Add static function to check, whether a given file is an image
authorJoshua Rüsweg <josh@bastelstu.be>
Tue, 5 Feb 2019 10:59:50 +0000 (11:59 +0100)
committerJoshua Rüsweg <josh@bastelstu.be>
Tue, 5 Feb 2019 10:59:50 +0000 (11:59 +0100)
See #2825

wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php
wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php

index b8dfbfd9189827d161658e8005cd73cf1b5d7405..d04d16bf83414332e776ce8fdfa3fd4f641a63fd 100644 (file)
@@ -87,24 +87,8 @@ class AJAXFileUploadAction extends AbstractSecureAction {
                $field = UploadHandler::getInstance()->getFieldByInternalId($this->internalId);
                
                foreach ($_FILES['__files']['tmp_name'] as $id => $tmpName) {
-                       if ($field->isImageOnly()) {
+                       if ($field->isImageOnly() && !UploadHandler::isValidImage($tmpName, $_FILES['__files']['name'][$id], $field->svgImageAllowed())) {
                                if (@getimagesize($tmpName) === false) {
-                                       if (!$field->svgImageAllowed() || !in_array(FileUtil::getMimeType($tmpName), [
-                                                       'image/svg',
-                                                       'image/svg+xml'
-                                               ])) {
-                                               $response['error'][$i++] = [
-                                                       'filename' => $_FILES['__files']['name'][$id],
-                                                       'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
-                                               ];
-                                               continue;
-                                       }
-                               }
-                               
-                               $allowedExtensions = ['jpeg', 'jpg', 'png', 'gif'];
-                               if ($field->svgImageAllowed()) $allowedExtensions[] = 'svg';
-                               
-                               if (!in_array(pathinfo($_FILES['__files']['name'][$id], PATHINFO_EXTENSION), $allowedExtensions)) {
                                        $response['error'][$i++] = [
                                                'filename' => $_FILES['__files']['name'][$id],
                                                'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
index e71187b0f7643e441f2cf5fb9de6ccf6a931a1be..69a07cb51810da2550543c69c3549a80570568c6 100644 (file)
@@ -3,6 +3,7 @@ namespace wcf\system\file\upload;
 use wcf\system\exception\ImplementationException;
 use wcf\system\SingletonFactory;
 use wcf\system\WCF;
+use wcf\util\FileUtil;
 use wcf\util\StringUtil;
 
 /**
@@ -21,6 +22,12 @@ class UploadHandler extends SingletonFactory {
         */
        const UPLOAD_HANDLER_SESSION_VAR = 'file_upload_handler_storage';
        
+       /**
+        * Contains the valid image extensions w/o svg.
+        * var string
+        */
+       const VALID_IMAGE_EXTENSIONS = ['jpeg', 'jpg', 'png', 'gif'];
+       
        /**
         * Contains the registered upload fields. 
         * 
@@ -417,4 +424,28 @@ class UploadHandler extends SingletonFactory {
                
                WCF::getSession()->register(self::UPLOAD_HANDLER_SESSION_VAR, $storage);
        }
+       
+       /**
+        * Returns true, iff the given location contains an image. 
+        * 
+        * @param       string          $location
+        * @param       string          $imageName
+        * @param       bool            $svgImageAllowed
+        * @return      bool
+        */
+       public static function isValidImage($location, $imageName, $svgImageAllowed) {
+               if (!file_exists($location)) {
+                       return false;
+               }
+               
+               if (@getimagesize($location) === false && (!$svgImageAllowed || !in_array(FileUtil::getMimeType($location), ['image/svg', 'image/svg+xml']))) {
+                       return false; 
+               }
+               
+               if (!in_array(pathinfo($imageName, PATHINFO_EXTENSION), array_merge(self::VALID_IMAGE_EXTENSIONS, $svgImageAllowed ? ['svg'] : []))) {
+                       return false;
+               }
+               
+               return true;
+       }
 }