* T*FileUpload controls with server-side MIME check

author: emkael <emkael@tlen.pl> 2016-04-06 10:48:28 +0200
committer: emkael <emkael@tlen.pl> 2016-04-06 10:48:28 +0200
commit: eb4b028469dc10ee4fd37a161606ccb11b880225 (patch)
tree: bb3b28a6b3b96c4ad5b12df8586fd82d6511ae59 /app/php
parent: 6355c02d7595082a4ea6bf0e151ddfb517a0f25e (diff)
2 files changed, 46 insertions, 0 deletions
diff --git a/app/php/components/SafeActiveFileUpload.php b/app/php/components/SafeActiveFileUpload.php
new file mode 100644
index 0000000..9b8e2a8
--- /dev/null
+++ b/app/php/components/SafeActiveFileUpload.php
@@ -0,0 +1,12 @@
+<?php
+
+Prado::using('System.Web.UI.ActiveControls.TActiveFileUpload');
+Prado::using('Application.components.SafeFileUpload');
+
+class SafeActiveFileUpload extends TActiveFileUpload {
+
+    use MimeTypeCheckForFileUpload;
+
+}
+
+?>
diff --git a/app/php/components/SafeFileUpload.php b/app/php/components/SafeFileUpload.php
new file mode 100644
index 0000000..98e120a
--- /dev/null
+++ b/app/php/components/SafeFileUpload.php
@@ -0,0 +1,34 @@
+<?php
+
+class SafeFileUpload extends TFileUpload {
+
+    use MimeTypeCheckForFileUpload;
+
+}
+
+trait MimeTypeCheckForFileUpload {
+
+    protected $_isSecure = TRUE;
+
+    public function getIsSecure() {
+        return $this->_isSecure;
+    }
+
+    public function setIsSecure($bool) {
+        $this->_isSecure = $bool;
+    }
+
+    public function getFileType() {
+        $type = parent::getFileType();
+        if ($this->getIsSecure()) {
+            $fileInfo = new finfo(FILEINFO_MIME_TYPE);
+            return $fileInfo->file($this->getLocalName());
+        }
+        else {
+            return $type;
+        }
+    }
+
+}
+
+?>
author	emkael <emkael@tlen.pl>	2016-04-06 10:48:28 +0200
committer	emkael <emkael@tlen.pl>	2016-04-06 10:48:28 +0200
commit	eb4b028469dc10ee4fd37a161606ccb11b880225 (patch)
tree	bb3b28a6b3b96c4ad5b12df8586fd82d6511ae59 /app/php
parent	6355c02d7595082a4ea6bf0e151ddfb517a0f25e (diff)