search

classic-o / nova-media-library

Media Library for admin panel "Laravel Nova"
MIT License
157 stars 66 forks source link

Use guessExtension instead #90

Closed fecony closed 1 year ago

fecony commented 2 years ago

Describe the bug When uploading file from request:

$file = API::upload($request->file($key)->getRealPath());

Stored file in nova_media_library will have name without extension phps5zvfw-1654000439eZm9z.

As noted in https://devdocs.io/symfony~3.1/symfony/component/httpfoundation/file/uploadedfile#method_getClientOriginalExtension

"It is extracted from the original file name that was uploaded. Then it should not be considered as a safe value." it is not safe when file is uploaded

Screenshots

Screenshot 2022-05-31 at 16 38 33

Solution

Possible solution would be changing this line to: $this->extension = strtolower($file->getClientOriginalExtension() ?: $file->guessExtension()); or better $this->extension = strtolower($file->guessExtension())