From 14c9142e76d47285f87e8389caf86f89d14903ee Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 25 Mar 2025 22:54:00 +0100
Subject: [PATCH] post.php: also check image by mime

---
 post.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/post.php b/post.php
index 27a45413..b5c03b38 100644
--- a/post.php
+++ b/post.php
@@ -6,6 +6,7 @@
 use Vichan\Context;
 use Vichan\Data\ReportQueries;
 use Vichan\Data\Driver\LogDriver;
+use Vichan\Functions\Metadata;
 
 require_once 'inc/bootstrap.php';
 
@@ -1287,7 +1288,19 @@ function handle_post(Context $ctx)
                 error($config['error']['unknownext']);
             }
 
-            $file['is_an_image'] = !in_array($file['extension'], $config['allowed_ext_files']);
+            try {
+                $mime = Metadata\sniff_image($file['tmp_name'])[3];
+                if (\in_array($mime, Metadata\SUPPORTED_IMAGE_MIME_TYPES)) {
+                    $ext = Metadata\mime_to_ext($mime);
+                    $file['is_an_image'] = !\in_array($ext, $config['allowed_ext_files']);
+                    if ($file['is_an_image']) {
+                        $file['mime'] = $mime;
+                    }
+                }
+                $file['is_an_image'] = false;
+            } catch (\RuntimeException $e) {
+                $file['is_an_image'] = false;
+            }
 
             // Truncate filename if it is too long
             $file['filename'] = mb_substr($file['filename'], 0, $config['max_filename_len']);