diff options
Diffstat (limited to 'app/controllers/admin/login_style.php')
| -rw-r--r-- | app/controllers/admin/login_style.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/app/controllers/admin/login_style.php b/app/controllers/admin/login_style.php index 35cd7d8..74cc259 100644 --- a/app/controllers/admin/login_style.php +++ b/app/controllers/admin/login_style.php @@ -65,18 +65,22 @@ class Admin_LoginStyleController extends AuthenticatedController public function add_pic_action() { CSRFProtection::verifyRequest(); + + $image_validator = app(\Studip\Services\ImageValidator::class); + $success = 0; foreach ($_FILES['pictures']['name'] as $index => $filename) { if ($_FILES['pictures']['error'][$index] !== UPLOAD_ERR_OK) { continue; } - $extension = pathinfo($filename, PATHINFO_EXTENSION); - $extension = strtolower($extension); - if (!in_array($extension, ['gif', 'jpeg', 'jpg', 'png'])) { + if (!$image_validator->validateName($filename)) { continue; } + $extension = pathinfo($filename, PATHINFO_EXTENSION); + $extension = strtolower($extension); + $entry = new LoginBackground(); $entry->filename = $filename; $entry->desktop = Request::int('desktop', 0); |