From 93c99703fa77f613adfcb2dc4a06c1b42b0bd372 Mon Sep 17 00:00:00 2001
From: Stream <streamtw.one@gmail.com>
Date: Sat, 10 Aug 2024 01:57:27 +0800
Subject: [PATCH] refactor: uploading files with disallowed extensions should
 get InvalidExtensionException

---
 src/LfmPath.php                  |  4 +++-
 src/LfmUploadValidator.php       | 10 ++++++++--
 tests/LfmUploadValidatorTest.php | 24 ++++++++++++++++++------
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/src/LfmPath.php b/src/LfmPath.php
index a82b2c3b..275873ca 100644
--- a/src/LfmPath.php
+++ b/src/LfmPath.php
@@ -255,12 +255,14 @@ public function validateUploadedFile($file)
 
         $validator->mimetypeIsNotExcutable(config('lfm.disallowed_mimetypes', ['text/x-php', 'text/html', 'text/plain']));
 
-        $validator->extensionIsNotExcutable(config('lfm.disallowed_extensions', ['php', 'html']));
+        $validator->extensionIsNotExcutable();
 
         if (config('lfm.should_validate_mime', false)) {
             $validator->mimeTypeIsValid($this->helper->availableMimeTypes());
         }
 
+        $validator->extensionIsValid(config('lfm.disallowed_extensions', []));
+
         if (config('lfm.should_validate_size', false)) {
             $validator->sizeIsLowerThanConfiguredMaximum($this->helper->maxUploadSize());
         }
diff --git a/src/LfmUploadValidator.php b/src/LfmUploadValidator.php
index 3fe1d828..e4445044 100644
--- a/src/LfmUploadValidator.php
+++ b/src/LfmUploadValidator.php
@@ -73,10 +73,12 @@ public function mimetypeIsNotExcutable($excutable_mimetypes)
         return $this;
     }
 
-    public function extensionIsNotExcutable($excutable_extensions)
+    public function extensionIsNotExcutable()
     {
         $extension = strtolower($this->file->getClientOriginalExtension());
 
+        $excutable_extensions = ['php', 'html'];
+
         if (in_array($extension, $excutable_extensions)) {
             throw new ExcutableFileException();
         }
@@ -103,7 +105,7 @@ public function mimeTypeIsValid($available_mime_types)
         return $this;
     }
 
-    public function extensionIsValid()
+    public function extensionIsValid($disallowed_extensions)
     {
         $extension = strtolower($this->file->getClientOriginalExtension());
 
@@ -111,6 +113,10 @@ public function extensionIsValid()
             throw new InvalidExtensionException();
         }
 
+        if (in_array($extension, $disallowed_extensions)) {
+            throw new InvalidExtensionException();
+        }
+
         return $this;
     }
 
diff --git a/tests/LfmUploadValidatorTest.php b/tests/LfmUploadValidatorTest.php
index f3d134f7..462b942c 100644
--- a/tests/LfmUploadValidatorTest.php
+++ b/tests/LfmUploadValidatorTest.php
@@ -141,10 +141,22 @@ public function testPassesExtensionIsNotExcutable()
 
         $this->expectNotToPerformAssertions();
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
+    }
+
+    public function testFailsExtensionIsNotExcutableWithPhp()
+    {
+        $uploaded_file = m::mock(UploadedFile::class);
+        $uploaded_file->shouldReceive('getClientOriginalExtension')->andReturn('php');
+
+        $validator = new LfmUploadValidator($uploaded_file);
+
+        $this->expectException(ExcutableFileException::class);
+
+        $validator->extensionIsNotExcutable();
     }
 
-    public function testFailsExtensionIsNotExcutable()
+    public function testFailsExtensionIsNotExcutableWithHtml()
     {
         $uploaded_file = m::mock(UploadedFile::class);
         $uploaded_file->shouldReceive('getClientOriginalExtension')->andReturn('html');
@@ -153,7 +165,7 @@ public function testFailsExtensionIsNotExcutable()
 
         $this->expectException(ExcutableFileException::class);
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
     }
 
     public function testFailsExtensionIsNotExcutableWithExtensionNotLowerCase()
@@ -165,7 +177,7 @@ public function testFailsExtensionIsNotExcutableWithExtensionNotLowerCase()
 
         $this->expectException(ExcutableFileException::class);
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
     }
 
     public function testFailsExtensionIsNotExcutableWithExtensionsStartsWithPhp()
@@ -177,7 +189,7 @@ public function testFailsExtensionIsNotExcutableWithExtensionsStartsWithPhp()
 
         $this->expectException(ExcutableFileException::class);
 
-        $validator->extensionIsNotExcutable(['php', 'html']);
+        $validator->extensionIsNotExcutable();
     }
 
     public function testFailsExtensionIsNotExcutableWithExtensionsEndsWithHtml()
@@ -201,7 +213,7 @@ public function testFailsExtensionIsValidWithSpecialCharacters()
 
         $this->expectException(InvalidExtensionException::class);
 
-        $validator->extensionIsValid();
+        $validator->extensionIsValid([]);
     }
 
     public function testPassesSizeIsLowerThanConfiguredMaximum()