Fix upload file type check (#7890)

* fix upload file type check * make the function simple and added tests * Update comment as per @silverwind
2019-08-17 18:10:17 +08:00 · 2019-08-17 18:10:17 +08:00 · 2d0b90c967
commit 2d0b90c967
parent a678ea44b8
2 changed files with 54 additions and 10 deletions
--- a/modules/upload/filetype.go
+++ b/modules/upload/filetype.go
@ -31,19 +31,16 @@ func (err ErrFileTypeForbidden) Error() string {
 func VerifyAllowedContentType(buf []byte, allowedTypes []string) error {
 	fileType := http.DetectContentType(buf)

-	allowed := false
 	for _, t := range allowedTypes {
 		t := strings.Trim(t, " ")
-		if t == "*/*" || t == fileType {
-			allowed = true
-			break
+
+		if t == "*/*" || t == fileType ||
+			// Allow directives after type, like 'text/plain; charset=utf-8'
+			strings.HasPrefix(fileType, t+";") {
+			return nil
 		}
 	}

-	if !allowed {
-		log.Info("Attachment with type %s blocked from upload", fileType)
-		return ErrFileTypeForbidden{Type: fileType}
-	}
-
-	return nil
+	log.Info("Attachment with type %s blocked from upload", fileType)
+	return ErrFileTypeForbidden{Type: fileType}
 }