Resolve security/core#45 by validating the mimeType of the file with the supplied...

author Seamus Lee <seamuslee001@gmail.com>

Sun, 3 Mar 2019 01:14:16 +0000 (12:14 +1100)

committer Seamus Lee <seamuslee001@gmail.com>

Wed, 15 May 2019 20:25:18 +0000 (06:25 +1000)
author Seamus Lee <seamuslee001@gmail.com>
Sun, 3 Mar 2019 01:14:16 +0000 (12:14 +1100)
committer Seamus Lee <seamuslee001@gmail.com>
Wed, 15 May 2019 20:25:18 +0000 (06:25 +1000)
diff --git a/CRM/Core/Page/File.php b/CRM/Core/Page/File.php

index 362e3d1616869af1ea9b9562eb66e4e3ee99fc1a..b5a9ea7f18b6e993542afbb1c5bfa085bb99653a 100644 (file)
--- a/CRM/Core/Page/File.php
+++ b/CRM/Core/Page/File.php
@@ -74,6 +74,11 @@ class CRM_Core_Page_File extends CRM_Core_Page {
        CRM_Core_Error::statusBounce('Could not retrieve the file');
      }
  
+    $testMimeType = CRM_Utils_File::getMimeType($path);
+    if ($testMimeType != $mimeType) {
+      throw new CRM_Core_Exception("Supplied Mime Type does not match file Mime Type");
+    }
+
      $buffer = file_get_contents($path);
      if (!$buffer) {
        CRM_Core_Error::statusBounce('The file is either empty or you do not have permission to retrieve the file');
diff --git a/CRM/Utils/File.php b/CRM/Utils/File.php

index b51905f71496dfb2ae0e9d56a922130476bd2322..cf3a277bb44144005b15153546c838656244e6b7 100644 (file)
--- a/CRM/Utils/File.php
+++ b/CRM/Utils/File.php
@@ -1066,4 +1066,13 @@ HTACCESS;
      return FALSE;
    }
  
+  /**
+   * Get the Mime-Type of a file based on the url path
+   * @param string $path full filename path
+   * @return string|bool
+   */
+  public function getMimeType($path = NULL) {
+    return mime_content_type($path);
+  }
+
  }
author	Seamus Lee <seamuslee001@gmail.com>
	Sun, 3 Mar 2019 01:14:16 +0000 (12:14 +1100)
committer	Seamus Lee <seamuslee001@gmail.com>
	Wed, 15 May 2019 20:25:18 +0000 (06:25 +1000)
CRM/Core/Page/File.php		patch \| blob \| blame \| history
CRM/Utils/File.php		patch \| blob \| blame \| history