From d7eb12b8ea958db55bf04d70ccac8c1aff4b0e50 Mon Sep 17 00:00:00 2001
From: Samuell <Samuell1@users.noreply.github.com>
Date: Sat, 3 Apr 2021 11:02:39 +0200
Subject: [PATCH 1/3] Fix italic tag name

---
 assets/contenteditor.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/assets/contenteditor.js b/assets/contenteditor.js
index a5f59ac..0ea5ff1 100644
--- a/assets/contenteditor.js
+++ b/assets/contenteditor.js
@@ -16,7 +16,7 @@ ContentTools.RESTRICTED_ATTRIBUTES['*'] = []; // allow style attribute on elemen
 
 // Change bold and italic default tags by WCAG2 accessibility guidelines
 ContentTools.Tools.Bold.tagName = 'strong';
-ContentTools.Tools.Bold.Italic = 'em';
+ContentTools.Tools.Italic.tagName = 'em';
 
 /*
 * Save event

From ef762e2bd138950330b3ea5fe53818a709bfa673 Mon Sep 17 00:00:00 2001
From: Samuell <Samuell1@users.noreply.github.com>
Date: Sat, 3 Apr 2021 11:33:22 +0200
Subject: [PATCH 2/3] Allow only image extension

---
 http/controllers/ImageController.php          | 80 ++++++++++++++-----
 .../EditorPermissionsMiddleware.php           |  5 ++
 routes.php                                    |  9 ++-
 3 files changed, 74 insertions(+), 20 deletions(-)

diff --git a/http/controllers/ImageController.php b/http/controllers/ImageController.php
index c32c098..3a788aa 100644
--- a/http/controllers/ImageController.php
+++ b/http/controllers/ImageController.php
@@ -1,26 +1,23 @@
 <?php namespace Samuell\ContentEditor\Http\Controllers;
 
-use ApplicationException;
-use Exception;
-use Response;
 use File;
 use Input;
+use Response;
+use Exception;
+use ApplicationException;
+use Cms\Classes\MediaLibrary;
 use Illuminate\Routing\Controller;
 use October\Rain\Database\Attach\Resizer;
-use Cms\Classes\MediaLibrary;
-use Cms\Helpers\File as FileHelper;
 use Samuell\ContentEditor\Models\Settings;
-use Samuell\ContentEditor\Http\Middleware\EditorPermissionsMiddleware;
-use October\Rain\Support\Facades\Str;
+use October\Rain\Filesystem\Definitions as FileDefinitions;
 
+/**
+ * ImageController
+ * 
+ * Handle content editor image upload
+ */
 class ImageController extends Controller
 {
-    public function __construct()
-    {
-        $this->middleware('web');
-        $this->middleware(EditorPermissionsMiddleware::class);
-    }
-
     public function upload()
     {
         try {
@@ -31,19 +28,28 @@ public function upload()
             $uploadedFile = Input::file('image');
             $fileName = $uploadedFile->getClientOriginalName();
 
-            // Convert uppcare case file extensions to lower case
+            /*
+             * Convert uppcare case file extensions to lower case
+             */
             $extension = strtolower($uploadedFile->getClientOriginalExtension());
             $fileName = File::name($fileName).'.'.$extension;
 
-            // File name contains non-latin characters, attempt to slug the value
-            if (!FileHelper::validateName($fileName)) {
-                $fileNameSlug = Str::slug(File::name($fileName), '-');
-                $fileName = $fileNameSlug.'.'.$extension;
+            /*
+             * File name contains non-latin characters, attempt to slug the value
+             */
+            if (!$this->validateFileName($fileName)) {
+                $fileNameClean = $this->cleanFileName(File::name($fileName));
+                $fileName = $fileNameClean . '.' . $extension;
             }
+
             if (!$uploadedFile->isValid()) {
                 throw new ApplicationException($uploadedFile->getErrorMessage());
             }
 
+            if (!$this->validateFileType($fileName)) {
+                throw new ApplicationException(Lang::get('backend::lang.media.type_blocked'));
+            }
+
             $path = Settings::get('image_folder', 'contenteditor');
             $path = MediaLibrary::validatePath($path);
 
@@ -126,4 +132,42 @@ public function save()
             ]
         ]);
     }
+
+    /**
+     * Check for blocked / unsafe file extensions
+     *
+     * @param string
+     * @return bool
+     */
+    protected function validateFileType($name)
+    {
+        $extension = strtolower(File::extension($name));
+
+        $allowedFileTypes = FileDefinitions::get('imageExtensions');
+
+        if (!in_array($extension, $allowedFileTypes)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Validate a proposed media item file name.
+     *
+     * @param string
+     * @return bool
+     */
+    protected function validateFileName($name)
+    {
+        if (!preg_match('/^[\w@\.\s_\-]+$/iu', $name)) {
+            return false;
+        }
+
+        if (strpos($name, '..') !== false) {
+            return false;
+        }
+
+        return true;
+    }
 }
diff --git a/http/middleware/EditorPermissionsMiddleware.php b/http/middleware/EditorPermissionsMiddleware.php
index b9305eb..80c3407 100644
--- a/http/middleware/EditorPermissionsMiddleware.php
+++ b/http/middleware/EditorPermissionsMiddleware.php
@@ -3,6 +3,11 @@
 use Closure;
 use Backend\Facades\BackendAuth;
 
+/**
+ * EditorPermissionsMiddleware
+ * 
+ * Allow only backend user with editor permission
+ */
 class EditorPermissionsMiddleware
 {
     public function handle($request, Closure $next)
diff --git a/routes.php b/routes.php
index e877245..5033f46 100644
--- a/routes.php
+++ b/routes.php
@@ -1,8 +1,13 @@
 <?php
 
+use Samuell\ContentEditor\Http\Middleware\EditorPermissionsMiddleware;
+
 Route::group(['prefix' => 'contenteditor'], function () {
-    Route::post('image/upload', 'Samuell\ContentEditor\Http\Controllers\ImageController@upload');
-    Route::post('image/save', 'Samuell\ContentEditor\Http\Controllers\ImageController@save');
+
+    Route::middleware(['web', EditorPermissionsMiddleware::class])->group(function () {
+        Route::post('image/upload', 'Samuell\ContentEditor\Http\Controllers\ImageController@upload');
+        Route::post('image/save', 'Samuell\ContentEditor\Http\Controllers\ImageController@save');
+    });
 
     // Additional styles route
     Route::get('styles', 'Samuell\ContentEditor\Http\Controllers\AdditionalStylesController@render');

From d7dee2c4026365c5cfb8b1ec002a1174ed77ca4b Mon Sep 17 00:00:00 2001
From: Samuell <Samuell1@users.noreply.github.com>
Date: Sat, 3 Apr 2021 11:35:08 +0200
Subject: [PATCH 3/3] Update version.yaml

---
 updates/version.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/updates/version.yaml b/updates/version.yaml
index a815b1e..ecf04aa 100644
--- a/updates/version.yaml
+++ b/updates/version.yaml
@@ -22,7 +22,7 @@
 1.0.8: Fix BackendAuth issue for build 420
 1.0.9: Fix missing fixture in render component
 1.1.0: Fix SELF prefix for fixtures
-1.2.0: 
+1.2.0:
     - Support classes for fixture
     - Fix renderCount if component using other alias name
 1.2.1:
@@ -52,3 +52,6 @@
 1.3.2:
     - Add small tag tool
     - Changed tools b to strong and i to em
+1.3.3:
+    - Allow only image extensions for upload
+    - Fix italic tag name