Do not trust the source database in MediaImporter

Resolves #4154

diff --git a/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php b/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php
index 04de79079e1a935fc454b9d4b7d11fbcc3ccf1ab..fa843cae481b5f0307d313ffa59c7e4330a23fd4 100644 (file)
--- a/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php
+++ b/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php
@@ -9,6 +9,7 @@ use wcf\system\exception\SystemException;
 use wcf\system\language\LanguageFactory;
 use wcf\system\upload\DefaultUploadFileSaveStrategy;
 use wcf\system\WCF;
+use wcf\util\FileUtil;
 
 /**
  * Imports cms media.
@@ -40,6 +41,24 @@ class MediaImporter extends AbstractImporter
             return 0;
         }
 
+        // Extract metadata from the file ourselves, because the
+        // information pulled from the source database might not
+        // be reliable.
+        $data['fileHash'] = \sha1_file($additionalData['fileLocation']);
+        $data['filesize'] = \filesize($additionalData['fileLocation']);
+        $data['fileType'] = FileUtil::getMimeType($additionalData['fileLocation']);
+
+        $imageData = @\getimagesize($additionalData['fileLocation']);
+        if ($imageData !== false) {
+            $data['isImage'] = 1;
+            $data['width'] = $imageData[0];
+            $data['height'] = $imageData[1];
+        } else {
+            $data['isImage'] = 0;
+            $data['width'] = 0;
+            $data['height'] = 0;
+        }
+
         $data['userID'] = ImportHandler::getInstance()->getNewID('com.woltlab.wcf.user', $data['userID']);
 
         $contents = [];