From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Wed, 28 Apr 2021 08:49:32 +0000 (+0200)
Subject: Do not trust the source database in MediaImporter
X-Git-Tag: 5.4.0_Alpha_1~32^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=ee2ec49e030e9eaf44b4f5de7b122e3a88393daa;p=GitHub%2FWoltLab%2FWCF.git

Do not trust the source database in MediaImporter

Resolves #4154
---

diff --git a/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php b/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php
index 04de79079e..fa843cae48 100644
--- a/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php
+++ b/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php
@@ -9,6 +9,7 @@ use wcf\system\exception\SystemException;
 use wcf\system\language\LanguageFactory;
 use wcf\system\upload\DefaultUploadFileSaveStrategy;
 use wcf\system\WCF;
+use wcf\util\FileUtil;
 
 /**
  * Imports cms media.
@@ -40,6 +41,24 @@ class MediaImporter extends AbstractImporter
             return 0;
         }
 
+        // Extract metadata from the file ourselves, because the
+        // information pulled from the source database might not
+        // be reliable.
+        $data['fileHash'] = \sha1_file($additionalData['fileLocation']);
+        $data['filesize'] = \filesize($additionalData['fileLocation']);
+        $data['fileType'] = FileUtil::getMimeType($additionalData['fileLocation']);
+
+        $imageData = @\getimagesize($additionalData['fileLocation']);
+        if ($imageData !== false) {
+            $data['isImage'] = 1;
+            $data['width'] = $imageData[0];
+            $data['height'] = $imageData[1];
+        } else {
+            $data['isImage'] = 0;
+            $data['width'] = 0;
+            $data['height'] = 0;
+        }
+
         $data['userID'] = ImportHandler::getInstance()->getNewID('com.woltlab.wcf.user', $data['userID']);
 
         $contents = [];