photo upload filetype check

howest-wsde / VrijwilligersTool

Roeselare vrijwilligt

4 stars 0 forks source link

photo upload filetype check #453

Closed SnelleJelle closed 7 years ago

SnelleJelle commented 7 years ago

I can upload executables...not a good idea

SnelleJelle commented 7 years ago

checks on person entity don't get executed.

     * @Assert\Image(
     *     maxSize = "2M",
     *     maxSizeMessage="person.avatar.maxSizeMessage",
     *     mimeTypes={ "image/jpeg", "image/png" },
     *     mimeTypesMessage="person.avatar.mimeTypesMessage",
     *     uploadErrorMessage="person.avatar.uploadErrorMessage"
     * )
     *
     * @Vich\UploadableField(mapping="person_avatar", fileNameProperty="avatarName")
     *
     * @var File
     */
    protected $avatarFile;

SnelleJelle commented 7 years ago

It works now,

it checks for mime type and file header. I don't knwo what else I can do setting up a malware scanner will take me ages

SnelleJelle commented 7 years ago

https://github.com/howest-wsde/VrijwilligersTool/issues/453