From: Alexander Ebert <ebert@woltlab.com>
Date: Tue, 23 Jul 2019 13:18:35 +0000 (+0200)
Subject: Prevent WebP images being uploaded for avatars
X-Git-Tag: 5.2.0_Alpha_3~15
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e7261e0c05fa97a2aa502d1c521662a43cb5703e;p=GitHub%2FWoltLab%2FWCF.git

Prevent WebP images being uploaded for avatars

See #2838
---

diff --git a/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php b/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php
index 3cc64222da..a5b52ec19d 100644
--- a/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php
+++ b/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php
@@ -25,6 +25,14 @@ class AvatarUploadFileValidationStrategy extends DefaultUploadFileValidationStra
 				$uploadFile->setValidationErrorType('tooSmall');
 				return false;
 			}
+			else if ($imageData[2] === IMAGETYPE_WEBP) {
+				// Reject WebP images regardless of any file extension restriction, they are
+				// neither supported in Safari nor in Internet Explorer 11. We can safely lift
+				// this restriction once Apple implements the support or if any sort of fall-
+				// back mechanism is implemented: https://github.com/WoltLab/WCF/issues/2838
+				$uploadFile->setValidationErrorType('invalidExtension');
+				return false;
+			}
 		}
 		catch (SystemException $e) {
 			if (ENABLE_DEBUG_MODE) {