aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authortcit <tcit@tcit.fr>2014-05-18 22:11:56 +0200
committertcit <tcit@tcit.fr>2014-05-18 22:11:56 +0200
commit007f26e582251895ea7d12b509c8aee24c4b1f47 (patch)
tree12dbccbb295e2400bbed1189833409107c546156
parentbecc5bfbf289b1dda65fea4761742f1998d2143a (diff)
downloadwallabag-007f26e582251895ea7d12b509c8aee24c4b1f47.tar.gz
wallabag-007f26e582251895ea7d12b509c8aee24c4b1f47.tar.zst
wallabag-007f26e582251895ea7d12b509c8aee24c4b1f47.zip
Security fix for Download Images
-rw-r--r--inc/poche/pochePictures.php36
1 files changed, 33 insertions, 3 deletions
diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php
index e4b0b160..3202f2cc 100644
--- a/inc/poche/pochePictures.php
+++ b/inc/poche/pochePictures.php
@@ -72,9 +72,39 @@ function download_pictures($absolute_path, $fullpath)
72 if(file_exists($fullpath)) { 72 if(file_exists($fullpath)) {
73 unlink($fullpath); 73 unlink($fullpath);
74 } 74 }
75 $fp = fopen($fullpath, 'x'); 75
76 fwrite($fp, $rawdata); 76 // check extension
77 fclose($fp); 77 $file_ext = strrchr($fullpath, '.');
78 $whitelist = array(".jpg",".jpeg",".gif",".png");
79 if (!(in_array($file_ext, $whitelist))) {
80 Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath);
81 } else {
82 // check headers
83 $imageinfo = getimagesize($absolute_path);
84 if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') {
85 Tools::logm('processed image with bad header. Skipping ' . $fullpath);
86 } else {
87 // regenerate image
88 $im = imagecreatefromstring($rawdata);
89 if ($im) {
90 switch ($imageinfo['mime']) {
91 case 'image/gif':
92 imagegif($im, $fullpath);
93 break;
94 case 'image/jpeg':
95 case 'image/jpg':
96 imagejpeg($im, $fullpath); // default quality is 75%
97 break;
98 case 'image/png':
99 imagepng($im, $fullpath);
100 break;
101 }
102 imagedestroy($im);
103 } else {
104 Tools::logm('error while regenerating image ' . $fullpath);
105 }
106 }
107 }
78} 108}
79 109
80/** 110/**