Upload: Fix available file extension check

diff --git a/js_upload/js_upload.php b/js_upload/js_upload.php
index 089cb7e214802739e5a921487bda2726adee421f..786fc3c2d6783a98f3d119109dc7e7fb86aab69c 100644 (file)
--- a/js_upload/js_upload.php
+++ b/js_upload/js_upload.php
@@ -7,11 +7,11 @@
  * Maintainer: Hypolite Petovan <https://friendica.mrpetovan.com/profile/hypolite>
  */
 
-use Friendica\App;
 use Friendica\Core\Hook;
 use Friendica\Core\Logger;
 use Friendica\Core\Renderer;
 use Friendica\DI;
+use Friendica\Util\Images;
 use Friendica\Util\Strings;
 
 global $js_upload_jsonresponse;
@@ -20,9 +20,9 @@ global $js_upload_result;
 function js_upload_install()
 {
        Hook::register('photo_upload_form', __FILE__, 'js_upload_form');
-       Hook::register('photo_post_init', __FILE__, 'js_upload_post_init');
-       Hook::register('photo_post_file', __FILE__, 'js_upload_post_file');
-       Hook::register('photo_post_end', __FILE__, 'js_upload_post_end');
+       Hook::register('photo_post_init',   __FILE__, 'js_upload_post_init');
+       Hook::register('photo_post_file',   __FILE__, 'js_upload_post_file');
+       Hook::register('photo_post_end',    __FILE__, 'js_upload_post_end');
 }
 
 function js_upload_form(array &$b)
@@ -34,11 +34,11 @@ function js_upload_form(array &$b)
 
        $tpl = Renderer::getMarkupTemplate('js_upload.tpl', 'addon/js_upload');
        $b['addon_text'] .= Renderer::replaceMacros($tpl, [
-               '$upload_msg' => DI::l10n()->t('Select files for upload'),
-               '$drop_msg' => DI::l10n()->t('Drop files here to upload'),
-               '$cancel' => DI::l10n()->t('Cancel'),
-               '$failed' => DI::l10n()->t('Failed'),
-               '$post_url' => $b['post_url'],
+               '$upload_msg'   => DI::l10n()->t('Select files for upload'),
+               '$drop_msg'     => DI::l10n()->t('Drop files here to upload'),
+               '$cancel'       => DI::l10n()->t('Cancel'),
+               '$failed'       => DI::l10n()->t('Failed'),
+               '$post_url'     => $b['post_url'],
                '$maximagesize' => Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize')),
        ]);
 }
@@ -48,7 +48,10 @@ function js_upload_post_init(array &$b)
        global $js_upload_result, $js_upload_jsonresponse;
 
        // list of valid extensions
-       $allowedExtensions = ['jpeg', 'gif', 'png', 'jpg'];
+       $allowedExtensions = [];
+       foreach (Images::IMAGETYPES as $type) {
+               $allowedExtensions[] = image_type_to_extension($type, false);
+       }
 
        // max file size in bytes
        $sizeLimit = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
@@ -75,10 +78,9 @@ function js_upload_post_file(array &$b)
 
        $result = $js_upload_result;
 
-       $b['src'] = $result['path'];
+       $b['src']      = $result['path'];
        $b['filename'] = $result['filename'];
        $b['filesize'] = filesize($b['src']);
-
 }
 
 function js_upload_post_end(int &$b)
@@ -179,11 +181,11 @@ class qqUploadedFileForm
 
 class qqFileUploader
 {
-       private $allowedExtensions = [];
-       private $sizeLimit = 10485760;
+       private $allowedExtensions;
+       private $sizeLimit;
        private $file;
 
-       function __construct(array $allowedExtensions = [], $sizeLimit = 10485760)
+       function __construct(array $allowedExtensions = [], $sizeLimit)
        {
                $allowedExtensions = array_map('strtolower', $allowedExtensions);
 
@@ -197,7 +199,6 @@ class qqFileUploader
                } else {
                        $this->file = false;
                }
-
        }
 
        /**
@@ -216,11 +217,9 @@ class qqFileUploader
                }
 
 //             if ($size > $this->sizeLimit) {
-
 //                     return array('error' => DI::l10n()->t('Uploaded file is too large'));
 //             }
 
-
                $maximagesize = Strings::getBytesFromShorthand(DI::config()->get('system', 'maximagesize'));
 
                if (($maximagesize) && ($size > $maximagesize)) {
@@ -241,14 +240,14 @@ class qqFileUploader
 
                if ($this->file->save()) {
                        return [
-                               'success' => true,
-                               'path' => $this->file->getPath(),
+                               'success'  => true,
+                               'path'     => $this->file->getPath(),
                                'filename' => $filename . '.' . $ext
                        ];
                } else {
                        return [
-                               'error' => DI::l10n()->t('Upload was cancelled, or server error encountered'),
-                               'path' => $this->file->getPath(),
+                               'error'    => DI::l10n()->t('Upload was cancelled, or server error encountered'),
+                               'path'     => $this->file->getPath(),
                                'filename' => $filename . '.' . $ext
                        ];
                }