From 74d1a451037490940c721ed8425ac53ba21d26e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=B6lzel?= Date: Wed, 28 Aug 2024 16:51:59 +0200 Subject: [PATCH 1/2] Add MIME type filter to ensure only supported image files are downloaded The filter is necessary because the method would otherwise download any file present in mets:fileGrp DEFAULT. --- Classes/Controller/ToolboxController.php | 61 +++++++++++++++++++++++- 1 file changed, 59 insertions(+), 2 deletions(-) diff --git a/Classes/Controller/ToolboxController.php b/Classes/Controller/ToolboxController.php index fe0d4fc13..1c36731c5 100644 --- a/Classes/Controller/ToolboxController.php +++ b/Classes/Controller/ToolboxController.php @@ -268,6 +268,38 @@ public function renderScoreTool() } } + /** + * List of common web image mimetypes + * The MIMETYPE attribute must specify the media type of the digital representation. All web-compatible formats as per RFC2046 are allowed. + */ + private const IMAGE_MIMETYPES = [ + "image/jpeg", + "image/jpg", + "image/png", + "image/gif", + "image/bmp", + "image/tiff", + "image/x-tiff", + "image/webp", + "image/svg+xml", + "image/vnd.microsoft.icon", + "image/x-icon", + "image/heif", + "image/heic", + "image/vnd.adobe.photoshop", + "image/x-xbitmap", + "image/x-xpixmap", + "image/jp2", + "image/jpx", + "image/jpm", + "image/mj2", + "image/x-portable-anymap", + "image/x-portable-bitmap", + "image/x-portable-graymap", + "image/x-portable-pixmap", + "application/pdf" + ]; + /** * Renders the image download tool * Renders the image download tool (used in template) @@ -291,14 +323,39 @@ private function renderImageDownloadTool(): void $imageArray = []; // Get left or single page download. - $imageArray[0] = $this->getImage($this->requestData['page']); + $image = $this->getImage($this->requestData['page']); + if ($this->filterImageFiles($image)) { + $imageArray[0] = $image; + } + if ($this->requestData['double'] == 1) { - $imageArray[1] = $this->getImage($this->requestData['page'] + 1); + $image = $this->getImage($this->requestData['page'] + 1); + if ($this->filterImageFiles($image)) { + $imageArray[1] = $image; + } } $this->view->assign('imageDownload', $imageArray); } + /** + * Filters an image file based on its mimetype. + * + * This method checks if the provided image array contains a 'mimetype' key and + * verifies if the mimetype is one of the supported image types defined in the class constant IMAGE_MIMETYPES. + * + * @param mixed $image The image array to filter + * + * @return bool True if the image mimetype is supported, false otherwise + */ + private function filterImageFiles($image): bool + { + if (is_array($image) && isset($image['mimetype'])) { + return in_array($image['mimetype'], self::IMAGE_MIMETYPES); + } + return false; + } + /** * Get file's URL and MIME type * From 15a3dd76f3b45cee5edc925164375e17c8f15c7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Florian=20Sch=C3=B6lzel?= Date: Wed, 28 Aug 2024 17:28:39 +0200 Subject: [PATCH 2/2] removed "application/pdf" from image mime-types list --- Classes/Controller/ToolboxController.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Classes/Controller/ToolboxController.php b/Classes/Controller/ToolboxController.php index 1c36731c5..b7eddb4c8 100644 --- a/Classes/Controller/ToolboxController.php +++ b/Classes/Controller/ToolboxController.php @@ -296,8 +296,7 @@ public function renderScoreTool() "image/x-portable-anymap", "image/x-portable-bitmap", "image/x-portable-graymap", - "image/x-portable-pixmap", - "application/pdf" + "image/x-portable-pixmap" ]; /**