BookStack Code Mirror - bookstack/blobdiff - app/Util/WebSafeMimeSniffer.php

index a896bd9e523c8b821564dc985d5da64bfba13bc1..4a82de85d25ccdeb389010c9d3ba611b48326459 100644 (file)

--- a/app/Util/WebSafeMimeSniffer.php

+++ b/app/Util/WebSafeMimeSniffer.php

@@ -10,14 +10,22 @@ use finfo;

class WebSafeMimeSniffer

{

/**

* @var string[]

- protected $safeMimes = [

+ protected array $safeMimes = [

'application/json',

'application/octet-stream',

'application/pdf',

+ 'audio/aac',

+ 'audio/midi',

+ 'audio/mpeg',

+ 'audio/ogg',

+ 'audio/opus',

+ 'audio/wav',

+ 'audio/webm',

+ 'audio/x-m4a',

+ 'image/apng',

'image/bmp',

'image/jpeg',

'image/png',

@@ -40,16 +48,28 @@ class WebSafeMimeSniffer

'video/av1',

];

+ protected array $textTypesByExtension = [

+ 'css' => 'text/css',

+ 'js' => 'text/javascript',

+ 'json' => 'application/json',

+ 'csv' => 'text/csv',

+ ];

/**

* Sniff the mime-type from the given file content while running the result

* through an allow-list to ensure a web-safe result.

* Takes the content as a reference since the value may be quite large.

+ * Accepts an optional $extension which can be used for further guessing.

- public function sniff(string &$content): string

+ public function sniff(string &$content, string $extension = ''): string

{

$fInfo = new finfo(FILEINFO_MIME_TYPE);

$mime = $fInfo->buffer($content) ?: 'application/octet-stream';

+ if ($mime === 'text/plain' && $extension) {

+ $mime = $this->textTypesByExtension[$extension] ?? 'text/plain';

+ }

if (in_array($mime, $this->safeMimes)) {

return $mime;

}

@@ -61,5 +81,4 @@ class WebSafeMimeSniffer

return 'application/octet-stream';

}

\ No newline at end of file