jukka/intra.noxus.fi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: handle missing fileinfo extension for logo upload

Browse Source 
finfo_open() is not available on CloudLinux alt-php84.
Now validates by file extension first, and only uses finfo
if the extension is available. Falls back gracefully.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jukka Lampikoski
2026-03-10 17:09:50 +02:00
parent b4b64fffcc
commit d8de69b9b9
2 changed files with 18 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
api.php
View File

@@ -706,18 +706,28 @@ switch ($action) {
echo json_encode(['error' => 'Logo on liian suuri (max 2MB)']);
break;
}
// Validoi tyyppi
$allowedTypes = ['image/png', 'image/jpeg', 'image/svg+xml', 'image/webp'];
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$detectedType = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
if (!in_array($detectedType, $allowedTypes)) {
// Validoi tyyppi (tiedostopäätteen + mahdollisen finfo:n perusteella)
$allowedExtensions = ['png', 'jpg', 'jpeg', 'svg', 'webp'];
$origExt = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
if (!in_array($origExt, $allowedExtensions)) {
http_response_code(400);
echo json_encode(['error' => 'Sallitut tiedostotyypit: PNG, JPG, SVG, WebP']);
break;
}
$extMap = ['image/png' => 'png', 'image/jpeg' => 'jpg', 'image/svg+xml' => 'svg', 'image/webp' => 'webp'];
$ext = $extMap[$detectedType] ?? 'png';
// Käytä finfo:a jos saatavilla, muuten luota tiedostopäätteeseen
if (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$detectedType = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
$allowedMimes = ['image/png', 'image/jpeg', 'image/svg+xml', 'image/webp'];
if (!in_array($detectedType, $allowedMimes)) {
http_response_code(400);
echo json_encode(['error' => 'Sallitut tiedostotyypit: PNG, JPG, SVG, WebP']);
break;
}
}
$extNormalize = ['jpeg' => 'jpg'];
$ext = $extNormalize[$origExt] ?? $origExt;
$newFilename = 'logo.' . $ext;
$compDir = DATA_DIR . '/companies/' . $companyId;
// Luo kansio tarvittaessa (data on nyt MySQL:ssä, kansio vain logoille)