From 430858da978f7a5ee4e33e8f4e91a9fe85676893 Mon Sep 17 00:00:00 2001 From: Seamus Lee Date: Sat, 30 Mar 2019 10:34:47 +1100 Subject: [PATCH] Strength mime checking by comparing mime-type to the file path mime-type if we have entity_id and file id otherwise only permit image mime_types to be accepted if going via the filename route Ensure mimetype is set in the case where we are passing it through and its valid Remove Whitelisting of mime-types as not useful and only check mime-types if we have had one passed in --- CRM/Core/Page/File.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/CRM/Core/Page/File.php b/CRM/Core/Page/File.php index b5a9ea7f18..57ffc9b8ec 100644 --- a/CRM/Core/Page/File.php +++ b/CRM/Core/Page/File.php @@ -68,15 +68,23 @@ class CRM_Core_Page_File extends CRM_Core_Page { $mimeType = ''; $path = CRM_Core_Config::singleton()->customFileUploadDir . $fileName; } - $mimeType = CRM_Utils_Request::retrieveValue('mime-type', 'String', $mimeType, FALSE); + $passedInMimeType = CRM_Utils_Request::retrieveValue('mime-type', 'String', $mimeType, FALSE); if (!$path) { CRM_Core_Error::statusBounce('Could not retrieve the file'); } - - $testMimeType = CRM_Utils_File::getMimeType($path); - if ($testMimeType != $mimeType) { - throw new CRM_Core_Exception("Supplied Mime Type does not match file Mime Type"); + if (!empty($mimeType) && !empty($passedInMimeType)) { + if ($passedInMimeType != $mimeType) { + throw new CRM_Core_Exception("Supplied Mime Type does not match file Mime Type"); + } + } + elseif (!empty($passedInMimeType)) { + $testMimeType = CRM_Utils_File::getMimeType($path); + if ($testMimeType != $passedInMimeType) { + throw new CRM_Core_Exception("Supplied Mime Type does not match file Mime Type"); + } + // Now that we have ensured that the mime-type matches to what we believe is the mime-type of the file + $mimeType = $passedInMimeType; } $buffer = file_get_contents($path); -- 2.25.1