From 2d20f3a91b0ab98f7024942efb834851bfd5cf9d Mon Sep 17 00:00:00 2001
From: Seamus Lee <seamuslee001@gmail.com>
Date: Sun, 3 Mar 2019 12:14:16 +1100
Subject: [PATCH] Resolve security/core#45 by validating the mimeType of the
 file with the supplied mime-type

---
 CRM/Core/Page/File.php | 5 +++++
 CRM/Utils/File.php     | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/CRM/Core/Page/File.php b/CRM/Core/Page/File.php
index 362e3d1616..b5a9ea7f18 100644
--- a/CRM/Core/Page/File.php
+++ b/CRM/Core/Page/File.php
@@ -74,6 +74,11 @@ class CRM_Core_Page_File extends CRM_Core_Page {
       CRM_Core_Error::statusBounce('Could not retrieve the file');
     }
 
+    $testMimeType = CRM_Utils_File::getMimeType($path);
+    if ($testMimeType != $mimeType) {
+      throw new CRM_Core_Exception("Supplied Mime Type does not match file Mime Type");
+    }
+
     $buffer = file_get_contents($path);
     if (!$buffer) {
       CRM_Core_Error::statusBounce('The file is either empty or you do not have permission to retrieve the file');
diff --git a/CRM/Utils/File.php b/CRM/Utils/File.php
index b51905f714..cf3a277bb4 100644
--- a/CRM/Utils/File.php
+++ b/CRM/Utils/File.php
@@ -1066,4 +1066,13 @@ HTACCESS;
     return FALSE;
   }
 
+  /**
+   * Get the Mime-Type of a file based on the url path
+   * @param string $path full filename path
+   * @return string|bool
+   */
+  public function getMimeType($path = NULL) {
+    return mime_content_type($path);
+  }
+
 }
-- 
2.25.1