From 904b2b438b0dc32b79e39c9f2b6a2cb4350af7e0 Mon Sep 17 00:00:00 2001 From: Alexandre Bodin Date: Fri, 3 Apr 2020 13:35:33 +0200 Subject: [PATCH] Use mime-types to set extension Signed-off-by: Alexandre Bodin --- packages/strapi-plugin-upload/middlewares/upload/index.js | 4 ++++ packages/strapi-plugin-upload/package.json | 1 + packages/strapi-plugin-upload/services/Upload.js | 6 ++++-- yarn.lock | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/packages/strapi-plugin-upload/middlewares/upload/index.js b/packages/strapi-plugin-upload/middlewares/upload/index.js index 1c35d62415..98567e6661 100644 --- a/packages/strapi-plugin-upload/middlewares/upload/index.js +++ b/packages/strapi-plugin-upload/middlewares/upload/index.js @@ -31,6 +31,10 @@ module.exports = strapi => ({ try { const url = new URL(ctx.query.url); + if (!['http:', 'https:'].includes(url.protocol)) { + throw new Error('Invalid URL'); + } + if (!isValidDomain(url.hostname)) { throw new Error('Invalid URL'); } diff --git a/packages/strapi-plugin-upload/package.json b/packages/strapi-plugin-upload/package.json index dfe27de096..a6b86f9f7d 100644 --- a/packages/strapi-plugin-upload/package.json +++ b/packages/strapi-plugin-upload/package.json @@ -20,6 +20,7 @@ "koa-range": "0.3.0", "koa-static": "^5.0.0", "lodash": "^4.17.11", + "mime-types": "2.1.26", "node-fetch": "2.6.0", "react": "^16.9.0", "react-copy-to-clipboard": "^5.0.1", diff --git a/packages/strapi-plugin-upload/services/Upload.js b/packages/strapi-plugin-upload/services/Upload.js index 72ef24c843..5bef88baa7 100644 --- a/packages/strapi-plugin-upload/services/Upload.js +++ b/packages/strapi-plugin-upload/services/Upload.js @@ -12,6 +12,8 @@ const crypto = require('crypto'); const _ = require('lodash'); const util = require('util'); const filenamify = require('filenamify'); +const mime = require('mime-types'); + const { bytesToKbytes } = require('../utils/file'); const randomSuffix = () => crypto.randomBytes(5).toString('hex'); @@ -31,8 +33,8 @@ const combineFilters = params => { module.exports = { formatFileInfo({ filename, type, size }, fileInfo = {}, metas = {}) { - const ext = path.extname(filename); - const baseName = path.basename(filename, ext); + const ext = '.' + mime.extension(type); + const baseName = path.basename(filename, path.extname(filename)); const usedName = fileInfo.name || baseName; diff --git a/yarn.lock b/yarn.lock index 72fab410cd..0149703b6a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11853,7 +11853,7 @@ mime-db@1.43.0, "mime-db@>= 1.43.0 < 2": resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.43.0.tgz#0a12e0502650e473d735535050e7c8f4eb4fae58" integrity sha512-+5dsGEEovYbT8UY9yD7eE4XTc4UwJ1jBYlgaQQF38ENsKR3wj/8q8RFZrF9WIZpB2V1ArTVFUva8sAul1NzRzQ== -mime-types@^2.0.8, mime-types@^2.1.12, mime-types@^2.1.18, mime-types@~2.1.17, mime-types@~2.1.19, mime-types@~2.1.24: +mime-types@2.1.26, mime-types@^2.0.8, mime-types@^2.1.12, mime-types@^2.1.18, mime-types@~2.1.17, mime-types@~2.1.19, mime-types@~2.1.24: version "2.1.26" resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.26.tgz#9c921fc09b7e149a65dfdc0da4d20997200b0a06" integrity sha512-01paPWYgLrkqAyrlDorC1uDwl2p3qZT7yl806vW7DvDoxwXi46jsjFbg+WdwotBIk6/MbEhO/dh5aZ5sNj/dWQ==