projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab4b85b)
Prevent downloading incomplete images
authorjoshuaruesweg <ruesweg@woltlab.com>
Fri, 5 Mar 2021 12:40:53 +0000 (13:40 +0100)
committerjoshuaruesweg <ruesweg@woltlab.com>
Tue, 16 Mar 2021 15:19:14 +0000 (16:19 +0100)
wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php patch | blob | blame | history
wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
index 7dd5bb933ef4bed23347630d2570add2245b8e80..c888b89d5c1465a6c1b0d3a396232c3402a222db 100644 (file)
--- a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
+++ b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
@@ -128,14 +128,17 @@ final class UnfurlUrlBackgroundJob extends AbstractBackgroundJob
     private function downloadImage(Response $imageResponse): string
     {
         $image = "";
-        while (!$imageResponse->getBody()->eof()) {
-            $image .= $imageResponse->getBody()->read(8192);
+        try {
+            while (!$imageResponse->getBody()->eof()) {
+                $image .= $imageResponse->getBody()->read(8192);
 
-            if ($imageResponse->getBody()->tell() >= UnfurlResponse::MAX_IMAGE_SIZE) {
-                break;
+                if ($imageResponse->getBody()->tell() >= UnfurlResponse::MAX_IMAGE_SIZE) {
+                    throw new DownloadFailed("Image is too large.");
+                }
             }
+        } finally {
+            $imageResponse->getBody()->close();
         }
-        $imageResponse->getBody()->close();
 
         return $image;
     }
diff --git a/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php b/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php
index 265a04fbb077641458ee33cdc1e57b12a32fcf26..6f0f7b9ff9af1d7e04578631fe8f8223337b4e69 100644 (file)
--- a/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php
+++ b/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php
@@ -292,7 +292,6 @@ final class UnfurlResponse
         try {
             $request = new Request('GET', $this->getImageUrl(), [
                 'accept' => 'image/*',
-                'range' => 'bytes=0-' . (self::MAX_IMAGE_SIZE - 1),
             ]);
 
             return self::getHttpClient()->send($request);
WoltLab Suite Core (previously WoltLab Community Framework)