refactor: uploading files with disallowed extensions should get InvalidExtensionException

Author: streamtw

src/LfmPath.php

@@ -255,12 +255,14 @@ public function validateUploadedFile($file)
 
         $validator->mimetypeIsNotExcutable(config('lfm.disallowed_mimetypes', ['text/x-php', 'text/html', 'text/plain']));
 
-        $validator->extensionIsNotExcutable(config('lfm.disallowed_extensions', ['php', 'html']));
+        $validator->extensionIsNotExcutable();
 
         if (config('lfm.should_validate_mime', false)) {
             $validator->mimeTypeIsValid($this->helper->availableMimeTypes());
         }
 
+        $validator->extensionIsValid(config('lfm.disallowed_extensions', []));
+
         if (config('lfm.should_validate_size', false)) {
             $validator->sizeIsLowerThanConfiguredMaximum($this->helper->maxUploadSize());
         }

src/LfmUploadValidator.php

@@ -73,10 +73,12 @@ public function mimetypeIsNotExcutable($excutable_mimetypes)
         return $this;
     }
 
-    public function extensionIsNotExcutable($excutable_extensions)
+    public function extensionIsNotExcutable()
     {
         $extension = strtolower($this->file->getClientOriginalExtension());
 
+        $excutable_extensions = ['php', 'html'];
+
         if (in_array($extension, $excutable_extensions)) {
             throw new ExcutableFileException();
         }
@@ -103,14 +105,18 @@ public function mimeTypeIsValid($available_mime_types)
         return $this;
     }
 
-    public function extensionIsValid()
+    public function extensionIsValid($disallowed_extensions)
     {
         $extension = strtolower($this->file->getClientOriginalExtension());
 
         if (preg_match('/[^a-zA-Z0-9]/', $extension) > 0) {
             throw new InvalidExtensionException();
         }
 
+        if (in_array($extension, $disallowed_extensions)) {
+            throw new InvalidExtensionException();
+        }
+
         return $this;
     }
 

tests/LfmUploadValidatorTest.php

@@ -141,10 +141,22 @@ public function testPassesExtensionIsNotExcutable()
 
         $this->expectNotToPerformAssertions();
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
+    }
+
+    public function testFailsExtensionIsNotExcutableWithPhp()
+    {
+        $uploaded_file = m::mock(UploadedFile::class);
+        $uploaded_file->shouldReceive('getClientOriginalExtension')->andReturn('php');
+
+        $validator = new LfmUploadValidator($uploaded_file);
+
+        $this->expectException(ExcutableFileException::class);
+
+        $validator->extensionIsNotExcutable();
     }
 
-    public function testFailsExtensionIsNotExcutable()
+    public function testFailsExtensionIsNotExcutableWithHtml()
     {
         $uploaded_file = m::mock(UploadedFile::class);
         $uploaded_file->shouldReceive('getClientOriginalExtension')->andReturn('html');
@@ -153,7 +165,7 @@ public function testFailsExtensionIsNotExcutable()
 
         $this->expectException(ExcutableFileException::class);
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
     }
 
     public function testFailsExtensionIsNotExcutableWithExtensionNotLowerCase()
@@ -165,7 +177,7 @@ public function testFailsExtensionIsNotExcutableWithExtensionNotLowerCase()
 
         $this->expectException(ExcutableFileException::class);
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
     }
 
     public function testFailsExtensionIsNotExcutableWithExtensionsStartsWithPhp()
@@ -177,7 +189,7 @@ public function testFailsExtensionIsNotExcutableWithExtensionsStartsWithPhp()
 
         $this->expectException(ExcutableFileException::class);
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
     }
 
     public function testFailsExtensionIsNotExcutableWithExtensionsEndsWithHtml()
@@ -201,7 +213,7 @@ public function testFailsExtensionIsValidWithSpecialCharacters()
 
         $this->expectException(InvalidExtensionException::class);
 
-        $validator->extensionIsValid();
+        $validator->extensionIsValid([]);
     }
 
     public function testPassesSizeIsLowerThanConfiguredMaximum()