WIP

2026-03-31 17:57:59 +02:00
parent 1b1dab65b6
commit 476060cf7d
45 changed files with 8547 additions and 648 deletions
--- a/src/Controller/CommentController.php
+++ b/src/Controller/CommentController.php
@@ -91,12 +91,29 @@ final class CommentController extends AbstractController
        $this->entityManager->persist($comment);

        // Handle file uploads
+        $allowedMimeTypes = [
+            'application/pdf',
+            'image/jpeg', 'image/png', 'image/gif', 'image/webp', 'image/bmp',
+            'text/plain', 'text/csv',
+            'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
+            'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
+            'application/msword', 'application/vnd.ms-excel',
+            'application/zip',
+        ];
+
        $files = $request->files->all('files');
        foreach ($files as $file) {
            if (!$file instanceof UploadedFile || !$file->isValid()) {
                continue;
            }

+            $detectedMime = $file->getMimeType() ?: 'application/octet-stream';
+            if (!in_array($detectedMime, $allowedMimeTypes, true)) {
+                return $this->json([
+                    'message' => sprintf('Type de fichier non autorisé : %s', $detectedMime),
+                ], 400);
+            }
+
            $document   = new Document();
            $documentId = 'cl'.bin2hex(random_bytes(12));
            $document->setId($documentId);