tonyair
/
silverstripe-dms
mirror of https://github.com/silverstripe/silverstripe-dms
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

FIX Escape file path before loading file from filesystem

This commit is contained in:
Robbie Averill 2017-12-07 12:40:11 +13:00
parent 82a8a4b142
commit 8efedf3158
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
code/model/DMSDocument_Controller.php
View File

@ -82,6 +82,7 @@ class DMSDocument_Controller extends Controller
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $path);
} elseif (is_executable($fileBin)) {
$path = escapeshellarg($path);
// try to use the system tool
$mime = `$fileBin -i -b $path`;
$mime = explode(';', $mime);
@ -89,7 +90,7 @@ class DMSDocument_Controller extends Controller
} else {
// make do with what we have
$ext = $doc->getExtension();
if ($ext =='pdf') {
if ($ext == 'pdf') {
$mime = 'application/pdf';
} elseif ($ext == 'html' || $ext =='htm') {
$mime = 'text/html';