From: Matthias Schmidt <gravatronics@live.com>
Date: Thu, 6 Aug 2015 17:39:44 +0000 (+0200)
Subject: Improve image proxy implementation
X-Git-Tag: 3.0.0_Beta_1~2143^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=86779952c76738f3b591278478ac50afd4643b11;p=GitHub%2FWoltLab%2FWCF.git

Improve image proxy implementation
---

diff --git a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
index ce138aa9d2..8ce807f638 100644
--- a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
+++ b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php
@@ -4,6 +4,7 @@ use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\SystemException;
 use wcf\util\FileUtil;
 use wcf\util\HTTPRequest;
+use wcf\util\PasswordUtil;
 use wcf\util\StringUtil;
 
 /**
@@ -35,7 +36,7 @@ class ImageProxyAction extends AbstractAction {
 	public function readParameters() {
 		parent::readParameters();
 		
-		if (isset($_REQUEST['url'])) $this->url = urldecode(StringUtil::trim($_REQUEST['url']));
+		if (isset($_REQUEST['url'])) $this->url = rawurldecode(StringUtil::trim($_REQUEST['url']));
 		if (isset($_REQUEST['hash'])) $this->hash = StringUtil::trim($_REQUEST['hash']);
 	}
 	
@@ -46,39 +47,37 @@ class ImageProxyAction extends AbstractAction {
 		parent::execute();
 		
 		$hash = sha1(IMAGE_PROXY_SECRET.$this->url);
-		if ($this->hash != $hash) {
+		if (!PasswordUtil::secureCompare($this->hash, $hash)) {
 			throw new IllegalLinkException();
 		}
 		
 		try {
 			$request = new HTTPRequest($this->url);
 			$request->execute();
-			$reply = $request->getReply();
+			$image = $request->getReply()['body'];
 			
-			$fileExtension = '';
-			if (($position = mb_strrpos($this->url, '.')) !== false) {
-				$fileExtension = mb_strtolower(mb_substr($this->url, $position + 1));
-			}
-			
-			// check if requested content is image
-			if (!isset($reply['headers']['Content-Type']) || !StringUtil::startsWith($reply['headers']['Content-Type'], 'image/')) {
+			// check if image is linked
+			// TODO: handle SVGs
+			$imageData = getimagesizefromstring($image);
+			if (!$imageData) {
 				throw new IllegalLinkException();
 			}
 			
 			// save image
+			$fileExtension = pathinfo($this->url, PATHINFO_EXTENSION);
 			$fileLocation = WCF_DIR.'images/proxy/'.substr($hash, 0, 2).'/'.$hash.($fileExtension ? '.'.$fileExtension : '');
 			$dir = dirname($fileLocation);
 			if (!@file_exists($dir)) {
 				FileUtil::makePath($dir, 0777);
 			}
-			file_put_contents($fileLocation, $reply['body']);
+			file_put_contents($fileLocation, $image);
 			
 			// update mtime for correct expiration calculation
 			@touch($fileLocation);
 			
 			$this->executed();
 			
-			@header('Content-Type: '.$reply['headers']['Content-Type']);
+			@header('Content-Type: '.$imageData['mime']);
 			@readfile($fileLocation);
 			exit;
 		}
diff --git a/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php
index 44172ebad8..f4a4b6c18d 100644
--- a/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php
+++ b/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php
@@ -84,7 +84,7 @@ class ImageBBCode extends AbstractBBCode {
 		
 		return LinkHandler::getInstance()->getLink('ImageProxy', [
 			'hash' => $hash,
-			'url' => urlencode($link)
+			'url' => rawurlencode($link)
 		]);
 	}
 }