update

- add mime types to ignore to config - omit ext from file rename - cleanup and more consistent with eslint - update rdme
ctf0 · Aug 6, 2017 · a0fd463 · a0fd463
1 parent 9e15e23
commit a0fd463
Show file tree

Hide file tree

Showing 8 changed files with 2,244 additions and 7,196 deletions.
diff --git a/README.md b/README.md
@@ -97,25 +97,45 @@
 // config/mediaManager.php
 
 return [
-    // ignore files pattern
+    /*
+     * ignore files pattern
+     */
     'ignore_files' => '/^\..*/',
 
-    // filesystem disk
+    /*
+     * filesystem disk
+     */
     'storage_disk'=> 'public',
 
-    // remove any file special chars except (. _ -)
+    /*
+     * remove any file special chars except (. _ -)
+     */
     'allowed_fileNames_chars'=> '.\_\-',
 
-    // remove any folder special chars except (_ -)
-    'allowed_folderNames_chars'=> '\_\-',
+    /*
+     * remove any folder special chars except (_ -)
+     */
+    'allowed_folderNames_chars'=> '\/\_\-',
 
-    // when file names gets cleand up
+    /*
+     * disallow uploading files with the following mimetypes
+     * https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
+     */
+    'unallowed_mimes' => ['php', 'java'],
+
+    /*
+     * when file names gets cleand up
+     */
     'sanitized_text'=> 'sanitized',
 
-    // media manager root url
+    /*
+     * media manager root url
+     */
     'root_url'=> '/media',
 
-    // css farmework
+    /*
+     * css farmework
+     */
     'framework'=> env('MIX_MM_FRAMEWORK'),
 ];
 ```

diff --git a/src/Controllers/MediaController.php b/src/Controllers/MediaController.php
@@ -16,17 +16,19 @@ class MediaController extends Controller
     private $fileChars;
     private $folderChars;
     private $sanitizedText;
+    private $unallowed_mimes;
     private $fw;
 
     public function __construct()
     {
-        $this->fileSystem    = config('mediaManager.storage_disk');
-        $this->storageDisk   = Storage::disk($this->fileSystem);
-        $this->ignoreFiles   = config('mediaManager.ignore_files');
-        $this->fileChars     = config('mediaManager.allowed_fileNames_chars');
-        $this->folderChars   = config('mediaManager.allowed_folderNames_chars');
-        $this->sanitizedText = config('mediaManager.sanitized_text');
-        $this->fw            = config('mediaManager.framework');
+        $this->fileSystem      = config('mediaManager.storage_disk');
+        $this->storageDisk     = Storage::disk($this->fileSystem);
+        $this->ignoreFiles     = config('mediaManager.ignore_files');
+        $this->fileChars       = config('mediaManager.allowed_fileNames_chars');
+        $this->folderChars     = config('mediaManager.allowed_folderNames_chars');
+        $this->sanitizedText   = config('mediaManager.sanitized_text');
+        $this->unallowed_mimes = config('mediaManager.unallowed_mimes');
+        $this->fw              = config('mediaManager.framework');
     }
 
     /**
@@ -57,8 +59,8 @@ public function upload(Request $request)
             $file_type   = $one->getMimeType();
 
             try {
-                // stop if "php" or "jar"
-                if (strpos($file_type, "php") || strpos($file_type, "java-")) {
+                // check for mime type
+                if (str_contains($file_type, $this->unallowed_mimes)) {
                     throw new Exception(trans('MediaManager::messages.not_allowed_file_ext', ['attr'=>$file_type]));
                 }
 

diff --git a/src/config/mediaManager.php b/src/config/mediaManager.php
@@ -1,25 +1,46 @@
 <?php
 
 return [
-    // ignore files pattern
+    /*
+     * ignore files pattern
+     */
     'ignore_files' => '/^\..*/',
 
-    // filesystem disk
+    /*
+     * filesystem disk
+     */
     'storage_disk'=> 'public',
 
-    // remove any file special chars except (. _ -)
+    /*
+     * remove any file special chars except (. _ -)
+     */
     'allowed_fileNames_chars'=> '.\_\-',
 
-    // remove any folder special chars except (_ -)
-    // to add & nest folders in one go use '\/\_\-'
-    'allowed_folderNames_chars'=> '\_\-',
+    /*
+     * remove any folder special chars except (_ -)
+     *
+     * to add & nest folders in one go use '\/\_\-'
+     */
+    'allowed_folderNames_chars'=> '\/\_\-',
 
-    // when file names gets cleand up
+    /*
+     * disallow uploading files with the following mimetypes
+     * https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
+     */
+    'unallowed_mimes' => ['php', 'java'],
+
+    /*
+     * when file names gets cleand up
+     */
     'sanitized_text'=> 'sanitized',
 
-    // media manager root url
+    /*
+     * media manager root url
+     */
     'root_url'=> '/media',
 
-    // css farmework
+    /*
+     * css farmework
+     */
     'framework'=> env('MIX_MM_FRAMEWORK'),
 ];