Do not allow non-image data as logo

bwauu · Dec 22, 2019 · 92dd148 · 92dd148
1 parent 9a37888
commit 92dd148
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/src/Writer/AbstractWriter.php b/src/Writer/AbstractWriter.php
@@ -11,6 +11,7 @@
 
 namespace Endroid\QrCode\Writer;
 
+use Endroid\QrCode\Exception\GenerateImageException;
 use Endroid\QrCode\Exception\InvalidLogoException;
 use Endroid\QrCode\Exception\MissingExtensionException;
 use Endroid\QrCode\QrCodeInterface;
@@ -29,6 +30,10 @@ protected function getMimeType(string $path): string
             throw new InvalidLogoException('Could not determine mime type');
         }
 
+        if (!preg_match('#^image/#', $mimeType)) {
+            throw new GenerateImageException('Logo path is not an image');
+        }
+
         // Passing mime type image/svg results in invisible images
         if ('image/svg' === $mimeType) {
             return 'image/svg+xml';

diff --git a/tests/QrCodeTest.php b/tests/QrCodeTest.php
@@ -11,6 +11,7 @@
 
 namespace Endroid\QrCode\Tests;
 
+use Endroid\QrCode\Exception\GenerateImageException;
 use Endroid\QrCode\Factory\QrCodeFactory;
 use Endroid\QrCode\QrCode;
 use PHPUnit\Framework\TestCase;
@@ -184,4 +185,15 @@ public function testData(): void
         $this->assertArrayHasKey('margin_left', $data);
         $this->assertArrayHasKey('margin_right', $data);
     }
+
+    public function testNonImageData(): void
+    {
+        $qrCode = new QrCode('QR Code');
+        $qrCode->setLogoPath(__DIR__.'/QrCodeTest.php');
+        $qrCode->setLogoSize(200, 200);
+        $qrCode->setWriterByExtension('svg');
+
+        $this->expectException(GenerateImageException::class);
+        $qrCode->writeString();
+    }
 }