jukka/intra.noxus.fi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: handle missing fileinfo extension for logo upload

Browse Source 
finfo_open() is not available on CloudLinux alt-php84.
Now validates by file extension first, and only uses finfo
if the extension is available. Falls back gracefully.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jukka Lampikoski
2026-03-10 17:09:50 +02:00
parent b4b64fffcc
commit d8de69b9b9
2 changed files with 18 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
api.php
View File

@@ -706,18 +706,28 @@ switch ($action) {
echo json_encode(['error' => 'Logo on liian suuri (max 2MB)']); echo json_encode(['error' => 'Logo on liian suuri (max 2MB)']);
break; break;
} }
// Validoi tyyppi // Validoi tyyppi (tiedostopäätteen + mahdollisen finfo:n perusteella)
$allowedTypes = ['image/png', 'image/jpeg', 'image/svg+xml', 'image/webp']; $allowedExtensions = ['png', 'jpg', 'jpeg', 'svg', 'webp'];
$finfo = finfo_open(FILEINFO_MIME_TYPE); $origExt = strtolower(pathinfo($file['name'], PATHINFO_EXTENSION));
$detectedType = finfo_file($finfo, $file['tmp_name']); if (!in_array($origExt, $allowedExtensions)) {
finfo_close($finfo);
if (!in_array($detectedType, $allowedTypes)) {
http_response_code(400); http_response_code(400);
echo json_encode(['error' => 'Sallitut tiedostotyypit: PNG, JPG, SVG, WebP']); echo json_encode(['error' => 'Sallitut tiedostotyypit: PNG, JPG, SVG, WebP']);
break; break;
} }
$extMap = ['image/png' => 'png', 'image/jpeg' => 'jpg', 'image/svg+xml' => 'svg', 'image/webp' => 'webp']; // Käytä finfo:a jos saatavilla, muuten luota tiedostopäätteeseen
$ext = $extMap[$detectedType] ?? 'png'; if (function_exists('finfo_open')) {
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$detectedType = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
$allowedMimes = ['image/png', 'image/jpeg', 'image/svg+xml', 'image/webp'];
if (!in_array($detectedType, $allowedMimes)) {
http_response_code(400);
echo json_encode(['error' => 'Sallitut tiedostotyypit: PNG, JPG, SVG, WebP']);
break;
}
}
$extNormalize = ['jpeg' => 'jpg'];
$ext = $extNormalize[$origExt] ?? $origExt;
$newFilename = 'logo.' . $ext; $newFilename = 'logo.' . $ext;
$compDir = DATA_DIR . '/companies/' . $companyId; $compDir = DATA_DIR . '/companies/' . $companyId;
// Luo kansio tarvittaessa (data on nyt MySQL:ssä, kansio vain logoille) // Luo kansio tarvittaessa (data on nyt MySQL:ssä, kansio vain logoille)

69
test_upload.php
View File

@@ -1,69 +0,0 @@
<?php
// Testaa koko upload-flow ilman autentikaatiota
ini_set('display_errors', '1');
error_reporting(E_ALL);
header('Content-Type: text/plain; charset=utf-8');
require_once __DIR__ . '/db.php';
define('DATA_DIR', __DIR__ . '/data');
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['logo'])) {
$companyId = $_POST['company_id'] ?? 'web1';
$file = $_FILES['logo'];
echo "Upload tiedot:\n";
echo " company_id: $companyId\n";
echo " name: {$file['name']}\n";
echo " type: {$file['type']}\n";
echo " size: {$file['size']}\n";
echo " error: {$file['error']}\n";
echo " tmp_name: {$file['tmp_name']}\n\n";
if ($file['error'] !== UPLOAD_ERR_OK) {
echo "❌ Upload error: {$file['error']}\n";
exit;
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$detectedType = finfo_file($finfo, $file['tmp_name']);
finfo_close($finfo);
echo " detected mime: $detectedType\n\n";
$extMap = ['image/png' => 'png', 'image/jpeg' => 'jpg', 'image/svg+xml' => 'svg', 'image/webp' => 'webp'];
$ext = $extMap[$detectedType] ?? 'unknown';
$newFilename = 'logo.' . $ext;
$compDir = DATA_DIR . '/companies/' . $companyId;
if (!file_exists($compDir)) mkdir($compDir, 0755, true);
echo "Tallenna: $compDir/$newFilename\n";
$ok = move_uploaded_file($file['tmp_name'], $compDir . '/' . $newFilename);
echo $ok ? "✅ Tiedosto tallennettu!\n" : "❌ move_uploaded_file epäonnistui\n";
if ($ok) {
$companies = dbLoadCompanies();
foreach ($companies as $comp) {
if ($comp['id'] === $companyId) {
$comp['logo_file'] = $newFilename;
try {
dbSaveCompany($comp);
echo "✅ Kanta päivitetty (logo_file = $newFilename)\n";
} catch (Throwable $e) {
echo "❌ DB virhe: " . $e->getMessage() . "\n";
}
break;
}
}
echo "\nJSON response olisi:\n";
echo json_encode(['success' => true, 'logo_file' => $newFilename, 'logo_url' => "api.php?action=company_logo&company_id=" . urlencode($companyId)]);
}
} else {
echo "Käytä POST-lomaketta:\n\n";
header('Content-Type: text/html; charset=utf-8');
echo '<form method="POST" enctype="multipart/form-data">
<input type="hidden" name="company_id" value="web1">
<input type="file" name="logo" accept="image/*">
<button type="submit">Upload logo</button>
</form>';
}