Restricted isImage for files which are natively displayable by browsers
authorAlexander Ebert <ebert@woltlab.com>
Thu, 3 Apr 2014 15:54:31 +0000 (17:54 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Thu, 3 Apr 2014 15:54:31 +0000 (17:54 +0200)
This prevents other files (e.g. PSD, image/psd) from being passed to GD which cannot handle them at all.

wcfsetup/install/files/lib/data/attachment/AttachmentAction.class.php

index 792ec8f87228e6b4c81ef318fb30d89765c020a5..fac396da48ef2dde7bce94fc28070f2c4c6cca31 100644 (file)
@@ -145,10 +145,13 @@ class AttachmentAction extends AbstractDatabaseObjectAction {
                        
                        // get image data
                        if (($imageData = $file->getImageData()) !== null) {
-                               $data['isImage'] = 1;
                                $data['width'] = $imageData['width'];
                                $data['height'] = $imageData['height'];
                                $data['fileType'] = $imageData['mimeType'];
+                               
+                               if (preg_match('~^image/(gif|jpe?g|png)$~i', $data['fileType'])) {
+                                       $data['isImage'] = 1;
+                               }
                        }
                        
                        // create attachment