diff options
author | tcit <tcit@tcit.fr> | 2014-05-18 22:11:56 +0200 |
---|---|---|
committer | tcit <tcit@tcit.fr> | 2014-05-18 22:11:56 +0200 |
commit | 007f26e582251895ea7d12b509c8aee24c4b1f47 (patch) | |
tree | 12dbccbb295e2400bbed1189833409107c546156 | |
parent | becc5bfbf289b1dda65fea4761742f1998d2143a (diff) | |
download | wallabag-007f26e582251895ea7d12b509c8aee24c4b1f47.tar.gz wallabag-007f26e582251895ea7d12b509c8aee24c4b1f47.tar.zst wallabag-007f26e582251895ea7d12b509c8aee24c4b1f47.zip |
Security fix for Download Images
-rw-r--r-- | inc/poche/pochePictures.php | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index e4b0b160..3202f2cc 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php | |||
@@ -72,9 +72,39 @@ function download_pictures($absolute_path, $fullpath) | |||
72 | if(file_exists($fullpath)) { | 72 | if(file_exists($fullpath)) { |
73 | unlink($fullpath); | 73 | unlink($fullpath); |
74 | } | 74 | } |
75 | $fp = fopen($fullpath, 'x'); | 75 | |
76 | fwrite($fp, $rawdata); | 76 | // check extension |
77 | fclose($fp); | 77 | $file_ext = strrchr($fullpath, '.'); |
78 | $whitelist = array(".jpg",".jpeg",".gif",".png"); | ||
79 | if (!(in_array($file_ext, $whitelist))) { | ||
80 | Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath); | ||
81 | } else { | ||
82 | // check headers | ||
83 | $imageinfo = getimagesize($absolute_path); | ||
84 | if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { | ||
85 | Tools::logm('processed image with bad header. Skipping ' . $fullpath); | ||
86 | } else { | ||
87 | // regenerate image | ||
88 | $im = imagecreatefromstring($rawdata); | ||
89 | if ($im) { | ||
90 | switch ($imageinfo['mime']) { | ||
91 | case 'image/gif': | ||
92 | imagegif($im, $fullpath); | ||
93 | break; | ||
94 | case 'image/jpeg': | ||
95 | case 'image/jpg': | ||
96 | imagejpeg($im, $fullpath); // default quality is 75% | ||
97 | break; | ||
98 | case 'image/png': | ||
99 | imagepng($im, $fullpath); | ||
100 | break; | ||
101 | } | ||
102 | imagedestroy($im); | ||
103 | } else { | ||
104 | Tools::logm('error while regenerating image ' . $fullpath); | ||
105 | } | ||
106 | } | ||
107 | } | ||
78 | } | 108 | } |
79 | 109 | ||
80 | /** | 110 | /** |