Changed upload to detect unrecognized files so that it doesn't just blankly refresh when the type isn't handled

2019-06-14 12:59:58 -05:00 · 2019-06-14 12:59:58 -05:00 · 8950d27d64
commit 8950d27d64
parent 58acb71282
1 changed files with 30 additions and 25 deletions
--- a/ext/upload/main.php
+++ b/ext/upload/main.php
@ -27,7 +27,6 @@ class DataUploadEvent extends Event
    public $merged = false;


-
    /**
     * Some data is being uploaded.
     * This should be caught by a file handler.
@ -49,10 +48,10 @@ class DataUploadEvent extends Event
        if ($config->get_bool("upload_use_mime")) {
            $this->set_type(get_extension_from_mime($tmpname));
        } else {
-            if (array_key_exists('extension', $metadata)&&!empty($metadata['extension'])) {
+            if (array_key_exists('extension', $metadata) && !empty($metadata['extension'])) {
                $this->type = strtolower($metadata['extension']);
            } else {
-                throw new UploadException("Could not determine extension for file ".$metadata["filename"]);
+                throw new UploadException("Could not determine extension for file " . $metadata["filename"]);
            }
        }
    }
@ -130,9 +129,9 @@ class Upload extends Extension
        $sb->position = 10;
        // Output the limits from PHP so the user has an idea of what they can set.
        $sb->add_int_option("upload_count", "Max uploads: ");
-        $sb->add_label("<i>PHP Limit = ".ini_get('max_file_uploads')."</i>");
+        $sb->add_label("<i>PHP Limit = " . ini_get('max_file_uploads') . "</i>");
        $sb->add_shorthand_int_option("upload_size", "<br/>Max size per file: ");
-        $sb->add_label("<i>PHP Limit = ".ini_get('upload_max_filesize')."</i>");
+        $sb->add_label("<i>PHP Limit = " . ini_get('upload_max_filesize') . "</i>");
        $sb->add_choice_option("transload_engine", $tes, "<br/>Transload: ");
        $sb->add_bool_option("upload_tlsource", "<br/>Use transloaded URL as source if none is provided: ");
        $sb->add_bool_option("upload_use_mime", "<br/>Use mime type to determine file types: ");
@ -314,7 +313,7 @@ class Upload extends Extension
     * #param string[] $file
     * #param string[] $tags
     */
-    private function try_upload(array $file, array $tags, ?string $source=null, int $replace=-1): bool
+    private function try_upload(array $file, array $tags, ?string $source = null, int $replace = -1): bool
    {
        global $page;

@ -348,11 +347,14 @@ class Upload extends Extension

                $event = new DataUploadEvent($file['tmp_name'], $metadata);
                send_event($event);
-                $page->add_http_header("X-Shimmie-Image-ID: ".int_escape($event->image_id));
+                if ($event->image_id == -1) {
+                    throw new UploadException("File type not supported: " . $metadata['extension']);
+                }
+                $page->add_http_header("X-Shimmie-Image-ID: " . int_escape($event->image_id));
            } catch (UploadException $ex) {
                $this->theme->display_upload_error(
                    $page,
-                    "Error with ".html_escape($file['name']),
+                    "Error with " . html_escape($file['name']),
                    $ex->getMessage()
                );
                $ok = false;
@ -362,7 +364,7 @@ class Upload extends Extension
        return $ok;
    }

-    private function try_transload(string $url, array $tags, string $source=null, int $replace=-1): bool
+    private function try_transload(string $url, array $tags, string $source = null, int $replace = -1): bool
    {
        global $page, $config, $user;

@ -394,8 +396,8 @@ class Upload extends Extension
        if (!$headers) {
            $this->theme->display_upload_error(
                $page,
-                "Error with ".html_escape($filename),
-                "Error reading from ".html_escape($url)
+                "Error with " . html_escape($filename),
+                "Error reading from " . html_escape($url)
            );
            return false;
        }
@ -403,7 +405,7 @@ class Upload extends Extension
        if (filesize($tmp_filename) == 0) {
            $this->theme->display_upload_error(
                $page,
-                "Error with ".html_escape($filename),
+                "Error with " . html_escape($filename),
                "No data found -- perhaps the site has hotlink protection?"
            );
            $ok = false;
@ -441,10 +443,13 @@ class Upload extends Extension
            try {
                $event = new DataUploadEvent($tmp_filename, $metadata);
                send_event($event);
+                if ($event->image_id == -1) {
+                    throw new UploadException("File type not supported: " . $metadata['extension']);
+                }
            } catch (UploadException $ex) {
                $this->theme->display_upload_error(
                    $page,
-                    "Error with ".html_escape($url),
+                    "Error with " . html_escape($url),
                    $ex->getMessage()
                );
                $ok = false;