Fix unsupported image formats were making it into spamnoticer
- Unspported images were getting denied by the board, but only after they have gotten into spamnoticer - Refactor the code a little bit to check image mimetypes first
This commit is contained in:
parent
3197fb726e
commit
29349e4083
|
|
@ -1161,7 +1161,11 @@
|
||||||
$config['error']['toolongreport'] = _('The reason was too long.');
|
$config['error']['toolongreport'] = _('The reason was too long.');
|
||||||
$config['error']['toomanyreports'] = _('You can\'t report that many posts at once.');
|
$config['error']['toomanyreports'] = _('You can\'t report that many posts at once.');
|
||||||
$config['error']['invalidpassword'] = _('Wrong password…');
|
$config['error']['invalidpassword'] = _('Wrong password…');
|
||||||
$config['error']['invalidimg'] = _('Invalid image.');
|
$config['error']['invalidimg1'] = _('Invalid image.1');
|
||||||
|
$config['error']['invalidimg2'] = _('Invalid image.2');
|
||||||
|
$config['error']['invalidimg3'] = _('Unsupported image MIME type. (Hint: double check what format your image *really* is)');
|
||||||
|
$config['error']['invalidimg4'] = _('Invalid image.4');
|
||||||
|
$config['error']['invalidimg5'] = _('Invalid image.5');
|
||||||
$config['error']['unknownext'] = _('Unknown file extension.');
|
$config['error']['unknownext'] = _('Unknown file extension.');
|
||||||
$config['error']['filesize'] = _('Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes');
|
$config['error']['filesize'] = _('Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes');
|
||||||
$config['error']['maxsize'] = _('The file was too big.');
|
$config['error']['maxsize'] = _('The file was too big.');
|
||||||
|
|
|
||||||
|
|
@ -31,13 +31,13 @@ class Image {
|
||||||
|
|
||||||
if (!$this->image->valid()) {
|
if (!$this->image->valid()) {
|
||||||
$this->delete();
|
$this->delete();
|
||||||
error($config['error']['invalidimg']);
|
error($config['error']['invalidimg4']);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->size = (object)array('width' => $this->image->_width(), 'height' => $this->image->_height());
|
$this->size = (object)array('width' => $this->image->_width(), 'height' => $this->image->_height());
|
||||||
if ($this->size->width < 1 || $this->size->height < 1) {
|
if ($this->size->width < 1 || $this->size->height < 1) {
|
||||||
$this->delete();
|
$this->delete();
|
||||||
error($config['error']['invalidimg']);
|
error($config['error']['invalidimg5']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
84
post.php
84
post.php
|
|
@ -413,6 +413,47 @@ function handle_report(){
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function validate_images(array $post_array) {
|
||||||
|
global $config;
|
||||||
|
|
||||||
|
if (!$post_array['has_file']) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($post_array['files'] as $key => &$file) {
|
||||||
|
if ($file['is_an_image']) {
|
||||||
|
$err = null;
|
||||||
|
|
||||||
|
if ($config['ie_mime_type_detection'] !== false) {
|
||||||
|
$upload = $file['tmp_name'];
|
||||||
|
// Check IE MIME type detection XSS exploit
|
||||||
|
$buffer = file_get_contents($upload, false, null, 0, 255);
|
||||||
|
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
|
||||||
|
$err = $config['error']['mime_exploit'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// find dimensions of an image using GD
|
||||||
|
if (!$size = @getimagesize($file['tmp_name'])) {
|
||||||
|
$err = $config['error']['invalidimg2'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
|
||||||
|
$err = $config['error']['invalidimg3'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
||||||
|
$err = $config['error']['maxsize'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!is_null($err)) {
|
||||||
|
undoImage($post_array);
|
||||||
|
error($err);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function handle_post(){
|
function handle_post(){
|
||||||
global $config,$dropped_post,$board, $mod,$pdo;
|
global $config,$dropped_post,$board, $mod,$pdo;
|
||||||
|
|
||||||
|
|
@ -605,7 +646,7 @@ function handle_post(){
|
||||||
function upload_by_url($config,$post,$url) {
|
function upload_by_url($config,$post,$url) {
|
||||||
$post['file_url'] = $url;
|
$post['file_url'] = $url;
|
||||||
if (!preg_match('@^https?://@', $post['file_url']))
|
if (!preg_match('@^https?://@', $post['file_url']))
|
||||||
error($config['error']['invalidimg']);
|
error($config['error']['invalidimg1']);
|
||||||
|
|
||||||
if (mb_strpos($post['file_url'], '?') !== false)
|
if (mb_strpos($post['file_url'], '?') !== false)
|
||||||
$url_without_params = mb_substr($post['file_url'], 0, mb_strpos($post['file_url'], '?'));
|
$url_without_params = mb_substr($post['file_url'], 0, mb_strpos($post['file_url'], '?'));
|
||||||
|
|
@ -949,15 +990,15 @@ function handle_post(){
|
||||||
|
|
||||||
$upload = $file['tmp_name'];
|
$upload = $file['tmp_name'];
|
||||||
|
|
||||||
if (!is_readable($upload))
|
if (!is_readable($upload)) {
|
||||||
error($config['error']['nomove']);
|
error($config['error']['nomove']);
|
||||||
|
}
|
||||||
|
|
||||||
if ($md5cmd) {
|
if ($md5cmd) {
|
||||||
$output = shell_exec_error($md5cmd . " " . escapeshellarg($upload));
|
$output = shell_exec_error($md5cmd . " " . escapeshellarg($upload));
|
||||||
$output = explode(' ', $output);
|
$output = explode(' ', $output);
|
||||||
$hash = $output[0];
|
$hash = $output[0];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$hash = md5_file($upload);
|
$hash = md5_file($upload);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -979,6 +1020,8 @@ function handle_post(){
|
||||||
do_filters($post);
|
do_filters($post);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
validate_images($post);
|
||||||
|
|
||||||
if ($config['spam_noticer']['enabled']) {
|
if ($config['spam_noticer']['enabled']) {
|
||||||
require_once 'inc/spamnoticer.php';
|
require_once 'inc/spamnoticer.php';
|
||||||
|
|
||||||
|
|
@ -996,28 +1039,6 @@ function handle_post(){
|
||||||
if ($post['has_file']) {
|
if ($post['has_file']) {
|
||||||
foreach ($post['files'] as $key => &$file) {
|
foreach ($post['files'] as $key => &$file) {
|
||||||
if ($file['is_an_image']) {
|
if ($file['is_an_image']) {
|
||||||
if ($config['ie_mime_type_detection'] !== false) {
|
|
||||||
// Check IE MIME type detection XSS exploit
|
|
||||||
$buffer = file_get_contents($upload, false, null, 0, 255);
|
|
||||||
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
|
|
||||||
undoImage($post);
|
|
||||||
error($config['error']['mime_exploit']);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
require_once 'inc/image.php';
|
|
||||||
|
|
||||||
// find dimensions of an image using GD
|
|
||||||
if (!$size = @getimagesize($file['tmp_name'])) {
|
|
||||||
error($config['error']['invalidimg']);
|
|
||||||
}
|
|
||||||
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
|
|
||||||
error($config['error']['invalidimg']);
|
|
||||||
}
|
|
||||||
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
|
||||||
error($config['error']['maxsize']);
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
|
if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
|
||||||
// The following code corrects the image orientation.
|
// The following code corrects the image orientation.
|
||||||
// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
|
// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
|
||||||
|
|
@ -1045,7 +1066,7 @@ function handle_post(){
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
|
$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
|
||||||
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($upload));
|
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($file['tmp_name']));
|
||||||
}
|
}
|
||||||
if ($error) {
|
if ($error) {
|
||||||
error(_('Could not auto-orient image!'), null, $error);
|
error(_('Could not auto-orient image!'), null, $error);
|
||||||
|
|
@ -1058,6 +1079,8 @@ function handle_post(){
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
require_once 'inc/image.php';
|
||||||
|
|
||||||
// create image object
|
// create image object
|
||||||
$image = new Image($file['tmp_name'], $file['extension'], $size);
|
$image = new Image($file['tmp_name'], $file['extension'], $size);
|
||||||
if ($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
|
if ($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
|
||||||
|
|
@ -1249,13 +1272,16 @@ function handle_post(){
|
||||||
|
|
||||||
if (!isset($dont_copy_file) || !$dont_copy_file) {
|
if (!isset($dont_copy_file) || !$dont_copy_file) {
|
||||||
if (isset($file['file_tmp'])) {
|
if (isset($file['file_tmp'])) {
|
||||||
if (!@rename($file['tmp_name'], $file['file']))
|
if (!@rename($file['tmp_name'], $file['file'])) {
|
||||||
error($config['error']['nomove']);
|
error($config['error']['nomove']);
|
||||||
|
}
|
||||||
|
|
||||||
chmod($file['file'], 0644);
|
chmod($file['file'], 0644);
|
||||||
} elseif (!@move_uploaded_file($file['tmp_name'], $file['file']))
|
} elseif (!@move_uploaded_file($file['tmp_name'], $file['file'])) {
|
||||||
error($config['error']['nomove']);
|
error($config['error']['nomove']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if ($config['image_reject_repost']) {
|
if ($config['image_reject_repost']) {
|
||||||
if ($p = getPostByHash($post['filehash'])) {
|
if ($p = getPostByHash($post['filehash'])) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue