fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-4435

Browse Source
This commit is contained in:
Roly Rudy Gutierrez Pinto
2018-10-02 10:26:02 -04:00
committed by Paula Quispe
parent d263c5a7ca
commit ca3d718578
6 changed files with 106 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
config/customMimeTypes.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/**
* This is a partial list of the known types, add the type you want to be recognized,
* this affects the whole application globally.
*
* https://www.iana.org/assignments/media-types/media-types.xml
*/
return [
'dat' => 'text/plain',
'doc' => ['application/msword', 'text/html'],
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'exe' => ['application/x-msdownload', 'application/x-dosexec'],
'gif' => 'image/gif',
'htm' => 'text/html',
'html' => 'text/html',
'jpeg' => 'image/jpeg',
'jpg' => 'image/jpeg',
'mp3' => 'audio/mpeg',
'mp4' => 'video/mp4',
'ppt' => 'application/vnd.ms-office',
'pptx' => 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
'pm' => 'text/plain',
'pmt' => 'text/plain',
'po' => 'text/x-po',
'pdf' => 'application/pdf',
'png' => 'image/png',
'php' => 'text/x-php',
'rar' => 'application/x-rar',
'txt' => 'text/plain',
'wmv' => ['video/x-ms-asf', 'video/x-ms-wmv'],
'xls' => ['application/vnd.ms-excel', 'text/plain'],
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
'zip' => 'application/zip',
];

4
framework/src/Maveriks/WebApplication.php
View File

@@ -337,9 +337,7 @@ class WebApplication
'path' => $target['tmp_name'] 'path' => $target['tmp_name']
]); ]);
if ($validator->fails()) { if ($validator->fails()) {
if ($validator->getStatus() === 429) { throw new RestException($validator->getStatus(), $validator->getMessage());
throw new RestException($validator->getStatus());
}
} }
return true; return true;
}; };

6
workflow/engine/content/translations/english/processmaker.en.po
View File

@@ -24845,6 +24845,12 @@ msgstr "Error: The application {0} is not canceled."
msgid "The default configuration was not defined" msgid "The default configuration was not defined"
msgstr "The default configuration was not defined" msgstr "The default configuration was not defined"
# TRANSLATION
# LABEL/ID_THE_MIMETYPE_EXTENSION_ERROR
#: LABEL/ID_THE_MIMETYPE_EXTENSION_ERROR
msgid "The mime type does not correspond to the permitted extension, please verify your file."
msgstr "The mime type does not correspond to the permitted extension, please verify your file."
# TRANSLATION # TRANSLATION
# LABEL/ID_THE_NAME_CHANGE_MAY_CAUSE_DATA_LOSS # LABEL/ID_THE_NAME_CHANGE_MAY_CAUSE_DATA_LOSS
#: LABEL/ID_THE_NAME_CHANGE_MAY_CAUSE_DATA_LOSS #: LABEL/ID_THE_NAME_CHANGE_MAY_CAUSE_DATA_LOSS

1
workflow/engine/data/mysql/insert.sql
View File

@@ -61034,6 +61034,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE
( 'LABEL','ID_THERE_PROBLEM_SENDING_EMAIL','en','There was a problem sending the email to','2016-04-08') , ( 'LABEL','ID_THERE_PROBLEM_SENDING_EMAIL','en','There was a problem sending the email to','2016-04-08') ,
( 'LABEL','ID_THE_APPLICATION_IS_NOT_CANCELED','en','Error: The application {0} is not canceled.','2016-06-15') , ( 'LABEL','ID_THE_APPLICATION_IS_NOT_CANCELED','en','Error: The application {0} is not canceled.','2016-06-15') ,
( 'LABEL','ID_THE_DEFAULT_CONFIGURATION','en','The default configuration was not defined','2016-11-16') , ( 'LABEL','ID_THE_DEFAULT_CONFIGURATION','en','The default configuration was not defined','2016-11-16') ,
( 'LABEL','ID_THE_MIMETYPE_EXTENSION_ERROR','en','The mime type does not correspond to the permitted extension, please verify your file.','2018-10-2') ,
( 'LABEL','ID_THE_NAME_CHANGE_MAY_CAUSE_DATA_LOSS','en','The change might cause data loss in the PM table. Do you want to continue?','2017-03-30') , ( 'LABEL','ID_THE_NAME_CHANGE_MAY_CAUSE_DATA_LOSS','en','The change might cause data loss in the PM table. Do you want to continue?','2017-03-30') ,
( 'LABEL','ID_THE_PHP_FILES_EXECUTION_WAS_DISABLED','en','The PHP files execution was disabled please contact the system administrator.','2018-04-20') , ( 'LABEL','ID_THE_PHP_FILES_EXECUTION_WAS_DISABLED','en','The PHP files execution was disabled please contact the system administrator.','2018-04-20') ,
( 'LABEL','ID_THE_REASON_REASSIGN_USER_EMPTY','en','Please complete the reassign reason.','2016-10-20') , ( 'LABEL','ID_THE_REASON_REASSIGN_USER_EMPTY','en','Please complete the reassign reason.','2016-10-20') ,

3
workflow/engine/src/ProcessMaker/Core/System.php
View File

@@ -68,7 +68,8 @@ class System
'google_map_api_key' => '', 'google_map_api_key' => '',
'google_map_signature' => '', 'google_map_signature' => '',
'logging_level' => 'INFO', 'logging_level' => 'INFO',
'upload_attempts_limit_per_user' => '60,1' 'upload_attempts_limit_per_user' => '60,1',
'files_white_list' => ''
); );
/** /**

62
workflow/engine/src/ProcessMaker/Validation/ValidationUploadedFiles.php
View File

@@ -8,7 +8,7 @@ use Illuminate\Filesystem\Filesystem;
use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\Cache;
use ProcessMaker\Core\System; use ProcessMaker\Core\System;
use ProcessMaker\Services\OAuth2\Server; use ProcessMaker\Services\OAuth2\Server;
use ProcessMaker\Validation\Validator; use Symfony\Component\HttpFoundation\File\File;
class ValidationUploadedFiles class ValidationUploadedFiles
{ {
@@ -102,6 +102,66 @@ class ValidationUploadedFiles
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename); Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename);
}); });
//rule: mimeType
$validator->addRule()
->validate($file, function($file) {
$path = isset($file->path) ? $file->path : "";
$filesystem = new Filesystem();
if (!$filesystem->exists($path)) {
return false;
}
$extension = $filesystem->extension($file->filename);
$mimeType = $filesystem->mimeType($path);
$file = new File($path);
$guessExtension = $file->guessExtension();
$mimeTypeFile = $file->getMimeType();
//mimeType known
if ($extension === $guessExtension && $mimeType === $mimeTypeFile) {
return false;
}
//mimeType custom
$customMimeTypes = config("customMimeTypes");
$customMimeType = isset($customMimeTypes[$extension]) ? $customMimeTypes[$extension] : null;
if (is_string($customMimeType)) {
if ($customMimeType === $mimeType) {
return false;
}
}
if (is_array($customMimeType)) {
foreach ($customMimeType as $value) {
if ($value === $mimeType) {
return false;
}
}
}
//files_white_list
$systemConfiguration = System::getSystemConfiguration('', '', config("system.workspace"));
$filesWhiteList = explode(',', $systemConfiguration['files_white_list']);
if (in_array($extension, $filesWhiteList)) {
return false;
}
return true;
})
->status(415)
->message(G::LoadTranslation('ID_THE_MIMETYPE_EXTENSION_ERROR'))
->log(function($rule) {
/**
* Levels supported by MonologProvider is:
* 100 "DEBUG"
* 200 "INFO"
* 250 "NOTICE"
* 300 "WARNING"
* 400 "ERROR"
* 500 "CRITICAL"
* 550 "ALERT"
* 600 "EMERGENCY"
*/
Bootstrap::registerMonologPhpUploadExecution('phpUpload', 250, $rule->getMessage(), $rule->getData()->filename);
});
return $validator->validate(); return $validator->validate();
} }