Merge branch 'master' into release/v3.0.0

# Conflicts: # dist/main.css # dist/main.js # dist/view.js # src/package.json # src/scripts/lychee.js
2015-04-17 22:55:46 +02:00 · 2015-04-17 22:55:46 +02:00 · 88ef1e49b7
commit 88ef1e49b7
parent 2821383243 99e276324f
4 changed files with 33 additions and 5 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -1,3 +1,10 @@
+## v2.7.2
+
+Released April 13, 2015
+
+- `Fixed` Prevented remote code execution of photos imported using "Import from URL" (Thanks Segment S.r.l)
+- `Fixed` Stopped view.php from returning data of private photos
+
 ## v2.7.1

 Released January 26, 2015
--- a/php/modules/Import.php
+++ b/php/modules/Import.php
@ -11,6 +11,9 @@ class Import extends Module {

 	static function photo($database, $plugins, $settings, $path, $albumID = 0, $description = '', $tags = '') {

+		# No need to validate photo type and extension in this function.
+		# $photo->add will take care of it.
+
 		$info	= getimagesize($path);
 		$size	= filesize($path);
 		$photo	= new Photo($database, $plugins, $settings, null);
@ -37,7 +40,16 @@ class Import extends Module {

 		foreach ($urls as &$url) {

-			if (@exif_imagetype($url)===false) {
+			# Verify extension
+			$extension = getExtension($url);
+			if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
+				$error = true;
+				continue;
+			}
+
+			# Verify image
+			$type = @exif_imagetype($url);
+			if (!in_array($type, Photo::$validTypes, true)) {
 				$error = true;
 				continue;
 			}
--- a/php/modules/Photo.php
+++ b/php/modules/Photo.php
@ -13,12 +13,12 @@ class Photo extends Module {
 	private $settings	= null;
 	private $photoIDs	= null;

-	private $allowedTypes = array(
+	public static $validTypes = array(
 		IMAGETYPE_JPEG,
 		IMAGETYPE_GIF,
 		IMAGETYPE_PNG
 	);
-	private $validExtensions = array(
+	public static $validExtensions = array(
 		'.jpg',
 		'.jpeg',
 		'.png',
@ -87,11 +87,17 @@ class Photo extends Module {

 			# Verify extension
 			$extension = getExtension($file['name']);
-			if (!in_array(strtolower($extension), $this->validExtensions, true)) continue;
+			if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
+				Log::error($this->database, __METHOD__, __LINE__, 'Photo format not supported');
+				exit('Error: Photo format not supported!');
+			}

 			# Verify image
 			$type = @exif_imagetype($file['tmp_name']);
-			if (!in_array($type, $this->allowedTypes, true)) continue;
+			if (!in_array($type, Photo::$validTypes, true)) {
+				Log::error($this->database, __METHOD__, __LINE__, 'Photo type not supported');
+				exit('Error: Photo type not supported!');
+			}

 			# Generate id
 			$id = str_replace('.', '', microtime(true));
--- a/php/modules/misc.php
+++ b/php/modules/misc.php
@ -73,6 +73,9 @@ function getGraphHeader($database, $photoID) {

 	if (!isset($database, $photoID)) return false;

+	$photo = new Photo($database, null, null, $photoID);
+	if ($photo->getPublic('')===false) return false;
+
 	$query	= Database::prepare($database, "SELECT title, description, url, medium FROM ? WHERE id = '?'", array(LYCHEE_TABLE_PHOTOS, $photoID));
 	$result	= $database->query($query);
 	$row	= $result->fetch_object();