Replace regex usage for MIME parsing (#17831)

MIME types can have multiple optional parameters, eg:
    video/webm; codecs="w/e codec"; charset="binary"
This commit replaces the usage of regex for getting the "type/subtype"
with mime.ParseMediaType.

Author: gabriel-vasile

modules/upload/upload.go

@@ -5,6 +5,7 @@
 package upload
 
 import (
+	"mime"
 	"net/http"
 	"net/url"
 	"path"
@@ -31,7 +32,6 @@ func (err ErrFileTypeForbidden) Error() string {
 	return "This file extension or type is not allowed to be uploaded."
 }
 
-var mimeTypeSuffixRe = regexp.MustCompile(`;.*$`)
 var wildcardTypeRe = regexp.MustCompile(`^[a-z]+/\*$`)
 
 // Verify validates whether a file is allowed to be uploaded.
@@ -51,7 +51,11 @@ func Verify(buf []byte, fileName string, allowedTypesStr string) error {
 	}
 
 	fullMimeType := http.DetectContentType(buf)
-	mimeType := strings.TrimSpace(mimeTypeSuffixRe.ReplaceAllString(fullMimeType, ""))
+	mimeType, _, err := mime.ParseMediaType(fullMimeType)
+	if err != nil {
+		log.Warn("Detected attachment type could not be parsed %s", fullMimeType)
+		return ErrFileTypeForbidden{Type: fullMimeType}
+	}
 	extension := strings.ToLower(path.Ext(fileName))
 
 	// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers