diff --git a/media/tmp/example.webp b/media/tmp/example.webp
new file mode 100644
index 0000000..89e6075
Binary files /dev/null and b/media/tmp/example.webp differ
diff --git a/system/Controllers/MediaApiController.php b/system/Controllers/MediaApiController.php
index 093a425..e7fa13e 100644
--- a/system/Controllers/MediaApiController.php
+++ b/system/Controllers/MediaApiController.php
@@ -126,13 +126,43 @@ class MediaApiController extends ContentController
$this->uri = $request->getUri()->withUserInfo('');
# make sure only allowed filetypes are uploaded
- $finfo = finfo_open( FILEINFO_MIME_TYPE );
- $mtype = finfo_file( $finfo, $this->params['file'] );
- finfo_close( $finfo );
- $allowedMimes = $this->getAllowedMtypes();
- if(!in_array($mtype, $allowedMimes))
+
+
+ if (!isset($this->params['file']))
{
- return $response->withJson(array('errors' => 'File-type is not allowed'));
+ return $response->withJson(['errors' => 'No file found.'],404);
+ }
+
+ $size = (int) (strlen(rtrim($this->params['file'], '=')) * 3 / 4);
+ $extension = pathinfo($this->params['name'], PATHINFO_EXTENSION);
+ $finfo = finfo_open( FILEINFO_MIME_TYPE );
+ $mtype = finfo_file( $finfo, $this->params['file'] );
+ finfo_close( $finfo );
+
+ if ($size === 0)
+ {
+ return $response->withJson(['errors' => 'File is empty.'],422);
+ }
+
+ # 20 MB (1 byte * 1024 * 1024 * 20 (for 20 MB))
+ if ($size > 20971520)
+ {
+ return $response->withJson(['errors' => 'File is bigger than 20MB.'],422);
+ }
+
+ $allowedMimes = $this->getAllowedMtypes();
+
+ if(!isset($allowedMimes[$mtype]))
+ {
+ return $response->withJson(['errors' => 'The mime-type is not allowed'],422);
+ }
+
+ if(
+ (is_array($allowedMimes[$mtype]) && !in_array($allowedMimes[$mtype],$extension)) OR
+ (!is_array($allowedMimes[$mtype]) && $allowedMimes[$mtype] != $extension )
+ )
+ {
+ return $response->withJson(['errors' => 'The file-extension is not allowed or wrong'],422);
}
$fileProcessor = new ProcessFile();
@@ -349,64 +379,100 @@ class MediaApiController extends ContentController
# https://www.sitepoint.com/mime-types-complete-list/
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types
+ # https://wiki.selfhtml.org/wiki/MIME-Type/%C3%9Cbersicht
+ # http://www.mime-type.net/application/x-latex/
private function getAllowedMtypes()
{
return array(
- 'application/zip',
- 'application/gzip',
- 'application/x-gzip',
- 'application/x-compressed',
- 'application/x-zip-compressed',
- 'application/vnd.rar',
- 'application/x-7z-compressed',
- 'application/x-visio',
- 'application/vnd.visio',
- 'application/excel',
- 'application/x-excel',
- 'application/x-msexcel',
- 'application/vnd.ms-excel',
- 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
- 'application/powerpoint',
- 'application/mspowerpoint',
- 'application/x-mspowerpoint',
- 'application/vnd.ms-powerpoint',
- 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
- 'application/msword',
- 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
- 'application/x-project',
- 'application/vnd.ms-project',
- 'application/vnd.apple.keynote',
- 'application/vnd.apple.mpegurl',
- 'application/vnd.apple.numbers',
- 'application/vnd.apple.pages',
- 'application/vnd.amazon.mobi8-ebook',
- 'application/epub+zip',
- 'application/pdf',
- 'application/x-latex',
- 'image/png',
- 'image/jpeg',
- 'image/gif',
- 'image/tiff',
- 'image/x-tiff',
- 'image/svg+xml',
- 'image/x-icon',
- 'text/plain',
- 'application/plain',
- 'text/richtext',
- 'text/vnd.rn-realtext',
- 'application/rtf',
- 'application/x-rtf',
- 'font/*',
- 'audio/mpeg',
- 'audio/mp4',
- 'audio/ogg',
- 'audio/3gpp',
- 'audio/3gpp2',
- 'video/mpeg',
- 'video/mp4',
- 'video/ogg',
- 'video/3gpp',
- 'video/3gpp2',
+ 'application/vnd.oasis.opendocument.chart' => 'odc',
+ 'application/vnd.oasis.opendocument.formula' => 'odf',
+ 'application/vnd.oasis.opendocument.graphics' => 'odg',
+ 'application/vnd.oasis.opendocument.image' => 'odi',
+ 'application/vnd.oasis.opendocument.presentation' => 'odp',
+ 'application/vnd.oasis.opendocument.spreadsheet' => 'ods',
+ 'application/vnd.oasis.opendocument.text' => 'odt',
+ 'application/vnd.oasis.opendocument.text-master' => 'odm',
+
+ 'application/powerpoint' => 'ppt',
+ 'application/mspowerpoint' => ['ppt','ppz','pps','pot'],
+ 'application/x-mspowerpoint' => 'ppt',
+ 'application/vnd.ms-powerpoint' => 'ppt',
+ 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'pptx',
+
+ 'application/x-visio' => ['vsd','vst','msw'],
+ 'application/vnd.visio' => ['vsd','vst','msw'],
+ 'application/x-project' => ['mpc','mpt','mpv','mpx'],
+ 'application/vnd.ms-project' => 'mpp',
+
+ 'application/excel' => ['xla','xlb','xlc','xld','xlk','xll','xlm','xls','xlt','xlv','xlw'],
+ 'application/msexcel' => ['xls','xla'],
+ 'application/x-excel' => ['xla','xlb','xlc','xld','xlk','xll','xlm','xls','xlt','xlv','xlw'],
+ 'application/x-msexcel' => ['xls', 'xla','xlw'],
+ 'application/vnd.ms-excel' => ['xlb','xlc','xll','xlm','xls','xlw'],
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet ' => 'xlsx',
+
+ 'application/mshelp' => ['hlp','chm'],
+ 'application/msword' => ['doc','dot'],
+ 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'docx',
+
+ 'application/vnd.apple.keynote' => 'key',
+ 'application/vnd.apple.numbers' => 'numbers',
+ 'application/vnd.apple.pages' => 'pages',
+
+ 'application/x-latex' => ['ltx','latex'],
+ 'application/pdf' => 'pdf',
+
+ 'application/vnd.amazon.mobi8-ebook' => 'azw3',
+ 'application/x-mobipocket-ebook' => 'mobi',
+ 'application/epub+zip' => 'epub',
+
+ 'application/x-gtar' => 'gtar',
+ 'application/x-tar' => 'tar',
+ 'application/zip' => 'zip',
+ 'application/gzip' => 'gz',
+ 'application/x-gzip' => ['gz', 'gzip'],
+ 'application/x-compressed' => ['gz','tgz','z','zip'],
+ 'application/x-zip-compressed' => 'zip',
+ 'application/vnd.rar' => 'rar',
+ 'application/x-7z-compressed' => '7z',
+
+ 'application/rtf' => 'rtf',
+ 'application/x-rtf' => 'rtf',
+
+ 'text/calendar' => 'ics',
+ 'text/comma-separated-values' => 'csv',
+ 'text/css' => 'css',
+ 'text/plain' => 'txt',
+ 'text/richtext' => 'rtx',
+ 'text/rtf' => 'rtf',
+
+ 'audio/basic' => ['au','snd'],
+ 'audio/mpeg' => 'mp3',
+ 'audio/mp4' => 'mp4',
+ 'audio/ogg' => 'ogg',
+ 'audio/wav' => 'wav',
+ 'audio/x-aiff' => ['aif','aiff','aifc'],
+ 'audio/x-midi' => ['mid','midi'],
+ 'audio/x-mpeg' => 'mp2',
+ 'audio/x-pn-realaudio' => ['ram','ra'],
+
+ 'image/png' => 'png',
+ 'image/jpeg' => ['jpeg','jpe','jpg'],
+ 'image/gif' => 'gif',
+ 'image/tiff' => ['tiff','tif'],
+ 'image/svg+xml' => 'svg',
+ 'image/x-icon' => 'ico',
+ 'image/webp' => 'webp',
+
+ 'video/mpeg' => ['mpeg','mpg','mpe'],
+ 'video/mp4' => 'mp4',
+ 'video/ogg' => ['ogg','ogv'],
+ 'video/quicktime' => ['qt','mov'],
+ 'video/vnd.vivo' => ['viv','vivo'],
+ 'video/webm' => 'webm',
+ 'video/x-msvideo' => 'avi',
+ 'video/x-sgi-movie' => 'movie',
+ 'video/3gpp' => '3gp',
);
}
}
\ No newline at end of file
diff --git a/system/author/js/vue-blox.js b/system/author/js/vue-blox.js
index ad73202..dfdf8ad 100644
--- a/system/author/js/vue-blox.js
+++ b/system/author/js/vue-blox.js
@@ -94,7 +94,6 @@ const contentComponent = Vue.component('content-block', {
this.edit = true;
this.unsafed = true;
this.compmarkdown = $event;
- console.info(this.compmarkdown);
this.setComponentSize();
},
setComponentSize: function()
@@ -1348,7 +1347,6 @@ const definitionComponent = Vue.component('definition-component', {
}
this.definitionList.push({'term': term ,'descriptions': descriptions, 'id': i});
}
- console.info(this.definitionList);
}
else
{
@@ -1896,14 +1894,14 @@ const fileComponent = Vue.component('file-component', {
reader.readAsDataURL(uploadedFile);
reader.onload = function(e) {
- myaxios.post('/api/v1/file',{
+ myaxios.post('/api/v1/file',{
'url': document.getElementById("path").value,
'file': e.target.result,
'name': uploadedFile.name,
'csrf_name': document.getElementById("csrf_name").value,
'csrf_value': document.getElementById("csrf_value").value,
})
- .then(function (response) {
+ .then(function (response) {
self.load = false;
self.$parent.activatePage();
@@ -1912,14 +1910,16 @@ const fileComponent = Vue.component('file-component', {
self.fileextension = response.data.info.extension;
self.fileurl = response.data.info.url;
self.createmarkdown();
- })
- .catch(function (error)
- {
- if(error.response)
- {
- publishController.errors.message = error.response.data.errors.message;
- }
- });
+ })
+ .catch(function (error)
+ {
+ self.load = false;
+ self.$parent.activatePage();
+ if(error.response)
+ {
+ publishController.errors.message = error.response.data.errors;
+ }
+ });
}
}
}
diff --git a/system/author/js/vue-shared.js b/system/author/js/vue-shared.js
index 3593f7d..790f8cd 100644
--- a/system/author/js/vue-shared.js
+++ b/system/author/js/vue-shared.js
@@ -292,7 +292,7 @@ Vue.component('component-checkbox', {
' :disabled="disabled"' +
' :name="name"' +
' v-model="value"' +
- ' @change="update($event, value, name)">' +
+ ' @change="update($event, value, name)">' +
'' +
'{{ errors[name] }}' +
'{{ description|translate }}' +