From 9e008e634137959c0e656070654f01ed8bf1cc5c Mon Sep 17 00:00:00 2001
From: Maxime Rainville <maxime@silverstripe.com>
Date: Mon, 11 May 2020 13:55:33 +1200
Subject: [PATCH 1/4] [CVE-2020-9309] Require MimeUploadValidator on
 userformis' File Upload field

---
 _config/mimevalidator.yml                          | 6 ++++++
 code/Model/EditableFormField/EditableFileField.php | 7 ++++++-
 composer.json                                      | 3 ++-
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 _config/mimevalidator.yml

diff --git a/_config/mimevalidator.yml b/_config/mimevalidator.yml
new file mode 100644
index 0000000..75e2e22
--- /dev/null
+++ b/_config/mimevalidator.yml
@@ -0,0 +1,6 @@
+---
+Name: mimeuploadvalidator-userforms
+---
+SilverStripe\Core\Injector\Injector:
+  SilverStripe\Assets\Upload_Validator.userforms:
+    class: SilverStripe\MimeValidator\MimeUploadValidator
diff --git a/code/Model/EditableFormField/EditableFileField.php b/code/Model/EditableFormField/EditableFileField.php
index cd4a725..a91e36b 100755
--- a/code/Model/EditableFormField/EditableFileField.php
+++ b/code/Model/EditableFormField/EditableFileField.php
@@ -4,7 +4,9 @@ namespace SilverStripe\UserForms\Model\EditableFormField;
 
 use SilverStripe\Assets\File;
 use SilverStripe\Assets\Folder;
+use SilverStripe\Assets\Upload_Validator;
 use SilverStripe\Core\Config\Config;
+use SilverStripe\Core\Injector\Injector;
 use SilverStripe\Forms\FileField;
 use SilverStripe\Forms\LiteralField;
 use SilverStripe\Forms\NumericField;
@@ -95,11 +97,14 @@ class EditableFileField extends EditableFormField
         return $result;
     }
 
+
+
     public function getFormField()
     {
         $field = FileField::create($this->Name, $this->Title ?: false)
             ->setFieldHolderTemplate(EditableFormField::class . '_holder')
-            ->setTemplate(__CLASS__);
+            ->setTemplate(__CLASS__)
+            ->setValidator(Injector::inst()->get(Upload_Validator::class . '.userforms'));
 
         $field->setFieldHolderTemplate(EditableFormField::class . '_holder')
             ->setTemplate(__CLASS__);
diff --git a/composer.json b/composer.json
index b4344a9..e2fc7fc 100644
--- a/composer.json
+++ b/composer.json
@@ -33,7 +33,8 @@
         "silverstripe/cms": "^4.0",
         "symbiote/silverstripe-gridfieldextensions": "^3.1",
         "silverstripe/segment-field": "^2.0",
-        "silverstripe/versioned": "^1.0"
+        "silverstripe/versioned": "^1.0",
+        "silverstripe/mimevalidator": "^2.0"
     },
     "require-dev": {
         "phpunit/phpunit": "^5.7",

From 27228d12af8a458d0edcb3e8f2154d9731e7c303 Mon Sep 17 00:00:00 2001
From: Maxime Rainville <maxime@silverstripe.com>
Date: Mon, 11 May 2020 13:55:33 +1200
Subject: [PATCH 2/4] [CVE-2020-9309] Require MimeUploadValidator on
 userformis' File Upload field

---
 _config/mimevalidator.yml                          | 6 ++++++
 code/Model/EditableFormField/EditableFileField.php | 7 ++++++-
 composer.json                                      | 3 ++-
 3 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 _config/mimevalidator.yml

diff --git a/_config/mimevalidator.yml b/_config/mimevalidator.yml
new file mode 100644
index 0000000..75e2e22
--- /dev/null
+++ b/_config/mimevalidator.yml
@@ -0,0 +1,6 @@
+---
+Name: mimeuploadvalidator-userforms
+---
+SilverStripe\Core\Injector\Injector:
+  SilverStripe\Assets\Upload_Validator.userforms:
+    class: SilverStripe\MimeValidator\MimeUploadValidator
diff --git a/code/Model/EditableFormField/EditableFileField.php b/code/Model/EditableFormField/EditableFileField.php
index 76f5aa7..ea4b430 100755
--- a/code/Model/EditableFormField/EditableFileField.php
+++ b/code/Model/EditableFormField/EditableFileField.php
@@ -4,7 +4,9 @@ namespace SilverStripe\UserForms\Model\EditableFormField;
 
 use SilverStripe\Assets\File;
 use SilverStripe\Assets\Folder;
+use SilverStripe\Assets\Upload_Validator;
 use SilverStripe\Core\Config\Config;
+use SilverStripe\Core\Injector\Injector;
 use SilverStripe\Forms\FileField;
 use SilverStripe\Forms\LiteralField;
 use SilverStripe\Forms\NumericField;
@@ -96,11 +98,14 @@ class EditableFileField extends EditableFormField
         return $result;
     }
 
+
+
     public function getFormField()
     {
         $field = FileField::create($this->Name, $this->Title ?: false)
             ->setFieldHolderTemplate(EditableFormField::class . '_holder')
-            ->setTemplate(__CLASS__);
+            ->setTemplate(__CLASS__)
+            ->setValidator(Injector::inst()->get(Upload_Validator::class . '.userforms'));
 
         $field->setFieldHolderTemplate(EditableFormField::class . '_holder')
             ->setTemplate(__CLASS__);
diff --git a/composer.json b/composer.json
index 8cb0299..d5af2e1 100644
--- a/composer.json
+++ b/composer.json
@@ -33,7 +33,8 @@
         "silverstripe/cms": "^4.0",
         "symbiote/silverstripe-gridfieldextensions": "^3.1",
         "silverstripe/segment-field": "^2.0",
-        "silverstripe/versioned": "^1.0"
+        "silverstripe/versioned": "^1.0",
+        "silverstripe/mimevalidator": "^2.0"
     },
     "require-dev": {
         "phpunit/phpunit": "^5.7",

From d2bf27c847655e7841c407d830d6a487caeaf02e Mon Sep 17 00:00:00 2001
From: Maxime Rainville <maxime@silverstripe.com>
Date: Thu, 22 Oct 2020 15:47:17 +1300
Subject: [PATCH 3/4] MNT Fix broken merged up (#1013)

---
 code/Model/EditableFormField/EditableFileField.php | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/code/Model/EditableFormField/EditableFileField.php b/code/Model/EditableFormField/EditableFileField.php
index 0224adf..4c13f84 100755
--- a/code/Model/EditableFormField/EditableFileField.php
+++ b/code/Model/EditableFormField/EditableFileField.php
@@ -6,12 +6,9 @@ use SilverStripe\Assets\File;
 use SilverStripe\Assets\Folder;
 use SilverStripe\Assets\Upload_Validator;
 use SilverStripe\Core\Config\Config;
-<<<<<<< HEAD
 use SilverStripe\Core\Convert;
 use SilverStripe\Forms\FieldList;
-=======
 use SilverStripe\Core\Injector\Injector;
->>>>>>> 5.5
 use SilverStripe\Forms\FileField;
 use SilverStripe\Forms\LiteralField;
 use SilverStripe\Forms\NumericField;

From 0ce94b75f5988993fde74979206559ff6b3aebeb Mon Sep 17 00:00:00 2001
From: Dylan Wagstaff <dylan@silverstripe.com>
Date: Sun, 1 Nov 2020 11:31:23 +1300
Subject: [PATCH 4/4] FIX correctly calculate MaxFileSizeMB

The inputted value is intended to represent megabytes, but is only
multiplied by 1024 - meaning it'd represent kilobytes. This is then used
to compare with the PHP setting number, which is bytes in the range of
megabytes. Kilobytes are always under megabytes, meaning size
comparisons elsewhere in the code are always true.
We should ensure the calculation for validation is correct.
---
 code/Model/EditableFormField/EditableFileField.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/code/Model/EditableFormField/EditableFileField.php b/code/Model/EditableFormField/EditableFileField.php
index d4810f1..f840c5b 100755
--- a/code/Model/EditableFormField/EditableFileField.php
+++ b/code/Model/EditableFormField/EditableFileField.php
@@ -185,7 +185,7 @@ class EditableFileField extends EditableFormField
         $result = parent::validate();
 
         $max = static::get_php_max_file_size();
-        if ($this->MaxFileSizeMB * 1024 > $max) {
+        if ($this->MaxFileSizeMB * 1024 * 1024 > $max) {
             $result->addError("Your max file size limit can't be larger than the server's limit of {$this->getPHPMaxFileSizeMB()}.");
         }