fix(media): Allowed ext should be an array

zooley · zooley · commit fd06f6b85e81 · 2025-09-04T07:59:58.000-04:00
Also moves config lookup outside of loop to avoid unnecessary rechecks
diff --git a/app/Modules/Media/Config/config.php b/app/Modules/Media/Config/config.php
@@ -12,8 +12,15 @@
     |--------------------------------------------------------------------------
     | Specify all the allowed file extensions a user can upload on the server
     |--------------------------------------------------------------------------
+    | List of lowercase file extensions. Example:
+    | [
+    |    'bmp','csv','doc','docx','epg','eps','gif','ico','jpg','jpeg','jpe',
+    |    'key','keynote','mp4','mp3','m4a','m4v','odg','odp','ods','odt','pdf',
+    |    'png','ppt','pptx','svg','txt','xcf','xls','xlsx','webp','avif','zip'
+    | ]
+    | Leave empty to allow any file type.
     */
-    'allowed-extensions' => 'bmp,csv,doc,docx,epg,eps,gif,ico,jpg,jpeg,key,keynote,mp4,mp3,m4a,m4v,odg,odp,ods,odt,pdf,png,ppt,pptx,swf,txt,xcf,xls,xlsx,svg',
+    'allowed-extensions' => [],
 
     /*
     |--------------------------------------------------------------------------
diff --git a/app/Modules/Media/Http/Controllers/Api/MediaController.php b/app/Modules/Media/Http/Controllers/Api/MediaController.php
@@ -239,6 +239,12 @@ public function upload(Request $request): JsonResponse
 		}
 
 		$fileNotUploaded = false;
+		$maxSize = config('module.media.max-file-size', 0);
+		$allowedTypes = config('module.media.allowed-extensions', []);
+		if (is_string($allowedTypes))
+		{
+			$allowedTypes = explode(',', $allowedTypes);
+		}
 
 		foreach ($files as $file)
 		{
@@ -250,8 +256,6 @@ public function upload(Request $request): JsonResponse
 			}
 
 			// Check file size
-			$maxSize = config('module.media.max-file-size', 0);
-
 			if (($maxSize && $file->getSize() / 1024 > $maxSize)
 			 || $file->getSize() / 1024 > $file->getMaxFilesize())
 			{
@@ -269,8 +273,6 @@ public function upload(Request $request): JsonResponse
 			}*/
 
 			// Check allowed file type
-			$allowedTypes = config('module.media.allowed-extensions', []);
-
 			if (!empty($allowedTypes)
 			 && !in_array(
 				$file->getClientOriginalExtension(),
