From eb4b028469dc10ee4fd37a161606ccb11b880225 Mon Sep 17 00:00:00 2001
From: emkael <emkael@tlen.pl>
Date: Wed, 6 Apr 2016 10:48:28 +0200
Subject:  * T*FileUpload controls with server-side MIME check

---
 app/php/components/SafeActiveFileUpload.php | 12 ++++++++++
 app/php/components/SafeFileUpload.php       | 34 +++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 app/php/components/SafeActiveFileUpload.php
 create mode 100644 app/php/components/SafeFileUpload.php

(limited to 'app/php')

diff --git a/app/php/components/SafeActiveFileUpload.php b/app/php/components/SafeActiveFileUpload.php
new file mode 100644
index 0000000..9b8e2a8
--- /dev/null
+++ b/app/php/components/SafeActiveFileUpload.php
@@ -0,0 +1,12 @@
+<?php
+
+Prado::using('System.Web.UI.ActiveControls.TActiveFileUpload');
+Prado::using('Application.components.SafeFileUpload');
+
+class SafeActiveFileUpload extends TActiveFileUpload {
+
+    use MimeTypeCheckForFileUpload;
+
+}
+
+?>
diff --git a/app/php/components/SafeFileUpload.php b/app/php/components/SafeFileUpload.php
new file mode 100644
index 0000000..98e120a
--- /dev/null
+++ b/app/php/components/SafeFileUpload.php
@@ -0,0 +1,34 @@
+<?php
+
+class SafeFileUpload extends TFileUpload {
+
+    use MimeTypeCheckForFileUpload;
+
+}
+
+trait MimeTypeCheckForFileUpload {
+
+    protected $_isSecure = TRUE;
+
+    public function getIsSecure() {
+        return $this->_isSecure;
+    }
+
+    public function setIsSecure($bool) {
+        $this->_isSecure = $bool;
+    }
+
+    public function getFileType() {
+        $type = parent::getFileType();
+        if ($this->getIsSecure()) {
+            $fileInfo = new finfo(FILEINFO_MIME_TYPE);
+            return $fileInfo->file($this->getLocalName());
+        }
+        else {
+            return $type;
+        }
+    }
+
+}
+
+?>
-- 
cgit v1.2.3