From 3e7abe561f223b04ddcdabcac4df5d964f1eefb7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Joshua=20R=C3=BCsweg?= Date: Tue, 5 Feb 2019 11:59:50 +0100 Subject: [PATCH] Add static function to check, whether a given file is an image See #2825 --- .../lib/action/AJAXFileUploadAction.class.php | 18 +---------- .../file/upload/UploadHandler.class.php | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+), 17 deletions(-) diff --git a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php index b8dfbfd918..d04d16bf83 100644 --- a/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php +++ b/wcfsetup/install/files/lib/action/AJAXFileUploadAction.class.php @@ -87,24 +87,8 @@ class AJAXFileUploadAction extends AbstractSecureAction { $field = UploadHandler::getInstance()->getFieldByInternalId($this->internalId); foreach ($_FILES['__files']['tmp_name'] as $id => $tmpName) { - if ($field->isImageOnly()) { + if ($field->isImageOnly() && !UploadHandler::isValidImage($tmpName, $_FILES['__files']['name'][$id], $field->svgImageAllowed())) { if (@getimagesize($tmpName) === false) { - if (!$field->svgImageAllowed() || !in_array(FileUtil::getMimeType($tmpName), [ - 'image/svg', - 'image/svg+xml' - ])) { - $response['error'][$i++] = [ - 'filename' => $_FILES['__files']['name'][$id], - 'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage') - ]; - continue; - } - } - - $allowedExtensions = ['jpeg', 'jpg', 'png', 'gif']; - if ($field->svgImageAllowed()) $allowedExtensions[] = 'svg'; - - if (!in_array(pathinfo($_FILES['__files']['name'][$id], PATHINFO_EXTENSION), $allowedExtensions)) { $response['error'][$i++] = [ 'filename' => $_FILES['__files']['name'][$id], 'errorMessage' => WCF::getLanguage()->get('wcf.upload.error.noImage') diff --git a/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php b/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php index e71187b0f7..69a07cb518 100644 --- a/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php +++ b/wcfsetup/install/files/lib/system/file/upload/UploadHandler.class.php @@ -3,6 +3,7 @@ namespace wcf\system\file\upload; use wcf\system\exception\ImplementationException; use wcf\system\SingletonFactory; use wcf\system\WCF; +use wcf\util\FileUtil; use wcf\util\StringUtil; /** @@ -21,6 +22,12 @@ class UploadHandler extends SingletonFactory { */ const UPLOAD_HANDLER_SESSION_VAR = 'file_upload_handler_storage'; + /** + * Contains the valid image extensions w/o svg. + * var string + */ + const VALID_IMAGE_EXTENSIONS = ['jpeg', 'jpg', 'png', 'gif']; + /** * Contains the registered upload fields. * @@ -417,4 +424,28 @@ class UploadHandler extends SingletonFactory { WCF::getSession()->register(self::UPLOAD_HANDLER_SESSION_VAR, $storage); } + + /** + * Returns true, iff the given location contains an image. + * + * @param string $location + * @param string $imageName + * @param bool $svgImageAllowed + * @return bool + */ + public static function isValidImage($location, $imageName, $svgImageAllowed) { + if (!file_exists($location)) { + return false; + } + + if (@getimagesize($location) === false && (!$svgImageAllowed || !in_array(FileUtil::getMimeType($location), ['image/svg', 'image/svg+xml']))) { + return false; + } + + if (!in_array(pathinfo($imageName, PATHINFO_EXTENSION), array_merge(self::VALID_IMAGE_EXTENSIONS, $svgImageAllowed ? ['svg'] : []))) { + return false; + } + + return true; + } } -- 2.20.1