summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authoremkael <emkael@tlen.pl>2016-04-06 10:48:28 +0200
committeremkael <emkael@tlen.pl>2016-04-06 10:48:28 +0200
commiteb4b028469dc10ee4fd37a161606ccb11b880225 (patch)
treebb3b28a6b3b96c4ad5b12df8586fd82d6511ae59 /app
parent6355c02d7595082a4ea6bf0e151ddfb517a0f25e (diff)
* T*FileUpload controls with server-side MIME check
Diffstat (limited to 'app')
-rw-r--r--app/php/components/SafeActiveFileUpload.php12
-rw-r--r--app/php/components/SafeFileUpload.php34
2 files changed, 46 insertions, 0 deletions
diff --git a/app/php/components/SafeActiveFileUpload.php b/app/php/components/SafeActiveFileUpload.php
new file mode 100644
index 0000000..9b8e2a8
--- /dev/null
+++ b/app/php/components/SafeActiveFileUpload.php
@@ -0,0 +1,12 @@
+<?php
+
+Prado::using('System.Web.UI.ActiveControls.TActiveFileUpload');
+Prado::using('Application.components.SafeFileUpload');
+
+class SafeActiveFileUpload extends TActiveFileUpload {
+
+ use MimeTypeCheckForFileUpload;
+
+}
+
+?>
diff --git a/app/php/components/SafeFileUpload.php b/app/php/components/SafeFileUpload.php
new file mode 100644
index 0000000..98e120a
--- /dev/null
+++ b/app/php/components/SafeFileUpload.php
@@ -0,0 +1,34 @@
+<?php
+
+class SafeFileUpload extends TFileUpload {
+
+ use MimeTypeCheckForFileUpload;
+
+}
+
+trait MimeTypeCheckForFileUpload {
+
+ protected $_isSecure = TRUE;
+
+ public function getIsSecure() {
+ return $this->_isSecure;
+ }
+
+ public function setIsSecure($bool) {
+ $this->_isSecure = $bool;
+ }
+
+ public function getFileType() {
+ $type = parent::getFileType();
+ if ($this->getIsSecure()) {
+ $fileInfo = new finfo(FILEINFO_MIME_TYPE);
+ return $fileInfo->file($this->getLocalName());
+ }
+ else {
+ return $type;
+ }
+ }
+
+}
+
+?>