Replace regex usage for MIME parsing (#17831)
MIME types can have multiple optional parameters, eg: video/webm; codecs="w/e codec"; charset="binary" This commit replaces the usage of regex for getting the "type/subtype" with mime.ParseMediaType.
This commit is contained in:
parent
789d251ae4
commit
2e8fc5b034
1 changed files with 6 additions and 2 deletions
|
@ -5,6 +5,7 @@
|
||||||
package upload
|
package upload
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"mime"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"path"
|
"path"
|
||||||
|
@ -31,7 +32,6 @@ func (err ErrFileTypeForbidden) Error() string {
|
||||||
return "This file extension or type is not allowed to be uploaded."
|
return "This file extension or type is not allowed to be uploaded."
|
||||||
}
|
}
|
||||||
|
|
||||||
var mimeTypeSuffixRe = regexp.MustCompile(`;.*$`)
|
|
||||||
var wildcardTypeRe = regexp.MustCompile(`^[a-z]+/\*$`)
|
var wildcardTypeRe = regexp.MustCompile(`^[a-z]+/\*$`)
|
||||||
|
|
||||||
// Verify validates whether a file is allowed to be uploaded.
|
// Verify validates whether a file is allowed to be uploaded.
|
||||||
|
@ -51,7 +51,11 @@ func Verify(buf []byte, fileName string, allowedTypesStr string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
fullMimeType := http.DetectContentType(buf)
|
fullMimeType := http.DetectContentType(buf)
|
||||||
mimeType := strings.TrimSpace(mimeTypeSuffixRe.ReplaceAllString(fullMimeType, ""))
|
mimeType, _, err := mime.ParseMediaType(fullMimeType)
|
||||||
|
if err != nil {
|
||||||
|
log.Warn("Detected attachment type could not be parsed %s", fullMimeType)
|
||||||
|
return ErrFileTypeForbidden{Type: fullMimeType}
|
||||||
|
}
|
||||||
extension := strings.ToLower(path.Ext(fileName))
|
extension := strings.ToLower(path.Ext(fileName))
|
||||||
|
|
||||||
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers
|
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers
|
||||||
|
|
Loading…
Reference in a new issue