arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Block import of invalid photo types and extensions

Browse Source
This commit is contained in:
Tobias Reich 2015-04-13 21:09:28 +02:00
parent 585bbb72ea
commit 2167b04d34
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
php/modules/Import.php
View File

@ -11,6 +11,9 @@ class Import extends Module {
static function photo($database, $plugins, $settings, $path, $albumID = 0, $description = '', $tags = '') { static function photo($database, $plugins, $settings, $path, $albumID = 0, $description = '', $tags = '') {
# No need to validate photo type and extension in this function.
# $photo->add will take care of it.
$info = getimagesize($path); $info = getimagesize($path);
$size = filesize($path); $size = filesize($path);
$photo = new Photo($database, $plugins, $settings, null); $photo = new Photo($database, $plugins, $settings, null);
@ -37,7 +40,16 @@ class Import extends Module {
foreach ($urls as &$url) { foreach ($urls as &$url) {
if (@exif_imagetype($url)===false) { # Verify extension
$extension = getExtension($url);
if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
$error = true;
continue;
}
# Verify image
$type = @exif_imagetype($url);
if (!in_array($type, Photo::$validTypes, true)) {
$error = true; $error = true;
continue; continue;
} }

14
php/modules/Photo.php
View File

@ -13,12 +13,12 @@ class Photo extends Module {
private $settings = null; private $settings = null;
private $photoIDs = null; private $photoIDs = null;
private $allowedTypes = array( public static $validTypes = array(
IMAGETYPE_JPEG, IMAGETYPE_JPEG,
IMAGETYPE_GIF, IMAGETYPE_GIF,
IMAGETYPE_PNG IMAGETYPE_PNG
); );
private $validExtensions = array( public static $validExtensions = array(
'.jpg', '.jpg',
'.jpeg', '.jpeg',
'.png', '.png',
@ -87,11 +87,17 @@ class Photo extends Module {
# Verify extension # Verify extension
$extension = getExtension($file['name']); $extension = getExtension($file['name']);
if (!in_array(strtolower($extension), $this->validExtensions, true)) continue; if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
Log::error($this->database, __METHOD__, __LINE__, 'Photo format not supported');
exit('Error: Photo format not supported!');
}
# Verify image # Verify image
$type = @exif_imagetype($file['tmp_name']); $type = @exif_imagetype($file['tmp_name']);
if (!in_array($type, $this->allowedTypes, true)) continue; if (!in_array($type, Photo::$validTypes, true)) {
Log::error($this->database, __METHOD__, __LINE__, 'Photo type not supported');
exit('Error: Photo type not supported!');
}
# Generate id # Generate id
$id = str_replace('.', '', microtime(true)); $id = str_replace('.', '', microtime(true));