From: joshuaruesweg Date: Fri, 5 Mar 2021 12:40:53 +0000 (+0100) Subject: Prevent downloading incomplete images X-Git-Tag: 5.4.0_Alpha_1~146^2~22 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=80395ab48cf8a1c2a20173ca2b7ccf0117973d11;p=GitHub%2FWoltLab%2FWCF.git Prevent downloading incomplete images --- diff --git a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php index 7dd5bb933e..c888b89d5c 100644 --- a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php +++ b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php @@ -128,14 +128,17 @@ final class UnfurlUrlBackgroundJob extends AbstractBackgroundJob private function downloadImage(Response $imageResponse): string { $image = ""; - while (!$imageResponse->getBody()->eof()) { - $image .= $imageResponse->getBody()->read(8192); + try { + while (!$imageResponse->getBody()->eof()) { + $image .= $imageResponse->getBody()->read(8192); - if ($imageResponse->getBody()->tell() >= UnfurlResponse::MAX_IMAGE_SIZE) { - break; + if ($imageResponse->getBody()->tell() >= UnfurlResponse::MAX_IMAGE_SIZE) { + throw new DownloadFailed("Image is too large."); + } } + } finally { + $imageResponse->getBody()->close(); } - $imageResponse->getBody()->close(); return $image; } diff --git a/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php b/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php index 265a04fbb0..6f0f7b9ff9 100644 --- a/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php +++ b/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php @@ -292,7 +292,6 @@ final class UnfurlResponse try { $request = new Request('GET', $this->getImageUrl(), [ 'accept' => 'image/*', - 'range' => 'bytes=0-' . (self::MAX_IMAGE_SIZE - 1), ]); return self::getHttpClient()->send($request);