From 007f26e582251895ea7d12b509c8aee24c4b1f47 Mon Sep 17 00:00:00 2001 From: tcit Date: Sun, 18 May 2014 22:11:56 +0200 Subject: [PATCH] Security fix for Download Images --- inc/poche/pochePictures.php | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index e4b0b160..3202f2cc 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php @@ -72,9 +72,39 @@ function download_pictures($absolute_path, $fullpath) if(file_exists($fullpath)) { unlink($fullpath); } - $fp = fopen($fullpath, 'x'); - fwrite($fp, $rawdata); - fclose($fp); + + // check extension + $file_ext = strrchr($fullpath, '.'); + $whitelist = array(".jpg",".jpeg",".gif",".png"); + if (!(in_array($file_ext, $whitelist))) { + Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath); + } else { + // check headers + $imageinfo = getimagesize($absolute_path); + if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { + Tools::logm('processed image with bad header. Skipping ' . $fullpath); + } else { + // regenerate image + $im = imagecreatefromstring($rawdata); + if ($im) { + switch ($imageinfo['mime']) { + case 'image/gif': + imagegif($im, $fullpath); + break; + case 'image/jpeg': + case 'image/jpg': + imagejpeg($im, $fullpath); // default quality is 75% + break; + case 'image/png': + imagepng($im, $fullpath); + break; + } + imagedestroy($im); + } else { + Tools::logm('error while regenerating image ' . $fullpath); + } + } + } } /** -- 2.41.0