Page MenuHomePhorge
Differential D4190 Diff 12347 src/app/Backends/Storage.php

Changeset View

Standalone View

View Options

src/app/Backends/Storage.php

Show First 20 LinesShow All 120 Lines▼ Show 20 Lines public static function fileInput($stream, array $params, Item $file = null): array
if ($file->type & Item::TYPE_INCOMPLETE) { if ($file->type & Item::TYPE_INCOMPLETE) {
$file->type -= Item::TYPE_INCOMPLETE; $file->type -= Item::TYPE_INCOMPLETE;
$file->save(); $file->save();
} }
// Update the file type and size information // Update the file type and size information
$file->setProperties([ $file->setProperties([
'size' => $fileSize, 'size' => $fileSize,
'mimetype' => self::mimetype($path), // Pick the client-supplied mimetype if available, otherwise detect.
'mimetype' => !empty($params['mimetype']) ? $params['mimetype'] : self::mimetype($path),
machniakUnsubmitted
Done
Inline Actions

I'm not sure we should trust the client in this. This potentially might become a security issue.

machniak: I'm not sure we should trust the client in this. This potentially might become a security issue.
mollekopfAuthorUnsubmitted
Done
Inline Actions

There may be a security argument to be had, but the client just has better mimetype info in the case of image uploads it seems.

Also, I think generally mimetype info is just file-metadata that the client should supply, because it's just not included in the actual file.
It's possible to derive a mimetype from known file-formats, but it's not generally included.
So for a generic file storage the client *must* supply the mimetype.

Doing security checks such as "you may not supply a file that doesn't match the mime-type" might an interesting enhancement, but I don't think the mimetype deduction logic is currently there, and I think we should do it in a separate step.

mollekopf: There may be a security argument to be had, but the client just has better mimetype info in the…
]); ]);
// Assign the node to the file, "unlink" any old nodes of this file // Assign the node to the file, "unlink" any old nodes of this file
$file->chunks()->delete(); $file->chunks()->delete();
$file->chunks()->create([ $file->chunks()->create([
'chunk_id' => $chunkId, 'chunk_id' => $chunkId,
'sequence' => 0, 'sequence' => 0,
'size' => $fileSize, 'size' => $fileSize,
▲ Show 20 LinesShow All 156 LinesShow Last 20 Lines