Some type safety checks and rearrange file upload and mime type check code

This commit is contained in:
Alex Cabal 2024-01-11 13:08:02 -06:00
parent 362fb52d7d
commit a2de3c3ecb
3 changed files with 16 additions and 7 deletions

View file

@ -32,7 +32,7 @@ class Artwork extends PropertiesBase{
public ?int $ArtworkId = null; public ?int $ArtworkId = null;
public ?int $ArtistId = null; public ?int $ArtistId = null;
public ?int $CompletedYear = null; public ?int $CompletedYear = null;
public ?bool $CompletedYearIsCirca = null; public bool $CompletedYearIsCirca = false;
public ?DateTime $Created = null; public ?DateTime $Created = null;
public ?DateTime $Updated = null; public ?DateTime $Updated = null;
public ?string $Status = null; public ?string $Status = null;
@ -439,10 +439,6 @@ class Artwork extends PropertiesBase{
$error->Add(new Exceptions\InvalidImageUploadException($message)); $error->Add(new Exceptions\InvalidImageUploadException($message));
} }
if(!is_uploaded_file($uploadedFile['tmp_name'])){
$error->Add(new Exceptions\InvalidImageUploadException());
}
// Check for minimum dimensions // Check for minimum dimensions
list($imageWidth, $imageHeight) = getimagesize($uploadedFile['tmp_name']); list($imageWidth, $imageHeight) = getimagesize($uploadedFile['tmp_name']);
if(!$imageWidth || !$imageHeight || $imageWidth < COVER_ARTWORK_IMAGE_MINIMUM_WIDTH || $imageHeight < COVER_ARTWORK_IMAGE_MINIMUM_HEIGHT){ if(!$imageWidth || !$imageHeight || $imageWidth < COVER_ARTWORK_IMAGE_MINIMUM_WIDTH || $imageHeight < COVER_ARTWORK_IMAGE_MINIMUM_HEIGHT){
@ -553,7 +549,10 @@ class Artwork extends PropertiesBase{
* @throws \Exceptions\InvalidImageUploadException * @throws \Exceptions\InvalidImageUploadException
*/ */
public function Create(array $uploadedFile): void{ public function Create(array $uploadedFile): void{
$this->MimeType = ImageMimeType::FromFile($uploadedFile['tmp_name'] ?? null);
$this->Validate($uploadedFile); $this->Validate($uploadedFile);
$this->Created = new DateTime(); $this->Created = new DateTime();
// Can't assign directly to $this->Tags because it's hidden behind a getter // Can't assign directly to $this->Tags because it's hidden behind a getter

View file

@ -1,4 +1,6 @@
<? <?
use function Safe\parse_url;
class Museum extends PropertiesBase{ class Museum extends PropertiesBase{
public int $MuseumId; public int $MuseumId;
public string $Name; public string $Name;
@ -16,6 +18,10 @@ class Museum extends PropertiesBase{
throw new Exceptions\InvalidUrlException($url); throw new Exceptions\InvalidUrlException($url);
} }
if(!isset($parsedUrl['host'])){
throw new Exceptions\InvalidUrlException($url);
}
$result = Db::Query(' $result = Db::Query('
SELECT * SELECT *
from Museums from Museums

View file

@ -29,7 +29,7 @@ try{
$artwork->Name = HttpInput::Str(POST, 'artwork-name', false); $artwork->Name = HttpInput::Str(POST, 'artwork-name', false);
$artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year'); $artwork->CompletedYear = HttpInput::Int(POST, 'artwork-year');
$artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false); $artwork->CompletedYearIsCirca = HttpInput::Bool(POST, 'artwork-year-is-circa', false) ?? false;
$artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? []; $artwork->Tags = HttpInput::Str(POST, 'artwork-tags', false) ?? [];
$artwork->Status = HttpInput::Str(POST, 'artwork-status', false, COVER_ARTWORK_STATUS_UNVERIFIED); $artwork->Status = HttpInput::Str(POST, 'artwork-status', false, COVER_ARTWORK_STATUS_UNVERIFIED);
$artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false); $artwork->EbookWwwFilesystemPath = HttpInput::Str(POST, 'artwork-ebook-www-filesystem-path', false);
@ -40,7 +40,6 @@ try{
$artwork->CopyrightPageUrl = HttpInput::Str(POST, 'artwork-copyright-page-url', false); $artwork->CopyrightPageUrl = HttpInput::Str(POST, 'artwork-copyright-page-url', false);
$artwork->ArtworkPageUrl = HttpInput::Str(POST, 'artwork-artwork-page-url', false); $artwork->ArtworkPageUrl = HttpInput::Str(POST, 'artwork-artwork-page-url', false);
$artwork->MuseumUrl = HttpInput::Str(POST, 'artwork-museum-url', false); $artwork->MuseumUrl = HttpInput::Str(POST, 'artwork-museum-url', false);
$artwork->MimeType = ImageMimeType::FromFile($_FILES['artwork-image']['tmp_name'] ?? null);
$artwork->Exception = HttpInput::Str(POST, 'artwork-exception', false); $artwork->Exception = HttpInput::Str(POST, 'artwork-exception', false);
$artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false); $artwork->Notes = HttpInput::Str(POST, 'artwork-notes', false);
@ -54,6 +53,11 @@ try{
$artwork->ReviewerUserId = $GLOBALS['User']->UserId; $artwork->ReviewerUserId = $GLOBALS['User']->UserId;
} }
// Confirm that the files came from POST
if(!is_uploaded_file($_FILES['artwork-image'])){
throw new Exceptions\InvalidImageUploadException();
}
$artwork->Create($_FILES['artwork-image'] ?? []); $artwork->Create($_FILES['artwork-image'] ?? []);
$_SESSION['artwork'] = $artwork; $_SESSION['artwork'] = $artwork;