From 1ec2be59259baadfeeba24a52be7de7668ec66b1 Mon Sep 17 00:00:00 2001 From: Max Nuding Date: Sat, 27 Nov 2021 13:05:26 +0100 Subject: [PATCH] Fixed missing file type validation --- index.php | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/index.php b/index.php index 53a4438..e6a8243 100644 --- a/index.php +++ b/index.php @@ -200,6 +200,19 @@ if (!isset($_POST['submit'])) { return response; } + function validateFileType(file) { + if (file.type && (file.type.startsWith('image/') || file.type.startsWith('video/'))) { + return true; + } + const parts = file.name.split('.'); + const extension = parts.length > 0 ? parts[parts.length-1] : ''; + if (['jpg', 'jpeg', 'png', 'heic', 'heif', 'mov', 'mp4', 'mkv'].includes(extension)) { + return true; + } + console.warn('Invalid file type', extension); + return false; + } + albumInput.addEventListener('change', (event) => { console.log(event); albumAnchor.href = `https://photos.phlaym.net${albumInput.selectedOptions[0].dataset.url}`; @@ -272,8 +285,10 @@ if (!isset($_POST['submit'])) { sizeInMb, 'MB big, which is over the limit of', maxFileSize); + } else if(validateFileType(file)) { + fileList.push(file); } - fileList.push(file); + } } totalProgress.max = fileList.length; @@ -296,9 +311,12 @@ if (!isset($_POST['submit'])) { ? 'Die folgenden Dateien sind' : 'Die folgende Datei ist'; errorDiv.innerHTML += ``` - ${pluralizedMessage} zu groß: ${names}. + ${pluralizedMessage} zu groß und wird beim Upload ignoriert: ${names}. Jede Datei darf max. ${maxFileSize} MB groß sein.```; + } + if (!fileList.length) { submitButton.disabled = true; + errorDiv.innerHTML += 'Keine gültigen Bilder oder Videos gefunden'; } });