File type validation
1. Vulnerability: Add file type validation in AlbumController.php. The file extension is directly taken from the uploaded file name. There's no validation for the file type, size, or content.
// File type validation
$allowed_extensions = ['jpg', 'jpeg', 'png', 'gif'];
if (!in_array($ext, $allowed_extensions)) {
throw new Exception("Invalid file type. Only images are allowed.");
}
2. Exploit:
Uploading a large or non image file can lead to DoS.
3. Fix:
//size and type validation
$max_size = 10 * 1024 * 1024;
if ($formData['image_file']['size'] > $max_size) {
throw new Exception("File size exceeds the allowed limit.");
}
if (@getimagesize($formData['image_file']['tmp_name']) === false) {
throw new Exception("Invalid image file.");
}
Edited by Lukáš Radovanský