From: Alexander Ebert Date: Tue, 23 Jul 2019 13:18:35 +0000 (+0200) Subject: Prevent WebP images being uploaded for avatars X-Git-Tag: 5.2.0_Alpha_3~15 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e7261e0c05fa97a2aa502d1c521662a43cb5703e;p=GitHub%2FWoltLab%2FWCF.git Prevent WebP images being uploaded for avatars See #2838 --- diff --git a/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php b/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php index 3cc64222da..a5b52ec19d 100644 --- a/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php +++ b/wcfsetup/install/files/lib/system/upload/AvatarUploadFileValidationStrategy.class.php @@ -25,6 +25,14 @@ class AvatarUploadFileValidationStrategy extends DefaultUploadFileValidationStra $uploadFile->setValidationErrorType('tooSmall'); return false; } + else if ($imageData[2] === IMAGETYPE_WEBP) { + // Reject WebP images regardless of any file extension restriction, they are + // neither supported in Safari nor in Internet Explorer 11. We can safely lift + // this restriction once Apple implements the support or if any sort of fall- + // back mechanism is implemented: https://github.com/WoltLab/WCF/issues/2838 + $uploadFile->setValidationErrorType('invalidExtension'); + return false; + } } catch (SystemException $e) { if (ENABLE_DEBUG_MODE) {