2 files changed, 15 insertions, 12 deletions

diff --git a/app/controllers/admin/banner.php b/app/controllers/admin/banner.php
index 5199bbc..e41eab6 100644
--- a/app/controllers/admin/banner.php
+++ b/app/controllers/admin/banner.php
@@ -264,17 +264,16 @@ class Admin_BannerController extends AuthenticatedController
         }
 
         //Dateiendung bestimmen
-        $dot = mb_strrpos($img_name, '.');
-        if ($dot) {
-            $l   = mb_strlen($img_name) - $dot;
-            $ext = mb_strtolower(mb_substr($img_name, $dot + 1, $l));
-        }
+        $ext = pathinfo($img_name, PATHINFO_EXTENSION);
+        $ext = strtolower($ext);
 
         //passende Endung ?
-        if (!in_array($ext, words('gif jpeg jpg png'))) {
-            $errors[] = sprintf(_('Der Dateityp der Bilddatei ist falsch (%s).<br>'
-                                 .'Es sind nur die Dateiendungen .gif, .png und .jpg erlaubt!')
-                                , htmlReady($ext));
+        if (!app(\Studip\Services\ImageValidator::class)->validateName($img_name)) {
+            $errors[] = sprintf(
+                _('Der Dateityp der Bilddatei ist falsch (%s).<br>'
+                 .'Es sind nur die Dateiendungen .gif, .png, .jpg und .webp erlaubt!'),
+                htmlReady($ext)
+            );
             return false;
         }
 
diff --git a/app/controllers/admin/login_style.php b/app/controllers/admin/login_style.php
index 35cd7d8..74cc259 100644
--- a/app/controllers/admin/login_style.php
+++ b/app/controllers/admin/login_style.php
@@ -65,18 +65,22 @@ class Admin_LoginStyleController extends AuthenticatedController
     public function add_pic_action()
     {
         CSRFProtection::verifyRequest();
+
+        $image_validator = app(\Studip\Services\ImageValidator::class);
+
         $success = 0;
         foreach ($_FILES['pictures']['name'] as $index => $filename) {
             if ($_FILES['pictures']['error'][$index] !== UPLOAD_ERR_OK) {
                 continue;
             }
 
-            $extension = pathinfo($filename, PATHINFO_EXTENSION);
-            $extension = strtolower($extension);
-            if (!in_array($extension, ['gif', 'jpeg', 'jpg', 'png'])) {
+            if (!$image_validator->validateName($filename)) {
                 continue;
             }
 
+            $extension = pathinfo($filename, PATHINFO_EXTENSION);
+            $extension = strtolower($extension);
+
             $entry = new LoginBackground();
             $entry->filename = $filename;
             $entry->desktop = Request::int('desktop', 0);