X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ae155d67454d6b9f6c93b2bb457aaa4b2eb1a9ed..refs/pull/5681/head:/app/Util/WebSafeMimeSniffer.php diff --git a/app/Util/WebSafeMimeSniffer.php b/app/Util/WebSafeMimeSniffer.php index a896bd9e5..4a82de85d 100644 --- a/app/Util/WebSafeMimeSniffer.php +++ b/app/Util/WebSafeMimeSniffer.php @@ -10,14 +10,22 @@ use finfo; */ class WebSafeMimeSniffer { - /** * @var string[] */ - protected $safeMimes = [ + protected array $safeMimes = [ 'application/json', 'application/octet-stream', 'application/pdf', + 'audio/aac', + 'audio/midi', + 'audio/mpeg', + 'audio/ogg', + 'audio/opus', + 'audio/wav', + 'audio/webm', + 'audio/x-m4a', + 'image/apng', 'image/bmp', 'image/jpeg', 'image/png', @@ -40,16 +48,28 @@ class WebSafeMimeSniffer 'video/av1', ]; + protected array $textTypesByExtension = [ + 'css' => 'text/css', + 'js' => 'text/javascript', + 'json' => 'application/json', + 'csv' => 'text/csv', + ]; + /** * Sniff the mime-type from the given file content while running the result * through an allow-list to ensure a web-safe result. * Takes the content as a reference since the value may be quite large. + * Accepts an optional $extension which can be used for further guessing. */ - public function sniff(string &$content): string + public function sniff(string &$content, string $extension = ''): string { $fInfo = new finfo(FILEINFO_MIME_TYPE); $mime = $fInfo->buffer($content) ?: 'application/octet-stream'; + if ($mime === 'text/plain' && $extension) { + $mime = $this->textTypesByExtension[$extension] ?? 'text/plain'; + } + if (in_array($mime, $this->safeMimes)) { return $mime; } @@ -61,5 +81,4 @@ class WebSafeMimeSniffer return 'application/octet-stream'; } - -} \ No newline at end of file +}