mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-21 22:32:41 +01:00
Enforce viewable MIME types config on PDF documents
Summary:
Let instance admins decide whether to allow PDFs to be viewable as a Web page. See <5ec132bf9e
>.
MOZILLA: Instead of always allowing PDFs to be viewable in the web UI, [...]
This checks that the PDF mimetype is viewable according to the system
configuration.
Ref Q83.
Test Plan:
1. Set `files.viewable-mime-types` to exclude application/pdf.
2. Upload a pdf file.
3. See "No document engine can render the contents of this file." in web UI.
Reviewers: O1 Blessed Committers, speck
Reviewed By: O1 Blessed Committers, speck
Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno
Differential Revision: https://we.phorge.it/D25464
This commit is contained in:
parent
5d80b3fd88
commit
16d9cc12af
2 changed files with 14 additions and 10 deletions
|
@ -134,9 +134,11 @@ final class PhabricatorFilesConfigOptions
|
|||
->setDescription(
|
||||
pht(
|
||||
"Configure which uploaded file types may be viewed directly ".
|
||||
"in the browser. Other file types will be downloaded instead ".
|
||||
"of displayed. This is mainly a usability consideration, since ".
|
||||
"browsers tend to freak out when viewing very large binary files.".
|
||||
"in the browser. Other types will be downloaded instead of ".
|
||||
"displayed. This is a usability and security consideration, ".
|
||||
"since browsers tend to freak out when viewing very large ".
|
||||
"binary files, and some types may be vulnerable to XSS attacks ".
|
||||
"when viewed in a browser.".
|
||||
"\n\n".
|
||||
"The keys in this map are viewable MIME types; the values are ".
|
||||
"the MIME types they are delivered as when they are viewed in ".
|
||||
|
|
|
@ -14,14 +14,16 @@ final class PhabricatorPDFDocumentEngine
|
|||
}
|
||||
|
||||
protected function canRenderDocumentType(PhabricatorDocumentRef $ref) {
|
||||
// Since we just render a link to the document anyway, we don't need to
|
||||
// check anything fancy in config to see if the MIME type is actually
|
||||
// viewable.
|
||||
$viewable_types = PhabricatorEnv::getEnvConfig('files.viewable-mime-types');
|
||||
$viewable_types = array_keys($viewable_types);
|
||||
|
||||
return $ref->hasAnyMimeType(
|
||||
array(
|
||||
'application/pdf',
|
||||
));
|
||||
$pdf_types = array(
|
||||
'application/pdf',
|
||||
);
|
||||
|
||||
return
|
||||
$ref->hasAnyMimeType($viewable_types) &&
|
||||
$ref->hasAnyMimeType($pdf_types);
|
||||
}
|
||||
|
||||
protected function newDocumentContent(PhabricatorDocumentRef $ref) {
|
||||
|
|
Loading…
Reference in a new issue