Enh: Double file extension check is now optional and disabled by default

2025-01-16 21:58:17 +01:00 · 2019-04-08 13:55:51 +02:00 · 2019-04-08 13:55:51 +02:00 · a73588bc15
commit a73588bc15
parent d6bac849f0
3 changed files with 22 additions and 3 deletions
--- a/protected/humhub/docs/CHANGELOG.md
+++ b/protected/humhub/docs/CHANGELOG.md
@ -7,6 +7,7 @@ HumHub Change Log
 - Fix: #2536 Incorrect log of "Attempt to steal file" due to faulty File::isAssignedTo() check
 - Fix: Wrong help block position in admin basic settings
 - Chng: Removed yiisoft/yii2-apidoc dependency
+- Enh: Double file extension check is now optional and disabled by default


 1.3.12  (March 26, 2019)
--- a/protected/humhub/modules/file/Module.php
+++ b/protected/humhub/modules/file/Module.php
@ -43,6 +43,11 @@ class Module extends \humhub\components\Module
        'image/jpeg'
    ];

+    /**
+     * @var bool Prohibit uploads of files with double file extension.
+     */
+    public $denyDoubleFileExtensions = false;
+
    /**
     * @var array of converter options
     */
--- a/protected/humhub/modules/file/validators/FileValidator.php
+++ b/protected/humhub/modules/file/validators/FileValidator.php
@ -8,6 +8,7 @@

 namespace humhub\modules\file\validators;

+use humhub\modules\file\Module;
 use Yii;
 use humhub\modules\file\models\File;
 use humhub\modules\file\libs\ImageConverter;
@ -27,17 +28,29 @@ class FileValidator extends \yii\validators\FileValidator
     */
    public $useDefaultExtensionRestriction = true;

+    /**
+     * @var boolean deny double file extensions
+     */
+    public $denyDoubleFileExtensions;
+
    /**
     * @inheritdoc
     */
    public function init()
    {
+        /** @var Module $module */
+        $module = Yii::$app->getModule('file');
+
        if ($this->extensions === null && $this->useDefaultExtensionRestriction) {
-            $this->extensions = Yii::$app->getModule('file')->settings->get('allowedExtensions');
+            $this->extensions = $module->settings->get('allowedExtensions');
        }

        if ($this->maxSize === null) {
-            $this->maxSize = Yii::$app->getModule('file')->settings->get('maxFileSize');
+            $this->maxSize = $module->settings->get('maxFileSize');
+        }
+
+        if ($this->denyDoubleFileExtensions === null) {
+            $this->denyDoubleFileExtensions = $module->denyDoubleFileExtensions;
        }

        parent::init();
@ -81,7 +94,7 @@ class FileValidator extends \yii\validators\FileValidator
                $this->addError($model, $attribute, Yii::t('FileModule.models_File', 'Invalid file name detected!'));
            }

-            if(preg_match('/\.\w{2,3}\.\w{2,3}$/', $model->file_name)) {
+            if($this->denyDoubleFileExtensions && preg_match('/\.\w{2,3}\.\w{2,3}$/', $model->file_name)) {
                $this->addError($model, $attribute, Yii::t('FileModule.models_File', 'Double file extensions are not allowed!'));
            }
        }