From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Mon, 20 Apr 2015 18:27:13 +0000 (+0200)
Subject: Add missing sanity checks to UserAvatarAction::fetchRemoteAvatar()
X-Git-Tag: 2.1.4~37^2~2^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=49b17cbecb99bc52461f0410c6cb0626128120c8;p=GitHub%2FWoltLab%2FWCF.git

Add missing sanity checks to UserAvatarAction::fetchRemoteAvatar()
---

diff --git a/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php b/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php
index 939d1674a3..7ff3500bd9 100644
--- a/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php
@@ -178,6 +178,9 @@ class UserAvatarAction extends AbstractDatabaseObjectAction {
 			$reply = $request->getReply();
 			$filename = FileUtil::getTemporaryFilename('avatar_');
 			file_put_contents($filename, $reply['body']);
+			
+			$imageData = getimagesize($filename);
+			if ($imageData === false) throw new SystemException('Downloaded file is not an image');
 		}
 		catch (\Exception $e) {
 			if (!empty($filename)) {
@@ -191,15 +194,25 @@ class UserAvatarAction extends AbstractDatabaseObjectAction {
 			$newFilename = $this->enforceDimensions($filename);
 			if ($newFilename !== $filename) @unlink($filename);
 			$filename = $newFilename;
+			
+			$imageData = getimagesize($filename);
+			if ($imageData === false) throw new SystemException('Rescaled file is not an image');
 		}
 		catch (\Exception $e) {
 			@unlink($filename);
 			return;
 		}
 		
-		$imageData = getimagesize($filename);
 		$tmp = parse_url($this->parameters['url']);
+		if (!isset($tmp['path'])) {
+			@unlink($filename);
+			return;
+		}
 		$tmp = pathinfo($tmp['path']);
+		if (!isset($tmp['basename']) || !isset($tmp['extension'])) {
+			@unlink($filename);
+			return;
+		}
 		
 		$data = array(
 			'avatarName' => $tmp['basename'],