Cleaned up logic within ImageRepo

[bookstack] / app / Uploads / ImageService.php

diff --git a/app/Uploads/ImageService.php b/app/Uploads/ImageService.php
index dc18783c5d509b19af6da73434dd575b5d075112..4cd818bcce87629295d670b35a97c045df639d7c 100644 (file)
--- a/app/Uploads/ImageService.php
+++ b/app/Uploads/ImageService.php
@@ -26,6 +26,8 @@ class ImageService
     protected $image;
     protected $fileSystem;
 
+    protected static $supportedExtensions = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
+
     /**
      * ImageService constructor.
      */
@@ -470,6 +472,16 @@ class ImageService
         return $disk->response($path);
     }
 
+    /**
+     * Check if the given image extension is supported by BookStack.
+     * The extension must not be altered in this function. This check should provide a guarantee
+     * that the provided extension is safe to use for the image to be saved.
+     */
+    public static function isExtensionSupported(string $extension): bool
+    {
+        return in_array($extension, static::$supportedExtensions);
+    }
+
     /**
      * Get a storage path for the given image URL.
      * Ensures the path will start with "uploads/images".