$field = UploadHandler::getInstance()->getFieldByInternalId($this->internalId);
foreach ($_FILES['__files']['tmp_name'] as $id => $tmpName) {
- if ($field->isImageOnly()) {
+ if ($field->isImageOnly() && !UploadHandler::isValidImage($tmpName, $_FILES['__files']['name'][$id], $field->svgImageAllowed())) {
if (@getimagesize($tmpName) === false) {
- if (!$field->svgImageAllowed() || !in_array(FileUtil::getMimeType($tmpName), [
- 'image/svg',
- 'image/svg+xml'
- ])) {
- $response['error'][$i++] = [
- 'filename' => $_FILES['__files']['name'][$id],
- 'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
- ];
- continue;
- }
- }
-
- $allowedExtensions = ['jpeg', 'jpg', 'png', 'gif'];
- if ($field->svgImageAllowed()) $allowedExtensions[] = 'svg';
-
- if (!in_array(pathinfo($_FILES['__files']['name'][$id], PATHINFO_EXTENSION), $allowedExtensions)) {
$response['error'][$i++] = [
'filename' => $_FILES['__files']['name'][$id],
'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage')
use wcf\system\exception\ImplementationException;
use wcf\system\SingletonFactory;
use wcf\system\WCF;
+use wcf\util\FileUtil;
use wcf\util\StringUtil;
/**
*/
const UPLOAD_HANDLER_SESSION_VAR = 'file_upload_handler_storage';
+ /**
+ * Contains the valid image extensions w/o svg.
+ * var string
+ */
+ const VALID_IMAGE_EXTENSIONS = ['jpeg', 'jpg', 'png', 'gif'];
+
/**
* Contains the registered upload fields.
*
WCF::getSession()->register(self::UPLOAD_HANDLER_SESSION_VAR, $storage);
}
+
+ /**
+ * Returns true, iff the given location contains an image.
+ *
+ * @param string $location
+ * @param string $imageName
+ * @param bool $svgImageAllowed
+ * @return bool
+ */
+ public static function isValidImage($location, $imageName, $svgImageAllowed) {
+ if (!file_exists($location)) {
+ return false;
+ }
+
+ if (@getimagesize($location) === false && (!$svgImageAllowed || !in_array(FileUtil::getMimeType($location), ['image/svg', 'image/svg+xml']))) {
+ return false;
+ }
+
+ if (!in_array(pathinfo($imageName, PATHINFO_EXTENSION), array_merge(self::VALID_IMAGE_EXTENSIONS, $svgImageAllowed ? ['svg'] : []))) {
+ return false;
+ }
+
+ return true;
+ }
}