1 files changed, 21 insertions, 5 deletions

diff --git a/public/upload.php b/public/upload.php
index 0d8a7e3..31822ba 100644
--- a/public/upload.php
+++ b/public/upload.php
@@ -2,6 +2,7 @@
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../config.php';
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/utils.php';
 include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/thumbnails.php';
+include_once $_SERVER['DOCUMENT_ROOT'] . '/../lib/file.php';
 
 if ($_SERVER['REQUEST_METHOD'] != 'POST') {
     json_response(null, 'Method not allowed', 405);
@@ -83,9 +84,16 @@ try {
             throw new RuntimeException("Invalid file format.");
         }
 
+        // verifying file mimetype
+        $file_mime = FILE_ACCEPTED_MIME_TYPES[$file_ext];
+        $is_media = str_starts_with($file_mime, 'image/') || str_starts_with($file_mime, 'video/') || str_starts_with($file_mime, 'audio/');
+        if (FILE_VERIFY_MIMETYPE && $is_media && !verify_mimetype($file['tmp_name'], $file_mime)) {
+            throw new RuntimeException('Invalid file format.');
+        }
+
         $file_data = [
             'size' => $file['size'],
-            'mime' => FILE_ACCEPTED_MIME_TYPES[$file_ext],
+            'mime' => $file_mime,
             'extension' => $file_ext
         ];
     }
@@ -110,11 +118,11 @@ try {
         $result = 0;
         $output = [];
 
+        $file_path = FILE_UPLOAD_DIRECTORY . "/$file_id.{$file_data['extension']}";
+
         exec(sprintf(
-            'yt-dlp -f "worst" -o "%s/%s.%s" %s 2>&1',
-            FILE_UPLOAD_DIRECTORY,
-            $file_id,
-            $file_data['extension'],
+            'yt-dlp -f "worst" -o "%s" %s 2>&1',
+            $file_path,
             escapeshellarg($url)
         ), $output, $result);
 
@@ -122,6 +130,14 @@ try {
             error_log(sprintf("Failed to download a file (URL: %s): %s", $url, implode('\n', $output)));
             throw new RuntimeException('Failed to download a file! Try again later.');
         }
+
+        // verifying file mime type
+        $file_mime = $file_data['mime'];
+        $is_media = str_starts_with($file_mime, 'image/') || str_starts_with($file_mime, 'video/') || str_starts_with($file_mime, 'audio/');
+        if (FILE_VERIFY_MIMETYPE && $is_media && !verify_mimetype($file_path, $file_mime)) {
+            delete_file($file_id, $file_data['extension']);
+            throw new RuntimeException('Invalid file format.');
+        }
     } else if (isset($paste) && !file_put_contents(FILE_UPLOAD_DIRECTORY . sprintf('/%s.%s', $file_id, $file_data['extension']), $paste)) {
         throw new RuntimeException('Failed to paste a text! Try again later.');
     } else if (isset($file) && !move_uploaded_file($file['tmp_name'], FILE_UPLOAD_DIRECTORY . sprintf('/%s.%s', $file_id, $file_data['extension']))) {