From ee2ec49e030e9eaf44b4f5de7b122e3a88393daa Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Wed, 28 Apr 2021 10:49:32 +0200 Subject: [PATCH] Do not trust the source database in MediaImporter Resolves #4154 --- .../system/importer/MediaImporter.class.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php b/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php index 04de79079e..fa843cae48 100644 --- a/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php +++ b/wcfsetup/install/files/lib/system/importer/MediaImporter.class.php @@ -9,6 +9,7 @@ use wcf\system\exception\SystemException; use wcf\system\language\LanguageFactory; use wcf\system\upload\DefaultUploadFileSaveStrategy; use wcf\system\WCF; +use wcf\util\FileUtil; /** * Imports cms media. @@ -40,6 +41,24 @@ class MediaImporter extends AbstractImporter return 0; } + // Extract metadata from the file ourselves, because the + // information pulled from the source database might not + // be reliable. + $data['fileHash'] = \sha1_file($additionalData['fileLocation']); + $data['filesize'] = \filesize($additionalData['fileLocation']); + $data['fileType'] = FileUtil::getMimeType($additionalData['fileLocation']); + + $imageData = @\getimagesize($additionalData['fileLocation']); + if ($imageData !== false) { + $data['isImage'] = 1; + $data['width'] = $imageData[0]; + $data['height'] = $imageData[1]; + } else { + $data['isImage'] = 0; + $data['width'] = 0; + $data['height'] = 0; + } + $data['userID'] = ImportHandler::getInstance()->getNewID('com.woltlab.wcf.user', $data['userID']); $contents = []; -- 2.20.1