From 86779952c76738f3b591278478ac50afd4643b11 Mon Sep 17 00:00:00 2001 From: Matthias Schmidt Date: Thu, 6 Aug 2015 19:39:44 +0200 Subject: [PATCH] Improve image proxy implementation --- .../lib/action/ImageProxyAction.class.php | 23 +++++++++---------- .../lib/system/bbcode/ImageBBCode.class.php | 2 +- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php index ce138aa9d2..8ce807f638 100644 --- a/wcfsetup/install/files/lib/action/ImageProxyAction.class.php +++ b/wcfsetup/install/files/lib/action/ImageProxyAction.class.php @@ -4,6 +4,7 @@ use wcf\system\exception\IllegalLinkException; use wcf\system\exception\SystemException; use wcf\util\FileUtil; use wcf\util\HTTPRequest; +use wcf\util\PasswordUtil; use wcf\util\StringUtil; /** @@ -35,7 +36,7 @@ class ImageProxyAction extends AbstractAction { public function readParameters() { parent::readParameters(); - if (isset($_REQUEST['url'])) $this->url = urldecode(StringUtil::trim($_REQUEST['url'])); + if (isset($_REQUEST['url'])) $this->url = rawurldecode(StringUtil::trim($_REQUEST['url'])); if (isset($_REQUEST['hash'])) $this->hash = StringUtil::trim($_REQUEST['hash']); } @@ -46,39 +47,37 @@ class ImageProxyAction extends AbstractAction { parent::execute(); $hash = sha1(IMAGE_PROXY_SECRET.$this->url); - if ($this->hash != $hash) { + if (!PasswordUtil::secureCompare($this->hash, $hash)) { throw new IllegalLinkException(); } try { $request = new HTTPRequest($this->url); $request->execute(); - $reply = $request->getReply(); + $image = $request->getReply()['body']; - $fileExtension = ''; - if (($position = mb_strrpos($this->url, '.')) !== false) { - $fileExtension = mb_strtolower(mb_substr($this->url, $position + 1)); - } - - // check if requested content is image - if (!isset($reply['headers']['Content-Type']) || !StringUtil::startsWith($reply['headers']['Content-Type'], 'image/')) { + // check if image is linked + // TODO: handle SVGs + $imageData = getimagesizefromstring($image); + if (!$imageData) { throw new IllegalLinkException(); } // save image + $fileExtension = pathinfo($this->url, PATHINFO_EXTENSION); $fileLocation = WCF_DIR.'images/proxy/'.substr($hash, 0, 2).'/'.$hash.($fileExtension ? '.'.$fileExtension : ''); $dir = dirname($fileLocation); if (!@file_exists($dir)) { FileUtil::makePath($dir, 0777); } - file_put_contents($fileLocation, $reply['body']); + file_put_contents($fileLocation, $image); // update mtime for correct expiration calculation @touch($fileLocation); $this->executed(); - @header('Content-Type: '.$reply['headers']['Content-Type']); + @header('Content-Type: '.$imageData['mime']); @readfile($fileLocation); exit; } diff --git a/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php b/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php index 44172ebad8..f4a4b6c18d 100644 --- a/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php +++ b/wcfsetup/install/files/lib/system/bbcode/ImageBBCode.class.php @@ -84,7 +84,7 @@ class ImageBBCode extends AbstractBBCode { return LinkHandler::getInstance()->getLink('ImageProxy', [ 'hash' => $hash, - 'url' => urlencode($link) + 'url' => rawurlencode($link) ]); } } -- 2.20.1