From 80395ab48cf8a1c2a20173ca2b7ccf0117973d11 Mon Sep 17 00:00:00 2001
From: joshuaruesweg <ruesweg@woltlab.com>
Date: Fri, 5 Mar 2021 13:40:53 +0100
Subject: [PATCH] Prevent downloading incomplete images

---
 .../background/job/UnfurlUrlBackgroundJob.class.php | 13 ++++++++-----
 .../system/message/unfurl/UnfurlResponse.class.php  |  1 -
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
index 7dd5bb933e..c888b89d5c 100644
--- a/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
+++ b/wcfsetup/install/files/lib/system/background/job/UnfurlUrlBackgroundJob.class.php
@@ -128,14 +128,17 @@ final class UnfurlUrlBackgroundJob extends AbstractBackgroundJob
     private function downloadImage(Response $imageResponse): string
     {
         $image = "";
-        while (!$imageResponse->getBody()->eof()) {
-            $image .= $imageResponse->getBody()->read(8192);
+        try {
+            while (!$imageResponse->getBody()->eof()) {
+                $image .= $imageResponse->getBody()->read(8192);
 
-            if ($imageResponse->getBody()->tell() >= UnfurlResponse::MAX_IMAGE_SIZE) {
-                break;
+                if ($imageResponse->getBody()->tell() >= UnfurlResponse::MAX_IMAGE_SIZE) {
+                    throw new DownloadFailed("Image is too large.");
+                }
             }
+        } finally {
+            $imageResponse->getBody()->close();
         }
-        $imageResponse->getBody()->close();
 
         return $image;
     }
diff --git a/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php b/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php
index 265a04fbb0..6f0f7b9ff9 100644
--- a/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php
+++ b/wcfsetup/install/files/lib/system/message/unfurl/UnfurlResponse.class.php
@@ -292,7 +292,6 @@ final class UnfurlResponse
         try {
             $request = new Request('GET', $this->getImageUrl(), [
                 'accept' => 'image/*',
-                'range' => 'bytes=0-' . (self::MAX_IMAGE_SIZE - 1),
             ]);
 
             return self::getHttpClient()->send($request);
-- 
2.20.1