Fix unsupported image formats were making it into spamnoticer
- Unspported images were getting denied by the board, but only after they have gotten into spamnoticer - Refactor the code a little bit to check image mimetypes first
This commit is contained in:
parent
3197fb726e
commit
29349e4083
|
|
@ -1161,7 +1161,11 @@
|
|||
$config['error']['toolongreport'] = _('The reason was too long.');
|
||||
$config['error']['toomanyreports'] = _('You can\'t report that many posts at once.');
|
||||
$config['error']['invalidpassword'] = _('Wrong password…');
|
||||
$config['error']['invalidimg'] = _('Invalid image.');
|
||||
$config['error']['invalidimg1'] = _('Invalid image.1');
|
||||
$config['error']['invalidimg2'] = _('Invalid image.2');
|
||||
$config['error']['invalidimg3'] = _('Unsupported image MIME type. (Hint: double check what format your image *really* is)');
|
||||
$config['error']['invalidimg4'] = _('Invalid image.4');
|
||||
$config['error']['invalidimg5'] = _('Invalid image.5');
|
||||
$config['error']['unknownext'] = _('Unknown file extension.');
|
||||
$config['error']['filesize'] = _('Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes');
|
||||
$config['error']['maxsize'] = _('The file was too big.');
|
||||
|
|
|
|||
|
|
@ -31,13 +31,13 @@ class Image {
|
|||
|
||||
if (!$this->image->valid()) {
|
||||
$this->delete();
|
||||
error($config['error']['invalidimg']);
|
||||
error($config['error']['invalidimg4']);
|
||||
}
|
||||
|
||||
$this->size = (object)array('width' => $this->image->_width(), 'height' => $this->image->_height());
|
||||
if ($this->size->width < 1 || $this->size->height < 1) {
|
||||
$this->delete();
|
||||
error($config['error']['invalidimg']);
|
||||
error($config['error']['invalidimg5']);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
84
post.php
84
post.php
|
|
@ -413,6 +413,47 @@ function handle_report(){
|
|||
|
||||
}
|
||||
|
||||
function validate_images(array $post_array) {
|
||||
global $config;
|
||||
|
||||
if (!$post_array['has_file']) {
|
||||
return;
|
||||
}
|
||||
|
||||
foreach ($post_array['files'] as $key => &$file) {
|
||||
if ($file['is_an_image']) {
|
||||
$err = null;
|
||||
|
||||
if ($config['ie_mime_type_detection'] !== false) {
|
||||
$upload = $file['tmp_name'];
|
||||
// Check IE MIME type detection XSS exploit
|
||||
$buffer = file_get_contents($upload, false, null, 0, 255);
|
||||
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
|
||||
$err = $config['error']['mime_exploit'];
|
||||
}
|
||||
}
|
||||
|
||||
// find dimensions of an image using GD
|
||||
if (!$size = @getimagesize($file['tmp_name'])) {
|
||||
$err = $config['error']['invalidimg2'];
|
||||
}
|
||||
|
||||
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
|
||||
$err = $config['error']['invalidimg3'];
|
||||
}
|
||||
|
||||
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
||||
$err = $config['error']['maxsize'];
|
||||
}
|
||||
|
||||
if (!is_null($err)) {
|
||||
undoImage($post_array);
|
||||
error($err);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function handle_post(){
|
||||
global $config,$dropped_post,$board, $mod,$pdo;
|
||||
|
||||
|
|
@ -605,7 +646,7 @@ function handle_post(){
|
|||
function upload_by_url($config,$post,$url) {
|
||||
$post['file_url'] = $url;
|
||||
if (!preg_match('@^https?://@', $post['file_url']))
|
||||
error($config['error']['invalidimg']);
|
||||
error($config['error']['invalidimg1']);
|
||||
|
||||
if (mb_strpos($post['file_url'], '?') !== false)
|
||||
$url_without_params = mb_substr($post['file_url'], 0, mb_strpos($post['file_url'], '?'));
|
||||
|
|
@ -949,15 +990,15 @@ function handle_post(){
|
|||
|
||||
$upload = $file['tmp_name'];
|
||||
|
||||
if (!is_readable($upload))
|
||||
if (!is_readable($upload)) {
|
||||
error($config['error']['nomove']);
|
||||
}
|
||||
|
||||
if ($md5cmd) {
|
||||
$output = shell_exec_error($md5cmd . " " . escapeshellarg($upload));
|
||||
$output = explode(' ', $output);
|
||||
$hash = $output[0];
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$hash = md5_file($upload);
|
||||
}
|
||||
|
||||
|
|
@ -979,6 +1020,8 @@ function handle_post(){
|
|||
do_filters($post);
|
||||
}
|
||||
|
||||
validate_images($post);
|
||||
|
||||
if ($config['spam_noticer']['enabled']) {
|
||||
require_once 'inc/spamnoticer.php';
|
||||
|
||||
|
|
@ -996,28 +1039,6 @@ function handle_post(){
|
|||
if ($post['has_file']) {
|
||||
foreach ($post['files'] as $key => &$file) {
|
||||
if ($file['is_an_image']) {
|
||||
if ($config['ie_mime_type_detection'] !== false) {
|
||||
// Check IE MIME type detection XSS exploit
|
||||
$buffer = file_get_contents($upload, false, null, 0, 255);
|
||||
if (preg_match($config['ie_mime_type_detection'], $buffer)) {
|
||||
undoImage($post);
|
||||
error($config['error']['mime_exploit']);
|
||||
}
|
||||
}
|
||||
|
||||
require_once 'inc/image.php';
|
||||
|
||||
// find dimensions of an image using GD
|
||||
if (!$size = @getimagesize($file['tmp_name'])) {
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
||||
error($config['error']['maxsize']);
|
||||
}
|
||||
|
||||
if ($config['convert_auto_orient'] && ($file['extension'] == 'jpg' || $file['extension'] == 'jpeg')) {
|
||||
// The following code corrects the image orientation.
|
||||
// Currently only works with the 'convert' option selected but it could easily be expanded to work with the rest if you can be bothered.
|
||||
|
|
@ -1045,7 +1066,7 @@ function handle_post(){
|
|||
}
|
||||
} else {
|
||||
$error = shell_exec_error(($gm ? 'gm ' : '') . 'convert ' .
|
||||
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($upload));
|
||||
escapeshellarg($file['tmp_name']) . ' -auto-orient ' . escapeshellarg($file['tmp_name']));
|
||||
}
|
||||
if ($error) {
|
||||
error(_('Could not auto-orient image!'), null, $error);
|
||||
|
|
@ -1058,6 +1079,8 @@ function handle_post(){
|
|||
}
|
||||
}
|
||||
|
||||
require_once 'inc/image.php';
|
||||
|
||||
// create image object
|
||||
$image = new Image($file['tmp_name'], $file['extension'], $size);
|
||||
if ($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
|
||||
|
|
@ -1249,13 +1272,16 @@ function handle_post(){
|
|||
|
||||
if (!isset($dont_copy_file) || !$dont_copy_file) {
|
||||
if (isset($file['file_tmp'])) {
|
||||
if (!@rename($file['tmp_name'], $file['file']))
|
||||
if (!@rename($file['tmp_name'], $file['file'])) {
|
||||
error($config['error']['nomove']);
|
||||
}
|
||||
|
||||
chmod($file['file'], 0644);
|
||||
} elseif (!@move_uploaded_file($file['tmp_name'], $file['file']))
|
||||
} elseif (!@move_uploaded_file($file['tmp_name'], $file['file'])) {
|
||||
error($config['error']['nomove']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($config['image_reject_repost']) {
|
||||
if ($p = getPostByHash($post['filehash'])) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue