From 6685540047398f0537ee4d1eb2e1aafc0132aa90 Mon Sep 17 00:00:00 2001
From: Cyperghost <olaf_schmitz_1@t-online.de>
Date: Wed, 10 Jul 2024 11:36:56 +0200
Subject: [PATCH] Adds a new function to the `IFileProcessor` which is called
 to check if the uploaded file is allowed. This function should throw
 `UserInputException` if the file is not allowed

---
 ts/WoltLabSuite/Core/Component/File/Helper.ts       |  3 +++
 .../js/WoltLabSuite/Core/Component/File/Helper.js   |  3 +++
 .../core/files/upload/SaveChunk.class.php           | 13 ++++++++++++-
 .../file/processor/AbstractFileProcessor.class.php  |  6 ++++++
 .../system/file/processor/IFileProcessor.class.php  |  8 ++++++++
 5 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/ts/WoltLabSuite/Core/Component/File/Helper.ts b/ts/WoltLabSuite/Core/Component/File/Helper.ts
index 93f3f8ddd3..a16c877829 100644
--- a/ts/WoltLabSuite/Core/Component/File/Helper.ts
+++ b/ts/WoltLabSuite/Core/Component/File/Helper.ts
@@ -51,6 +51,9 @@ export function fileInitializationFailed(element: HTMLElement, file: WoltlabCore
       case "preflight":
         errorMessage = getPhrase(`wcf.upload.error.${validationError.code}`);
         break;
+      case "validation":
+        errorMessage = getPhrase(`wcf.upload.validation.error.${validationError.code}`);
+        break;
 
       default:
         errorMessage = "Unrecognized error type: " + JSON.stringify(validationError);
diff --git a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Helper.js b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Helper.js
index b4eb537772..22960c29af 100644
--- a/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Helper.js
+++ b/wcfsetup/install/files/js/WoltLabSuite/Core/Component/File/Helper.js
@@ -43,6 +43,9 @@ define(["require", "exports", "WoltLabSuite/Core/Language", "WoltLabSuite/Core/F
                 case "preflight":
                     errorMessage = (0, Language_1.getPhrase)(`wcf.upload.error.${validationError.code}`);
                     break;
+                case "validation":
+                    errorMessage = (0, Language_1.getPhrase)(`wcf.upload.validation.error.${validationError.code}`);
+                    break;
                 default:
                     errorMessage = "Unrecognized error type: " + JSON.stringify(validationError);
                     break;
diff --git a/wcfsetup/install/files/lib/system/endpoint/controller/core/files/upload/SaveChunk.class.php b/wcfsetup/install/files/lib/system/endpoint/controller/core/files/upload/SaveChunk.class.php
index 02f65da5a8..0a03944b78 100644
--- a/wcfsetup/install/files/lib/system/endpoint/controller/core/files/upload/SaveChunk.class.php
+++ b/wcfsetup/install/files/lib/system/endpoint/controller/core/files/upload/SaveChunk.class.php
@@ -3,8 +3,8 @@
 namespace wcf\system\endpoint\controller\core\files\upload;
 
 use Laminas\Diactoros\Response\JsonResponse;
-use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
 use wcf\data\file\FileEditor;
 use wcf\data\file\temporary\FileTemporary;
 use wcf\data\file\temporary\FileTemporaryEditor;
@@ -109,6 +109,17 @@ final class SaveChunk implements IController
             unset($fileTemporary);
 
             $processor = $file->getProcessor();
+
+            if ($processor !== null) {
+                try {
+                    $processor->validateUpload($file);
+                } catch (UserInputException $exception) {
+                    (new FileEditor($file))->delete();
+
+                    throw new UserInputException('validation', $exception->getType());
+                }
+            }
+
             $processor?->adopt($file, $context);
 
             $generateThumbnails = false;
diff --git a/wcfsetup/install/files/lib/system/file/processor/AbstractFileProcessor.class.php b/wcfsetup/install/files/lib/system/file/processor/AbstractFileProcessor.class.php
index 8784a477bd..750edfeb35 100644
--- a/wcfsetup/install/files/lib/system/file/processor/AbstractFileProcessor.class.php
+++ b/wcfsetup/install/files/lib/system/file/processor/AbstractFileProcessor.class.php
@@ -22,6 +22,12 @@ abstract class AbstractFileProcessor implements IFileProcessor
         // There are no thumbnails in the default implementation.
     }
 
+    #[\Override]
+    public function validateUpload(File $file): void
+    {
+        // There is no need to validate the uploaded file.
+    }
+
     #[\Override]
     public function countExistingFiles(array $context): ?int
     {
diff --git a/wcfsetup/install/files/lib/system/file/processor/IFileProcessor.class.php b/wcfsetup/install/files/lib/system/file/processor/IFileProcessor.class.php
index 9b6d926b6a..bb8f9b01d1 100644
--- a/wcfsetup/install/files/lib/system/file/processor/IFileProcessor.class.php
+++ b/wcfsetup/install/files/lib/system/file/processor/IFileProcessor.class.php
@@ -4,6 +4,7 @@ namespace wcf\system\file\processor;
 
 use wcf\data\file\File;
 use wcf\data\file\thumbnail\FileThumbnail;
+use wcf\system\exception\UserInputException;
 
 /**
  * File processors are responsible to validate and process any file uploads
@@ -28,6 +29,13 @@ interface IFileProcessor
      */
     public function acceptUpload(string $filename, int $fileSize, array $context): FileProcessorPreflightResult;
 
+    /**
+     * Validates the uploaded file.
+     *
+     * @throws UserInputException if the file is invalid.
+     */
+    public function validateUpload(File $file): void;
+
     /**
      * Notifies the file processor that the upload of a file has been completed
      * that belongs to this type.
-- 
2.20.1