From 252e55b941d76afb409b98641c60739887b5d8c5 Mon Sep 17 00:00:00 2001
From: Patryk Antkowiak <patrykant@gmail.com>
Date: Tue, 12 May 2015 11:25:55 +0200
Subject: [PATCH] Added validation of file type

---
 src/Flow/Basic.php   | 12 +++++++++++-
 src/Flow/Config.php  | 21 +++++++++++++++++++++
 src/Flow/File.php    | 35 ++++++++++++++++++++++++++++++-----
 src/Flow/Request.php | 24 ++++++++++++++++++++++++
 4 files changed, 86 insertions(+), 6 deletions(-)

diff --git a/src/Flow/Basic.php b/src/Flow/Basic.php
index 7409721..4e4f6dd 100644
--- a/src/Flow/Basic.php
+++ b/src/Flow/Basic.php
@@ -22,10 +22,20 @@ public static function save($destination, $config, RequestInterface $request = n
         if (!$config instanceof ConfigInterface) {
             $config = new Config(array(
                 'tempDir' => $config,
+                'mimeAccept' => array(
+                    'image/gif',
+                    'image/jpeg',
+                    'image/png',
+                    'image/bmp'
+                )
             ));
         }
         $file = new File($config, $request);
-
+        if (!$file->checkMime($config->getMimeAccept())){
+            header("HTTP/1.1 400 Bad Request");
+            echo "Invalid MIME Type: ".$file->getFileType();
+            return false;
+        }
         if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             if ($file->checkChunk()) {
                 header("HTTP/1.1 200 Ok");
diff --git a/src/Flow/Config.php b/src/Flow/Config.php
index 412ce77..48bfccc 100644
--- a/src/Flow/Config.php
+++ b/src/Flow/Config.php
@@ -21,6 +21,27 @@ public function __construct($config = array())
         $this->config = $config;
     }
 
+    /**
+     * Set mime accept types
+     *
+     * @param $mime
+     */
+    public function setMimeAccept($mime)
+    {
+        $this->config['mimeAccept'] = $mime;
+    }
+
+    /**
+     * Get mime accept types
+     *
+     * @return array
+     */
+    public function getMimeAccept()
+    {
+        return $this->config['mimeAccept'];
+    }
+
+
     /**
      * Set path to temporary directory for chunks storage
      *
diff --git a/src/Flow/File.php b/src/Flow/File.php
index 5f4a885..91d9380 100644
--- a/src/Flow/File.php
+++ b/src/Flow/File.php
@@ -2,6 +2,7 @@
 
 namespace Flow;
 
+
 class File
 {
     /**
@@ -24,7 +25,7 @@ class File
     /**
      * Constructor
      *
-     * @param ConfigInterface  $config
+     * @param ConfigInterface $config
      * @param RequestInterface $request
      */
     public function __construct(ConfigInterface $config, RequestInterface $request = null)
@@ -58,7 +59,7 @@ public function getIdentifier()
      */
     public function getChunkPath($index)
     {
-        return $this->config->getTempDir().DIRECTORY_SEPARATOR.$this->identifier.'_'.$index;
+        return $this->config->getTempDir() . DIRECTORY_SEPARATOR . $this->identifier . '_' . $index;
     }
 
     /**
@@ -148,7 +149,7 @@ public function save($destination)
     {
         $fh = fopen($destination, 'wb');
         if (!$fh) {
-            throw new FileOpenException('failed to open destination file: '.$destination);
+            throw new FileOpenException('failed to open destination file: ' . $destination);
         }
 
         if (!flock($fh, LOCK_EX | LOCK_NB, $blocked)) {
@@ -161,7 +162,7 @@ public function save($destination)
             }
             // @codeCoverageIgnoreEnd
 
-            throw new FileLockException('failed to lock file: '.$destination);
+            throw new FileLockException('failed to lock file: ' . $destination);
         }
 
         $totalChunks = $this->request->getTotalChunks();
@@ -174,7 +175,7 @@ public function save($destination)
                 $chunk = fopen($file, "rb");
 
                 if (!$chunk) {
-                    throw new FileOpenException('failed to open chunk: '.$file);
+                    throw new FileOpenException('failed to open chunk: ' . $file);
                 }
 
                 if ($preProcessChunk !== null) {
@@ -230,4 +231,28 @@ public function _move_uploaded_file($filePath, $destinationPath)
     {
         return move_uploaded_file($filePath, $destinationPath);
     }
+
+
+    /**
+     * Check Mime Type
+     */
+    public function checkMime($acceptMimes)
+    {
+        $fileMime = $this->request->getFileType();
+
+        foreach ($acceptMimes as $acceptMime) {
+            if ($fileMime === $acceptMime) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * Get Mime Type
+     */
+    public function getFileType()
+    {
+        return $this->request->getFileType();
+    }
 }
diff --git a/src/Flow/Request.php b/src/Flow/Request.php
index 0db0d4e..c1add63 100644
--- a/src/Flow/Request.php
+++ b/src/Flow/Request.php
@@ -38,6 +38,30 @@ public function __construct($params = null, $file = null)
         $this->file = $file;
     }
 
+
+    /**
+     * Get parameter of file
+     *
+     * @param string $name
+     *
+     * @return string|int|null
+     */
+    protected function getFileParam($name)
+    {
+        return isset($this->file[$name]) ? $this->file[$name] : null;
+    }
+
+    /**
+     * Get uploaded file type
+     *
+     * @return string|null
+     */
+    public function getFileType()
+    {
+        return $this->getFileParam('type');
+    }
+
+
     /**
      * Get parameter value
      *