Replace regex usage for MIME parsing (#17831)

MIME types can have multiple optional parameters, eg:
    video/webm; codecs="w/e codec"; charset="binary"
This commit replaces the usage of regex for getting the "type/subtype"
with mime.ParseMediaType.
This commit is contained in:
Gabriel Vasile 2021-11-27 13:12:43 +02:00 committed by GitHub
parent 789d251ae4
commit 2e8fc5b034
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions

View File

@ -5,6 +5,7 @@
package upload package upload
import ( import (
"mime"
"net/http" "net/http"
"net/url" "net/url"
"path" "path"
@ -31,7 +32,6 @@ func (err ErrFileTypeForbidden) Error() string {
return "This file extension or type is not allowed to be uploaded." return "This file extension or type is not allowed to be uploaded."
} }
var mimeTypeSuffixRe = regexp.MustCompile(`;.*$`)
var wildcardTypeRe = regexp.MustCompile(`^[a-z]+/\*$`) var wildcardTypeRe = regexp.MustCompile(`^[a-z]+/\*$`)
// Verify validates whether a file is allowed to be uploaded. // Verify validates whether a file is allowed to be uploaded.
@ -51,7 +51,11 @@ func Verify(buf []byte, fileName string, allowedTypesStr string) error {
} }
fullMimeType := http.DetectContentType(buf) fullMimeType := http.DetectContentType(buf)
mimeType := strings.TrimSpace(mimeTypeSuffixRe.ReplaceAllString(fullMimeType, "")) mimeType, _, err := mime.ParseMediaType(fullMimeType)
if err != nil {
log.Warn("Detected attachment type could not be parsed %s", fullMimeType)
return ErrFileTypeForbidden{Type: fullMimeType}
}
extension := strings.ToLower(path.Ext(fileName)) extension := strings.ToLower(path.Ext(fileName))
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers