From: Alexander Ebert <ebert@woltlab.com>
Date: Mon, 30 Sep 2024 14:30:04 +0000 (+0200)
Subject: Validate the file extensions using lower case
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=05bf4657f3bd6dde3a05ed4e79ba2e56035c31ce;p=GitHub%2FWoltLab%2FWCF.git

Validate the file extensions using lower case

Previously a check could fail if, for example, “.png” is allowed but the uploaded file uses the uppercase “.PNG“ extension.
---

diff --git a/ts/WoltLabSuite/Core/Component/File/Upload.ts b/ts/WoltLabSuite/Core/Component/File/Upload.ts
index a44178222b..8f7fe935e4 100644
--- a/ts/WoltLabSuite/Core/Component/File/Upload.ts
+++ b/ts/WoltLabSuite/Core/Component/File/Upload.ts
@@ -239,11 +239,11 @@ function validateFileSize(element: WoltlabCoreFileUploadElement, file: File): bo
 }
 
 function validateFileExtension(element: WoltlabCoreFileUploadElement, file: File): boolean {
-  const fileExtensions = (element.dataset.fileExtensions || "*").split(",");
+  const fileExtensions = (element.dataset.fileExtensions || "*").toLowerCase().split(",");
   for (const fileExtension of fileExtensions) {
     if (fileExtension === "*") {
       return true;
-    } else if (file.name.endsWith(fileExtension)) {
+    } else if (file.name.toLowerCase().endsWith(fileExtension)) {
       return true;
     }
   }
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js
index 157795b935..227c871344 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Upload.js
@@ -157,12 +157,12 @@ define(["require", "exports", "tslib", "WoltLabSuite/Core/Helper/Selector", "Wol
         return false;
     }
     function validateFileExtension(element, file) {
-        const fileExtensions = (element.dataset.fileExtensions || "*").split(",");
+        const fileExtensions = (element.dataset.fileExtensions || "*").toLowerCase().split(",");
         for (const fileExtension of fileExtensions) {
             if (fileExtension === "*") {
                 return true;
             }
-            else if (file.name.endsWith(fileExtension)) {
+            else if (file.name.toLowerCase().endsWith(fileExtension)) {
                 return true;
             }
         }