From 49b17cbecb99bc52461f0410c6cb0626128120c8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Mon, 20 Apr 2015 20:27:13 +0200 Subject: [PATCH] Add missing sanity checks to UserAvatarAction::fetchRemoteAvatar() --- .../data/user/avatar/UserAvatarAction.class.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php b/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php index 939d1674a3..7ff3500bd9 100644 --- a/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php +++ b/wcfsetup/install/files/lib/data/user/avatar/UserAvatarAction.class.php @@ -178,6 +178,9 @@ class UserAvatarAction extends AbstractDatabaseObjectAction { $reply = $request->getReply(); $filename = FileUtil::getTemporaryFilename('avatar_'); file_put_contents($filename, $reply['body']); + + $imageData = getimagesize($filename); + if ($imageData === false) throw new SystemException('Downloaded file is not an image'); } catch (\Exception $e) { if (!empty($filename)) { @@ -191,15 +194,25 @@ class UserAvatarAction extends AbstractDatabaseObjectAction { $newFilename = $this->enforceDimensions($filename); if ($newFilename !== $filename) @unlink($filename); $filename = $newFilename; + + $imageData = getimagesize($filename); + if ($imageData === false) throw new SystemException('Rescaled file is not an image'); } catch (\Exception $e) { @unlink($filename); return; } - $imageData = getimagesize($filename); $tmp = parse_url($this->parameters['url']); + if (!isset($tmp['path'])) { + @unlink($filename); + return; + } $tmp = pathinfo($tmp['path']); + if (!isset($tmp['basename']) || !isset($tmp['extension'])) { + @unlink($filename); + return; + } $data = array( 'avatarName' => $tmp['basename'], -- 2.20.1