git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

author	Adolf Belka <adolf.belka@ipfire.org>
	Thu, 9 Jan 2025 19:04:36 +0000 (20:04 +0100)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Fri, 24 Jan 2025 08:55:53 +0000 (09:55 +0100)
commit	01de28ec05cde5d945500ef6bd5ce25c3586f686
tree	d629634897b38813aeade5b86214555506a14ac6	tree
parent	36391d1d0d2dfb69077e2d860d2af3c975cf86f6	commit \| diff

captive.cgi: Update code to check for the image content type not just the extension

- The File-LibMagic used to do this content type check. As this requires the actual
   file and path name to access, the CGI::upload command had to be brought to before
   the content type check and download the file to /tmp/. Then the content type can be
   identified. If it is either image/png or image/jpeg then the logo.tmp file is
   moved to replace the existing logo.dat. If the uploaded logo is not a png or jpeg
   image content then the logo.tmp file in /tmp/ is deleted by unlinking it.
- I also added the actual content type to the error message if it is not a png or jpeg.
- Tested the code out on my vm testbed and it worked fine. Only png or jpeg content
   type is accepted It makes no difference what the extension on the file is. When not
   the correct content type the old logo.dat is left alone and not changed and the new
   logo stored in /tmp/ is removed. If the content type is correct then the new logo file
   in /tmp/ is moved to replace the existing logo.data file.
- When the wrong type of content was in the file, for example html code, then the error
   message is shown saying that the content type is not correct and showing the actual
   content type, in this case text/html.

Fixes: Bug13795
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>