From a1449fb2dd1a2884fe07b9a84898ac61ab222ae4 Mon Sep 17 00:00:00 2001 From: Jim Spillane Date: Sat, 9 May 2020 14:58:39 -0400 Subject: [PATCH] Fix Uploadable files When testing for allowable file extensions using a comma separated list, like (jpg,mp3,txt,zip), extensions such as .xt or .p3 will return true. Adding Split(',') will test each of the extensions correctly. Adding ToLower() will allow mixed case extensions, like .JPG or .Zip to return true. --- Oqtane.Server/Controllers/FileController.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs index 6c3223c9..5a09d5a5 100644 --- a/Oqtane.Server/Controllers/FileController.cs +++ b/Oqtane.Server/Controllers/FileController.cs @@ -194,7 +194,7 @@ namespace Oqtane.Controllers CreateDirectory(folderPath); string filename = url.Substring(url.LastIndexOf("/", StringComparison.Ordinal) + 1); // check for allowable file extensions - if (Constants.UploadableFiles.Contains(Path.GetExtension(filename).Replace(".", ""))) + if (Constants.UploadableFiles.Split(',').Contains(Path.GetExtension(filename).ToLower().Replace(".", ""))) { try { @@ -317,7 +317,7 @@ namespace Oqtane.Controllers } // check for allowable file extensions - if (!Constants.UploadableFiles.Contains(Path.GetExtension(filename)?.Replace(".", ""))) + if (!Constants.UploadableFiles.Split(',').Contains(Path.GetExtension(filename)?.ToLower().Replace(".", ""))) { System.IO.File.Delete(Path.Combine(folder, filename + ".tmp")); } @@ -469,7 +469,7 @@ namespace Oqtane.Controllers file.ImageHeight = 0; file.ImageWidth = 0; - if (Constants.ImageFiles.Contains(file.Extension)) + if (Constants.ImageFiles.Split(',').Contains(file.Extension.ToLower())) { FileStream stream = new FileStream(filepath, FileMode.Open, FileAccess.Read); using (var image = Image.FromStream(stream))