post.php: also check image by mime

2025-03-25 22:54:00 +01:00 · 2025-03-25 22:54:00 +01:00 · 14c9142e76
commit 14c9142e76
parent 75343c1af1
1 changed files with 14 additions and 1 deletions
--- a/post.php
+++ b/post.php
@ -6,6 +6,7 @@
 use Vichan\Context;
 use Vichan\Data\ReportQueries;
 use Vichan\Data\Driver\LogDriver;
+use Vichan\Functions\Metadata;

 require_once 'inc/bootstrap.php';

@ -1287,7 +1288,19 @@ function handle_post(Context $ctx)
                error($config['error']['unknownext']);
            }

-            $file['is_an_image'] = !in_array($file['extension'], $config['allowed_ext_files']);
+            try {
+                $mime = Metadata\sniff_image($file['tmp_name'])[3];
+                if (\in_array($mime, Metadata\SUPPORTED_IMAGE_MIME_TYPES)) {
+                    $ext = Metadata\mime_to_ext($mime);
+                    $file['is_an_image'] = !\in_array($ext, $config['allowed_ext_files']);
+                    if ($file['is_an_image']) {
+                        $file['mime'] = $mime;
+                    }
+                }
+                $file['is_an_image'] = false;
+            } catch (\RuntimeException $e) {
+                $file['is_an_image'] = false;
+            }

            // Truncate filename if it is too long
            $file['filename'] = mb_substr($file['filename'], 0, $config['max_filename_len']);