dialog. But the server file type check is still active due to $arr[FE_FILE_MIME_TYPE_ACCEPT]
}
}
...
...
extension/Source/core/File.php
View file @
af589236
...
...
@@ -138,10 +138,8 @@ class File {
$this
->
checkMaxFileSize
(
$statusUpload
[
'size'
]);
$accept
=
$this
->
store
->
getVar
(
FE_FILE_MIME_TYPE_ACCEPT
,
STORE_SIP
);
if
(
!
(
$accept
==
''
||
$accept
==
'*.*'
||
$accept
==
'*'
))
{
if
(
!
HelperFile
::
checkFileType
(
$statusUpload
[
'tmp_name'
],
$statusUpload
[
'name'
],
$accept
))
{
throw
new
UserFormException
(
'Filetype not allowed. Allowed: '
.
$accept
,
ERROR_UPLOAD_FILE_TYPE
);
}
if
(
$accept
!=
''
&&
!
HelperFile
::
checkFileType
(
$statusUpload
[
'tmp_name'
],
$statusUpload
[
'name'
],
$accept
))
{
throw
new
UserFormException
(
'Filetype not allowed. Allowed: '
.
$accept
,
ERROR_UPLOAD_FILE_TYPE
);
}
// rename uploaded file: ?.cached
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment