magento
diff --git a/‎app/code/Magento/Catalog/Model/ImageUploader.php
Lines changed: 15 additions & 1 deletion b/‎app/code/Magento/Catalog/Model/ImageUploader.php
Lines changed: 15 additions & 1 deletion
diff --git a/‎app/code/Magento/Catalog/Model/Product/Gallery/UpdateHandler.php
Lines changed: 3 additions & 0 deletions b/‎app/code/Magento/Catalog/Model/Product/Gallery/UpdateHandler.php
Lines changed: 3 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Test/Unit/Model/ImageUploaderTest.php
Lines changed: 7 additions & 0 deletions b/‎app/code/Magento/Catalog/Test/Unit/Model/ImageUploaderTest.php
Lines changed: 7 additions & 0 deletions
diff --git a/‎app/code/Magento/CatalogImportExport/Model/Import/Uploader.php
Lines changed: 1 addition & 0 deletions b/‎app/code/Magento/CatalogImportExport/Model/Import/Uploader.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php
Lines changed: 34 additions & 5 deletions b/‎app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php
Lines changed: 34 additions & 5 deletions
diff --git a/‎app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php
Lines changed: 131 additions & 22 deletions b/‎app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php
Lines changed: 131 additions & 22 deletions
@@ -64,6 +64,18 @@ class ImageUploader
      */
     protected $allowedExtensions;
 
+    /**
+     * List of allowed image mime types
+     *
+     * @var array
+     */
+    private $allowedMimeTypes = [
+        'image/jpg',
+        'image/jpeg',
+        'image/gif',
+        'image/png',
+    ];
+
     /**
      * ImageUploader constructor
      *
@@ -227,7 +239,9 @@ public function saveFileToTmpDir($fileId)
         $uploader = $this->uploaderFactory->create(['fileId' => $fileId]);
         $uploader->setAllowedExtensions($this->getAllowedExtensions());
         $uploader->setAllowRenameFiles(true);
-
+        if (!$uploader->checkMimeType($this->allowedMimeTypes)) {
+            throw new \Magento\Framework\Exception\LocalizedException(__('File validation failed.'));
+        }
         $result = $uploader->save($this->mediaDirectory->getAbsolutePath($baseTmpPath));
         unset($result['path']);
 
 
@@ -32,6 +32,9 @@ protected function processDeletedImages($product, array &$images)
         foreach ($images as &$image) {
             if (!empty($image['removed'])) {
                 if (!empty($image['value_id']) && !isset($picturesInOtherStores[$image['file']])) {
+                    if (preg_match('/\.\.(\\\|\/)/', $image['file'])) {
+                        continue;
+                    }
                     $recordsToDelete[] = $image['value_id'];
                     $catalogPath = $this->mediaConfig->getBaseMediaPath();
                     $isFile = $this->mediaDirectory->isFile($catalogPath . $image['file']);
 
@@ -114,6 +114,12 @@ protected function setUp()
     public function testSaveFileToTmpDir()
     {
         $fileId = 'file.jpg';
+        $allowedMimeTypes = [
+            'image/jpg',
+            'image/jpeg',
+            'image/gif',
+            'image/png',
+        ];
         /** @var \Magento\MediaStorage\Model\File\Uploader|\PHPUnit_Framework_MockObject_MockObject $uploader */
         $uploader = $this->createMock(\Magento\MediaStorage\Model\File\Uploader::class);
         $this->uploaderFactoryMock->expects($this->once())->method('create')->willReturn($uploader);
@@ -123,6 +129,7 @@ public function testSaveFileToTmpDir()
             ->willReturn($this->basePath);
         $uploader->expects($this->once())->method('save')->with($this->basePath)
             ->willReturn(['tmp_name' => $this->baseTmpPath, 'file' => $fileId, 'path' => $this->basePath]);
+        $uploader->expects($this->atLeastOnce())->method('checkMimeType')->with($allowedMimeTypes)->willReturn(true);
         $storeMock = $this->createPartialMock(
             \Magento\Store\Model\Store::class,
             ['getBaseUrl']
 
@@ -241,6 +241,7 @@ protected function _validateFile()
 
         $fileExtension = pathinfo($filePath, PATHINFO_EXTENSION);
         if (!$this->checkAllowedExtension($fileExtension)) {
+            $this->_directory->delete($filePath);
             throw new \Exception('Disallowed file type.');
         }
         //run validate callbacks
 
@@ -489,6 +489,9 @@ public function uploadFile($targetPath, $type = null)
         }
         $uploader->setAllowRenameFiles(true);
         $uploader->setFilesDispersion(false);
+        if (!$uploader->checkMimeType($this->getAllowedMimeTypes($type))) {
+            throw new \Magento\Framework\Exception\LocalizedException(__('File validation failed.'));
+        }
         $result = $uploader->save($targetPath);
 
         if (!$result) {
@@ -645,11 +648,7 @@ public function getSession()
      */
     public function getAllowedExtensions($type = null)
     {
-        if (is_string($type) && array_key_exists("{$type}_allowed", $this->_extensions)) {
-            $allowed = $this->_extensions["{$type}_allowed"];
-        } else {
-            $allowed = $this->_extensions['allowed'];
-        }
+        $allowed = $this->getExtensionsList($type);
 
         return array_keys(array_filter($allowed));
     }
@@ -755,4 +754,34 @@ protected function _getRelativePathToRoot($path)
             strlen($this->_sanitizePath($this->_cmsWysiwygImages->getStorageRoot()))
         );
     }
+
+    /**
+     * Prepare mime types config settings.
+     *
+     * @param string|null $type Type of storage, e.g. image, media etc.
+     * @return array Array of allowed file extensions
+     */
+    private function getAllowedMimeTypes($type = null): array
+    {
+        $allowed = $this->getExtensionsList($type);
+
+        return array_values(array_filter($allowed));
+    }
+
+    /**
+     * Get list of allowed file extensions with mime type in values.
+     *
+     * @param string|null $type
+     * @return array
+     */
+    private function getExtensionsList($type = null): array
+    {
+        if (is_string($type) && array_key_exists("{$type}_allowed", $this->_extensions)) {
+            $allowed = $this->_extensions["{$type}_allowed"];
+        } else {
+            $allowed = $this->_extensions['allowed'];
+        }
+
+        return $allowed;
+    }
 }
@@ -107,6 +107,13 @@ class StorageTest extends \PHPUnit\Framework\TestCase
      */
     protected $objectManagerHelper;
 
+    private $allowedImageExtensions = [
+        'jpg' => 'image/jpg',
+        'jpeg' => 'image/jpeg',
+        'png' => 'image/png',
+        'gif' => 'image/png',
+    ];
+
     /**
      * @return void
      * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
@@ -120,7 +127,7 @@ protected function setUp()
 
         $this->directoryMock = $this->createPartialMock(
             \Magento\Framework\Filesystem\Directory\Write::class,
-            ['delete', 'getDriver', 'create', 'getRelativePath', 'isExist']
+            ['delete', 'getDriver', 'create', 'getRelativePath', 'isExist', 'isFile']
         );
         $this->directoryMock->expects(
             $this->any()
@@ -176,14 +183,27 @@ protected function setUp()
             ->disableOriginalConstructor()
             ->getMock();
         $this->sessionMock = $this->getMockBuilder(\Magento\Backend\Model\Session::class)
-            ->setMethods(['getCurrentPath'])
+            ->setMethods(
+                [
+                    'getCurrentPath',
+                    'getName',
+                    'getSessionId',
+                    'getCookieLifetime',
+                    'getCookiePath',
+                    'getCookieDomain',
+                ]
+            )
             ->disableOriginalConstructor()
             ->getMock();
         $this->backendUrlMock = $this->createMock(\Magento\Backend\Model\Url::class);
 
         $this->coreFileStorageMock = $this->getMockBuilder(\Magento\MediaStorage\Helper\File\Storage\Database::class)
             ->disableOriginalConstructor()
             ->getMock();
+        $allowedExtensions = [
+            'allowed' => $this->allowedImageExtensions,
+            'image_allowed' => $this->allowedImageExtensions,
+        ];
 
         $this->objectManagerHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
 
@@ -205,8 +225,9 @@ protected function setUp()
                 'resizeParameters' => $this->resizeParameters,
                 'dirs' => [
                     'exclude' => [],
-                    'include' => []
-                ]
+                    'include' => [],
+                ],
+                'extensions' => $allowedExtensions,
             ]
         );
     }
@@ -229,24 +250,22 @@ public function testGetResizeHeight()
 
     /**
      * @covers \Magento\Cms\Model\Wysiwyg\Images\Storage::deleteDirectory
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     * @expectedExceptionMessage Directory /storage/some/another/dir is not under storage root path.
      */
     public function testDeleteDirectoryOverRoot()
     {
-        $this->expectException(\Magento\Framework\Exception\LocalizedException::class);
-        $this->expectExceptionMessage(
-            sprintf('Directory %s is not under storage root path.', self::INVALID_DIRECTORY_OVER_ROOT)
-        );
         $this->driverMock->expects($this->atLeastOnce())->method('getRealPathSafety')->will($this->returnArgument(0));
         $this->imagesStorage->deleteDirectory(self::INVALID_DIRECTORY_OVER_ROOT);
     }
 
     /**
      * @covers \Magento\Cms\Model\Wysiwyg\Images\Storage::deleteDirectory
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     * @expectedExceptionMessage We can't delete root directory /storage/root/dir right now.
      */
     public function testDeleteRootDirectory()
     {
-        $this->expectException(\Magento\Framework\Exception\LocalizedException::class);
-        $this->expectExceptionMessage(sprintf('We can\'t delete root directory %s right now.', self::STORAGE_ROOT_DIR));
         $this->driverMock->expects($this->atLeastOnce())->method('getRealPathSafety')->will($this->returnArgument(0));
         $this->imagesStorage->deleteDirectory(self::STORAGE_ROOT_DIR);
     }
@@ -302,8 +321,8 @@ public function testGetDirsCollection($exclude, $include, $fileNames, $expectedR
                 'resizeParameters' => $this->resizeParameters,
                 'dirs' => [
                     'exclude' => $exclude,
-                    'include' => $include
-                ]
+                    'include' => $include,
+                ],
             ]
         );
 
@@ -328,48 +347,48 @@ public function dirsCollectionDataProvider()
         return [
             [
                 'exclude' => [
-                    ['name' => 'dress']
+                    ['name' => 'dress'],
                 ],
                 'include' => [],
                 'filenames' => [],
-                'expectRemoveKeys' => []
+                'expectRemoveKeys' => [],
             ],
             [
                 'exclude' => [],
                 'include' => [],
                 'filenames' => [
                     '/dress',
                 ],
-                'expectRemoveKeys' => []
+                'expectRemoveKeys' => [],
             ],
             [
                 'exclude' => [
-                    ['name' => 'dress']
+                    ['name' => 'dress'],
                 ],
                 'include' => [],
                 'filenames' => [
                     '/collection',
                 ],
-                'expectRemoveKeys' => []
+                'expectRemoveKeys' => [],
             ],
             [
                 'exclude' => [
                     ['name' => 'gear', 'regexp' => 1],
                     ['name' => 'home', 'regexp' => 1],
                     ['name' => 'collection'],
-                    ['name' => 'dress']
+                    ['name' => 'dress'],
                 ],
                 'include' => [
                     ['name' => 'home', 'regexp' => 1],
-                    ['name' => 'collection']
+                    ['name' => 'collection'],
                 ],
                 'filenames' => [
                     '/dress',
                     '/collection',
-                    '/gear'
+                    '/gear',
                 ],
-                'expectRemoveKeys' => [[0], [2]]
-            ]
+                'expectRemoveKeys' => [[0], [2]],
+            ],
         ];
     }
 
@@ -411,4 +430,94 @@ protected function generalTestGetDirsCollection($path, $collectionArray = [], $e
 
         $this->imagesStorage->getDirsCollection($path);
     }
+
+    public function testUploadFile()
+    {
+        $targetPath = '/target/path';
+        $fileName = 'image.gif';
+        $realPath = $targetPath . '/' . $fileName;
+        $thumbnailTargetPath = self::STORAGE_ROOT_DIR . '/.thumbs';
+        $thumbnailDestination = $thumbnailTargetPath . '/' . $fileName;
+        $type = 'image';
+        $result = [
+            'result',
+            'cookie' => [
+                'name' => 'session_name',
+                'value' => '1',
+                'lifetime' => '50',
+                'path' => 'cookie/path',
+                'domain' => 'cookie_domain',
+            ],
+        ];
+        $uploader = $this->getMockBuilder(\Magento\MediaStorage\Model\File\Uploader::class)
+            ->disableOriginalConstructor()
+            ->setMethods(
+                [
+                    'setAllowedExtensions',
+                    'setAllowRenameFiles',
+                    'setFilesDispersion',
+                    'checkMimeType',
+                    'save',
+                    'getUploadedFileName',
+                ]
+            )
+            ->getMock();
+        $this->uploaderFactoryMock->expects($this->atLeastOnce())->method('create')->with(['fileId' => 'image'])
+            ->willReturn($uploader);
+        $uploader->expects($this->atLeastOnce())->method('setAllowedExtensions')
+            ->with(array_keys($this->allowedImageExtensions))->willReturnSelf();
+        $uploader->expects($this->atLeastOnce())->method('setAllowRenameFiles')->with(true)->willReturnSelf();
+        $uploader->expects($this->atLeastOnce())->method('setFilesDispersion')->with(false)
+            ->willReturnSelf();
+        $uploader->expects($this->atLeastOnce())->method('checkMimeType')
+            ->with(array_values($this->allowedImageExtensions))->willReturnSelf();
+        $uploader->expects($this->atLeastOnce())->method('save')->with($targetPath)->willReturn($result);
+        $uploader->expects($this->atLeastOnce())->method('getUploadedFileName')->willReturn($fileName);
+
+        $this->directoryMock->expects($this->atLeastOnce())->method('getRelativePath')->willReturnMap(
+            [
+                [$realPath, $realPath],
+                [$thumbnailTargetPath, $thumbnailTargetPath],
+                [$thumbnailDestination, $thumbnailDestination],
+            ]
+        );
+        $this->directoryMock->expects($this->atLeastOnce())->method('isFile')
+            ->willReturnMap(
+                [
+                    [$realPath, true],
+                    [$thumbnailDestination, true],
+                ]
+            );
+        $this->directoryMock->expects($this->atLeastOnce())->method('isExist')
+            ->willReturnMap(
+                [
+                    [$realPath, true],
+                    [$thumbnailTargetPath, true],
+                ]
+            );
+
+        $image = $this->getMockBuilder(\Magento\Catalog\Model\Product\Image::class)
+            ->disableOriginalConstructor()
+            ->setMethods(['open', 'keepAspectRatio', 'resize', 'save'])
+            ->getMock();
+        $image->expects($this->atLeastOnce())->method('open')->with($realPath);
+        $image->expects($this->atLeastOnce())->method('keepAspectRatio')->with(true);
+        $image->expects($this->atLeastOnce())->method('resize')->with(100, 50);
+        $image->expects($this->atLeastOnce())->method('save')->with($thumbnailDestination);
+
+        $this->adapterFactoryMock->expects($this->atLeastOnce())->method('create')->willReturn($image);
+
+        $this->sessionMock->expects($this->atLeastOnce())->method('getName')
+            ->willReturn($result['cookie']['name']);
+        $this->sessionMock->expects($this->atLeastOnce())->method('getSessionId')
+            ->willReturn($result['cookie']['value']);
+        $this->sessionMock->expects($this->atLeastOnce())->method('getCookieLifetime')
+            ->willReturn($result['cookie']['lifetime']);
+        $this->sessionMock->expects($this->atLeastOnce())->method('getCookiePath')
+            ->willReturn($result['cookie']['path']);
+        $this->sessionMock->expects($this->atLeastOnce())->method('getCookieDomain')
+            ->willReturn($result['cookie']['domain']);
+
+        $this->assertEquals($result, $this->imagesStorage->uploadFile($targetPath, $type));
+    }
 }
Original file line number	Diff line number	Diff line change
`@@ -241,6 +241,7 @@ protected function _validateFile()`
`241`	`241`
`242`	`242`	`$fileExtension = pathinfo($filePath, PATHINFO_EXTENSION);`
`243`	`243`	`if (!$this->checkAllowedExtension($fileExtension)) {`
	`244`	`+ $this->_directory->delete($filePath);`
`244`	`245`	`throw new \Exception('Disallowed file type.');`
`245`	`246`	`}`
`246`	`247`	`//run validate callbacks`