Skip to content

Commit 2c836b5

Browse files
SamJUKSamJUK
committed
fix: prevent customer uploads for non file based metadata types
1 parent 2a2c481 commit 2c836b5

File tree

2 files changed

+18
-2
lines changed

2 files changed

+18
-2
lines changed

app/code/Magento/Customer/Model/FileUploader.php

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,11 @@ class FileUploader
4949
*/
5050
private $scope;
5151

52+
/**
53+
* @var string[]
54+
*/
55+
private array $validInputTypes;
56+
5257
/**
5358
* @param CustomerMetadataInterface $customerMetadataService
5459
* @param AddressMetadataInterface $addressMetadataService
@@ -57,6 +62,7 @@ class FileUploader
5762
* @param AttributeMetadataInterface $attributeMetadata
5863
* @param string $entityTypeCode
5964
* @param string $scope
65+
* @param array|null $validInputTypes
6066
*/
6167
public function __construct(
6268
CustomerMetadataInterface $customerMetadataService,
@@ -65,7 +71,8 @@ public function __construct(
6571
FileProcessorFactory $fileProcessorFactory,
6672
AttributeMetadataInterface $attributeMetadata,
6773
$entityTypeCode,
68-
$scope
74+
$scope,
75+
?array $validInputTypes = ['file', 'image']
6976
) {
7077
$this->customerMetadataService = $customerMetadataService;
7178
$this->addressMetadataService = $addressMetadataService;
@@ -74,6 +81,7 @@ public function __construct(
7481
$this->attributeMetadata = $attributeMetadata;
7582
$this->entityTypeCode = $entityTypeCode;
7683
$this->scope = $scope;
84+
$this->validInputTypes = $validInputTypes;
7785
}
7886

7987
/**
@@ -83,7 +91,7 @@ public function __construct(
8391
*/
8492
public function validate()
8593
{
86-
if (!in_array($this->attributeMetadata->getFrontendInput(), ['file', 'image'])) {
94+
if (!in_array($this->attributeMetadata->getFrontendInput(), $this->validInputTypes)) {
8795
return [
8896
__('"%1" is not a valid input to accept file uploads.', $this->attributeMetadata->getFrontendInput())
8997
];

app/code/Magento/Customer/etc/di.xml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -598,4 +598,12 @@
598598
<argument name="indexerId" xsi:type="string">customer_grid</argument>
599599
</arguments>
600600
</virtualType>
601+
<type name="Magento\Customer\Model\FileUploader">
602+
<arguments>
603+
<argument name="validInputTypes" xsi:type="array">
604+
<item name="file" xsi:type="string">file</item>
605+
<item name="image" xsi:type="string">image</item>
606+
</argument>
607+
</arguments>
608+
</type>
601609
</config>

0 commit comments

Comments
 (0)