RPJosh
/
memories
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

edit-meta: forbid some types e.g. mts 

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
pull/504/head
Varun Patil 2023-03-17 00:12:06 -07:00
parent 758beab34e
commit 2441d5f556
3 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Command/MigrateGoogleTakeout.php
View File

@ -23,7 +23,6 @@ declare(strict_types=1);
namespace OCA\Memories\Command; namespace OCA\Memories\Command;
use OCA\Memories\AppInfo\Application;
use OCA\Memories\Db\TimelineWrite; use OCA\Memories\Db\TimelineWrite;
use OCA\Memories\Exif; use OCA\Memories\Exif;
use OCP\Files\File; use OCP\Files\File;
@ -88,7 +87,7 @@ class MigrateGoogleTakeout extends Command
{ {
$this->output = $output; $this->output = $output;
$this->input = $input; $this->input = $input;
$this->mimeTypes = array_merge(Application::IMAGE_MIMES, Application::VIDEO_MIMES); $this->mimeTypes = Exif::allowedEditMimetypes();
// Provide ample warnings // Provide ample warnings
if ($input->isInteractive()) { if ($input->isInteractive()) {

8
lib/Controller/ImageController.php
View File

@ -242,6 +242,14 @@ class ImageController extends ApiBase
return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED); return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED);
} }
// Check if allowed to edit file
$mime = $file->getMimeType();
if (!\in_array($mime, Exif::allowedEditMimetypes(), true)) {
$name = $file->getName();
return new JSONResponse(['message' => "Cannot edit file {$name} (blacklisted type {$mime})"], Http::STATUS_PRECONDITION_FAILED);
}
// Get original file from body // Get original file from body
$path = $file->getStorage()->getLocalFile($file->getInternalPath()); $path = $file->getStorage()->getLocalFile($file->getInternalPath());

9
lib/Exif.php
View File

@ -10,6 +10,7 @@ use OCP\IConfig;
class Exif class Exif
{ {
private const FORBIDDEN_EDIT_MIMES = ['image/bmp', 'image/x-dcraw', 'video/MP2T'];
private const EXIFTOOL_VER = '12.50'; private const EXIFTOOL_VER = '12.50';
private const EXIFTOOL_TIMEOUT = 30000; private const EXIFTOOL_TIMEOUT = 30000;
private const EXIFTOOL_ARGS = ['-api', 'QuickTimeUTC=1', '-n', '-U', '-json', '--b']; private const EXIFTOOL_ARGS = ['-api', 'QuickTimeUTC=1', '-n', '-U', '-json', '--b'];
@ -244,6 +245,14 @@ class Exif
return [$width, $height]; return [$width, $height];
} }
/**
* Get the list of MIME Types that are allowed to be edited.
*/
public static function allowedEditMimetypes(): array
{
return array_diff(array_merge(Application::IMAGE_MIMES, Application::VIDEO_MIMES), self::FORBIDDEN_EDIT_MIMES);
}
/** /**
* Set exif data using raw json. * Set exif data using raw json.
* *