diff --git a/Makefile b/Makefile index 6c89899c2..fe0a0e0ce 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ OBJS = swad_account.o swad_action.o swad_agenda.o swad_alert.o \ swad_database.o swad_date.o swad_degree.o swad_degree_type.o \ swad_department.o swad_duplicate.o \ swad_enrolment.o swad_exam.o \ - swad_file.o swad_file_browser.o swad_file_extension.o \ + swad_file.o swad_file_browser.o swad_file_extension.o swad_file_MIME.o \ swad_follow.o swad_form.o swad_forum.o \ swad_game.o swad_global.o swad_group.o \ swad_help.o swad_hierarchy.o swad_holiday.o \ diff --git a/swad_changelog.h b/swad_changelog.h index 3731d6628..d9368c57c 100644 --- a/swad_changelog.h +++ b/swad_changelog.h @@ -355,11 +355,12 @@ En OpenSWAD: ps2pdf source.ps destination.pdf */ -#define Log_PLATFORM_VERSION "SWAD 18.15 (2018-11-10)" +#define Log_PLATFORM_VERSION "SWAD 18.16 (2018-11-10)" #define CSS_FILE "swad18.4.css" #define JS_FILE "swad17.17.1.js" /* - Version 18.15: Nov 10, 2018 New module swad_file_extension for allowed file extensions. (? lines) + Version 18.16: Nov 10, 2018 New module swad_file_MIME for allowed MIME types in files. (236831 lines) + Version 18.15: Nov 10, 2018 New module swad_file_extension for allowed file extensions. (236735 lines) Version 18.14.1: Nov 09, 2018 Fixed several bugs when compiling with -Os. (236721 lines) Version 18.14: Nov 09, 2018 New module swad_form for forms to go to actions. Fixed bug in query to get assignments. (236705 lines) diff --git a/swad_file_browser.c b/swad_file_browser.c index f28b31c5b..c8bd8c957 100644 --- a/swad_file_browser.c +++ b/swad_file_browser.c @@ -42,6 +42,8 @@ #include "swad_config.h" #include "swad_database.h" #include "swad_file_browser.h" +#include "swad_file_extension.h" +#include "swad_file_MIME.h" #include "swad_form.h" #include "swad_global.h" #include "swad_ID.h" @@ -1189,207 +1191,6 @@ const unsigned long long Brw_MAX_QUOTA_BRIEF[Rol_NUM_ROLES] = // MaxRole is used #define Brw_MAX_FILES_BRIEF 5000 #define Brw_MAX_FOLDS_BRIEF 1000 -/* MIME types allowed for uploades files */ -const char *Brw_MIMETypesAllowed[] = - { - "application/", // - "application/acrobat", // PDF - "application/arj", // compressed archive arj - "application/binary", // - "application/bzip2", // Bzip 2 UNIX Compressed File - "application/cdr", // Corel Draw (CDR) - "application/coreldraw", // Corel Draw (CDR) - "application/css-stylesheet", // Hypertext Cascading Style Sheet - "application/csv", // CSV, Comma Separated Values - "application/data", // - "application/download", // zip files in Firefox caused by an error? - "application/excel", // Microsoft Excel xls - "application/finale", // Finale .mus - "application/force", // PDF uploaded from Firefox - "application/force-download", // RAR uploaded from Firefox - "application/futuresplash", // Flash - "application/gzip", // GNU ZIP gz, gzip - "application/gzip-compressed", // GNU ZIP gz, gzip - "application/gzipped", // GNU ZIP gz, gzip - "application/msaccess", // Microsoft Access mdb - "application/msexcel", // Microsoft Excel xla, xls, xlt, xlw - "application/mspowerpoint", // Microsoft PowerPoint pot, pps, ppt - "application/mathematica", // Mathematica - "application/matlab", // Matlab - "application/mfile", // Matlab - "application/mpp", // Microsoft Project mpp - "application/msproj", // Microsoft Project mpp - "application/msproject", // Microsoft Project mpp - "application/msword", // Microsoft Word doc, word, w6w - "application/mswrite", // Microsoft Write wri - "application/octet", // uninterpreted binary bin - "application/octet-binary", - "application/octetstream", // uninterpreted binary bin - "application/octet-stream", // uninterpreted binary bin - "application/pdf", // Adobe Acrobat pdf - "application/postscript", // PostScript ai, eps, ps - "application/powerpoint", // Microsoft PowerPoint pot, pps, ppt - "application/rar", // RAR - "application/rtf", // RTF - "application/self-extracting", // Compressed file, self-extracting - "application/stream", // PDF in Mac? - "application/unknown", - "application/vnd.fdf", // Forms Data Format - "application/vnd.geogebra.file", // GeoGebra .ggb - "application/vnd.geogebra.tool", // GeoGebra .ggt - "application/vnd.msexcel", // Microsoft Excel .xls - "application/vnd.ms-excel", // Microsoft Excel .xls - "application/vnd.ms-powerpoint", // Microsoft PowerPoint .ppt or .pps - "application/vnd.ms-project", // Microsoft Project .mpp - "application/vnd.ms-word", // Microsoft Word .doc - "application/vnd.ms-word.template.macroenabled.12", // Microsoft Word template .dotm - "application/vnd.oasis.opendocument.text", // OpenOffice Text .odt - "application/vnd.oasis.opendocument.spreadsheet", // OpenOffice Hoja of cálculo .ods - "application/vnd.oasis.opendocument.presentation", // OpenOffice Presentación .odp - "application/vnd.oasis.opendocument.graphics", // OpenOffice Dibujo .odg - "application/vnd.oasis.opendocument.chart", // OpenOffice Gráfica .odc - "application/vnd.oasis.opendocument.formula", // OpenOffice Fórmula matemática .odf - "application/vnd.oasis.opendocument.database", // OpenOffice database .odb - "application/vnd.oasis.opendocument.image", // OpenOffice Imagen .odi - "application/vnd.oasis.opendocument.text-master", // OpenOffice Documento maestro .odm - "application/vnd.oasis.opendocument.text-template", // OpenOffice Text .ott - "application/vnd.oasis.opendocument.spreadsheet-template", // OpenOffice Hoja of cálculo .ots - "application/vnd.oasis.opendocument.presentation-template", // OpenOffice Presentación .otp - "application/vnd.oasis.opendocument.graphics-template", // OpenOffice Dibujo .otg - "application/vnd.openxmlformats-officedocument.presentationml.presentation", // Power Point Microsoft Office Open XML Format Presentation Slide Show .pptx - "application/vnd.openxmlformats-officedocument.presentationml.slideshow", // Power Point Microsoft Office Open XML Format Presentation Slide Show .ppsx - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", // Excel Microsoft Office Open XML Format Spreadsheet .xlsx - "application/vnd.openxmlformats-officedocument.wordprocessingml.document", // Word Microsoft Office Open XML Format Document .docx - "application/vnd.pdf", // PDF - "application/x-7z-compressed", // 7 zip compressed file - "application/x-bz2", // Bzip 2 UNIX Compressed File - "application/x-bzip", // Bzip 2 UNIX Compressed File - "application/x-cdr", // Corel Draw (CDR) - "application/x-compress", // GNU ZIP gz, gzip - "application/x-compressed", // GNU ZIP gz, gzip, Bzip 2 UNIX Compressed File - "application/x-compressed-tar", // TGZ - "application/x-coreldraw", // Corel Draw (CDR) - "application/x-dos_ms_project", // Microsoft Project mpp - "application/x-download", // RAR - "application/x-file-download", // PDF - "application/x-forcedownload", // PDF - "application/x-gtar", // GNU tar gtar - "application/x-gunzip", // GNU ZIP gz, gzip - "application/x-gzip", // GNU ZIP gz, gzip - "application/x-latex", // LateX latex (LateX) - "application/x-midi", // MIDI mid - "application/x-msdos-program", // MSDOS program - "application/x-msdownload", // dll, exe - "application/x-mspowerpoint", // Microsoft PowerPoint pot, pps, ppt - "application/x-msproject", // Microsoft Project mpp - "application/x-ms-project", // Microsoft Project mpp - "application/x-msword", // PDF? - "application/x-mswrite", // PDF - "application/x-octet-stream", // PDF - "application/x-rar", // .rar - "application/x-shockwave-flash", // Flash - "application/x-shockwave-flash2-preview", // Flash - "application/x-unknown", // Unknown file type - "application/x-vnd.oasis.opendocument.chart", // OpenOffice Gráfica .odc - "application/x-vnd.oasis.opendocument.database", // OpenOffice database .odb - "application/x-vnd.oasis.opendocument.formula", // OpenOffice Fórmula matemática .odf - "application/x-vnd.oasis.opendocument.graphics", // OpenOffice Dibujo .odg - "application/x-vnd.oasis.opendocument.graphics-template", // OpenOffice Dibujo .otg - "application/x-vnd.oasis.opendocument.image", // OpenOffice Imagen .odi - "application/x-vnd.oasis.opendocument.presentation", // OpenOffice Presentación .odp - "application/x-vnd.oasis.opendocument.presentation-template",// OpenOffice Presentación .otp - "application/x-vnd.oasis.opendocument.spreadsheet", // OpenOffice Hoja of cálculo .ods - "application/x-vnd.oasis.opendocument.spreadsheet-template", // OpenOffice Hoja of cálculo .ots - "application/x-vnd.oasis.opendocument.text", // OpenOffice Text .odt - "application/x-vnd.oasis.opendocument.text-master", // OpenOffice Documento maestro .odm - "application/x-vnd.oasis.opendocument.text-template", // OpenOffice Text .ott - "application/x-pdf", // PDF - "application/x-shockwave-flash", // Macromedia Shockwave swf - "application/x-spss", // SPSS File sav spp sbs sps spo - "application/x-rar-compressed", // RAR archive rar - "application/x-tar", // 4.3BSD tar format tar - "application/x-tex", // TeX tex (LateX) - "application/x-tgz", // TGZ - "application/x-troff", // .s assembler source file - "application/x-zip", // ZIP archive zip - "application/x-zip-compressed", // ZIP archive zip - "application/zip", // ZIP archive zip - "audio/basic", // BASIC audio (u-law) au, snd - "audio/mp4", // MPEG-4 - "audio/mpeg", // MP3 - "audio/midi", // MIDI mid, midi - "audio/x-aiff", // AIFF audio aif, aifc, aiff - "audio/x-mpeg", // MPEG audio mp3 - "audio/x-ms-wma", // WMA (Windows Media Audio File) - "audio/x-pn-realaudio", // RealAudio ra, ram - "audio/x-pn-realaudio-plugin", // RealAudio plug-in rpm - "audio/x-voice", // Voice voc - "audio/x-wav", // Microsoft Windows WAVE audio wav - "binary/octet-stream", // uninterpreted binary bin - "document/unknown", // Some bowsers send this (?) - "file/unknown", // Some bowsers send this (?) - "gzip/document", // GNU ZIP gz, gzip - "image/bmp", // Bitmap bmp - "image/cdr", // Corel Draw (CDR) - "image/gif", // GIF image gif - "image/jpeg", // JPEG image jpe, jpeg, jpg - "image/pdf", // PDF - "image/pjpeg", // JPEG image jpe, jpeg, jpg - "image/pict", // Macintosh PICT pict - "image/png", // Portable Network Graphic png - "image/tiff", // TIFF image tif, tiff - "image/vnd.rn-realflash", // Flash - "image/x-cdr", // Corel Draw (CDR) - "image/x-cmu-raster", // CMU raster ras - "image/x-eps", // Imagen postcript - "image/x-png", // Portable Network Graphic png - "image/x-portable-anymap", // PBM Anymap format pnm - "image/x-portable-bitmap", // PBM Bitmap format pbm - "image/x-portable-graymap", // PBM Graymap format pgm - "image/x-portable-pixmap", // PBM Pixmap format ppm - "image/x-rgb", // RGB image rgb - "image/x-xbitmap", // X Bitmap xbm - "image/x-xpixmap", // X Pixmap xpm - "image/x-xwindowdump", // X Window System dump xwd - "message/rfc822", // Files .mht and .mhtml - "mime/pdf", // Adobe Acrobat pdf - "multipart/x-gzip", // GNU ZIP archive gzip - "multipart/x-zip", // PKZIP archive zip - "octet/pdf", // PDF - "text/anytext", // CSV, Comma Separated Values? - "text/comma-separated-values", // CSV, Comma Separated Values - "text/css", // Hypertext Cascading Style Sheet - "text/csv", // CSV, Comma Separated Values - "text/html", // HTML htm, html, php - "text/pdf", // PDF - "text/plain", // plain text C, cc, h, txt. BAS - "text/richtext", // RTF - "text/xml", // - "text/x-c", // Source code in C - "text/x-chdr", // Source code in C - "text/x-csrc", // Source code in C - "text/x-c++src", // Source code in C++ - "text/x-latex", // LateX - "text/x-objcsrc", // Source code - "text/x-pdf", // PDF - "video/3gpp", // Video Android mobile - "video/avi", // AVI - "video/mp4", // MPEG-4 - "video/mpeg", // MPEG video mpe, mpeg, mpg - "video/msvideo", // Microsoft Windows video avi - "video/quicktime", // QuickTime video mov, qt - "video/unknown", // ? - "video/x-ms-asf", // WMA (Windows Media Audio File) - "video/x-ms-wmv", // WMV (Windows Media File) - "video/x-msvideo", // AVI - "x-world/x-vrml", // VRML Worlds wrl - "x-java", // Source code in Java - "zz-application/zz-winassoc-cdr", // Corel Draw (CDR) - "zz-application/zz-winassoc-mpp" // Microsoft Project mpp - }; - -const unsigned Brw_NUM_MIME_TYPES_ALLOWED = sizeof (Brw_MIMETypesAllowed) / sizeof (Brw_MIMETypesAllowed[0]); - /*****************************************************************************/ /*************************** Internal prototypes *****************************/ /*****************************************************************************/ @@ -9761,79 +9562,54 @@ void Brw_RecLinkFileBrowser (void) static bool Brw_CheckIfUploadIsAllowed (const char *MIMEType) { - extern const unsigned Ext_NUM_FILE_EXT_ALLOWED; - extern const char *Ext_FileExtensionsAllowed[]; extern const char *Txt_UPLOAD_FILE_X_MIME_type_Y_not_allowed_NO_HTML; extern const char *Txt_UPLOAD_FILE_X_not_HTML_NO_HTML; extern const char *Txt_UPLOAD_FILE_X_extension_not_allowed_NO_HTML; - unsigned Type; - bool MIMETypeIsAllowed = false; - bool ExtensionIsAllowed = false; switch (Gbl.FileBrowser.Type) { case Brw_ADMI_MRK_CRS: case Brw_ADMI_MRK_GRP: /* Check file extension */ - if ((ExtensionIsAllowed = Str_FileIsHTML (Gbl.FileBrowser.NewFilFolLnkName))) - { - /* Check MIME type*/ - if (strcmp (MIMEType,"text/html")) - if (strcmp (MIMEType,"text/plain")) - if (strcmp (MIMEType,"application/octet-stream")) - if (strcmp (MIMEType,"application/octetstream")) - if (strcmp (MIMEType,"application/octet")) - { // MIME type forbidden - snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt), - Txt_UPLOAD_FILE_X_MIME_type_Y_not_allowed_NO_HTML, - Gbl.FileBrowser.NewFilFolLnkName,MIMEType); - return false; - } - } - else + if (!Str_FileIsHTML (Gbl.FileBrowser.NewFilFolLnkName)) { snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt), Txt_UPLOAD_FILE_X_not_HTML_NO_HTML, Gbl.FileBrowser.NewFilFolLnkName); return false; } + + /* Check MIME type*/ + if (strcmp (MIMEType,"text/html")) + if (strcmp (MIMEType,"text/plain")) + if (strcmp (MIMEType,"application/octet-stream")) + if (strcmp (MIMEType,"application/octetstream")) + if (strcmp (MIMEType,"application/octet")) + { // MIME type forbidden + snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt), + Txt_UPLOAD_FILE_X_MIME_type_Y_not_allowed_NO_HTML, + Gbl.FileBrowser.NewFilFolLnkName,MIMEType); + return false; + } break; default: - /* Check the file extension */ - for (Type = 0; - Type < Ext_NUM_FILE_EXT_ALLOWED; - Type++) - if (Str_FileIs (Gbl.FileBrowser.NewFilFolLnkName,Ext_FileExtensionsAllowed[Type])) - { - ExtensionIsAllowed = true; - break; - } - if (ExtensionIsAllowed) - { - /* Check type MIME */ - for (Type = 0; - Type < Brw_NUM_MIME_TYPES_ALLOWED; - Type++) - if (!strcmp (MIMEType,Brw_MIMETypesAllowed[Type])) - { - MIMETypeIsAllowed = true; - break; - } - if (!MIMETypeIsAllowed) - { - snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt), - Txt_UPLOAD_FILE_X_MIME_type_Y_not_allowed_NO_HTML, - Gbl.FileBrowser.NewFilFolLnkName,MIMEType); - return false; - } - } - else + /* Check file extension */ + if (!Ext_CheckIfFileExtensionIsAllowed (Gbl.FileBrowser.NewFilFolLnkName)) { snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt), Txt_UPLOAD_FILE_X_extension_not_allowed_NO_HTML, Gbl.FileBrowser.NewFilFolLnkName); return false; } + + /* Check MIME type*/ + if (!MIM_CheckIfMIMETypeIsAllowed (MIMEType)) + { + snprintf (Gbl.Alert.Txt,sizeof (Gbl.Alert.Txt), + Txt_UPLOAD_FILE_X_MIME_type_Y_not_allowed_NO_HTML, + Gbl.FileBrowser.NewFilFolLnkName,MIMEType); + return false; + } break; }