Ticket #1906: 1906.patch
| File 1906.patch, 2.3 kB (added by wwalc, 4 months ago) |
|---|
-
editor/filemanager/connectors/php/commands.php
184 184 185 185 if ( isset( $Config['SecureImageUploads'] ) ) 186 186 { 187 if ( !IsImageValid( $oFile['tmp_name'], $sExtension ))187 if ( ( $isImageValid = IsImageValid( $oFile['tmp_name'], $sExtension ) ) === false ) 188 188 { 189 189 $sErrorNumber = '202' ; 190 190 } … … 192 192 193 193 if ( isset( $Config['HtmlExtensions'] ) ) 194 194 { 195 if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && DetectHtml( $oFile['tmp_name'] ) ) 195 if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && 196 ( $detectHtml = DetectHtml( $oFile['tmp_name'] ) ) === true ) 196 197 { 197 198 $sErrorNumber = '202' ; 198 199 } … … 227 228 break ; 228 229 } 229 230 } 231 232 if ( file_exists( $sFilePath ) ) 233 { 234 //previous checks failed, try once again 235 if ( isset( $isImageValid ) && $isImageValid === -1 && IsImageValid( $sFilePath, $sExtension ) === false ) 236 { 237 @unlink( $sFilePath ) ; 238 $sErrorNumber = '202' ; 239 } 240 if ( isset( $detectHtml ) && $detectHtml === -1 && DetectHtml( $sFilePath ) === true ) 241 { 242 @unlink( $sFilePath ) ; 243 $sErrorNumber = '202' ; 244 } 245 } 230 246 } 231 247 else 232 248 $sErrorNumber = '202' ; -
editor/filemanager/connectors/php/util.php
86 86 */ 87 87 function DetectHtml( $filePath ) 88 88 { 89 $fp = fopen( $filePath, 'rb' ) ; 89 $fp = @fopen( $filePath, 'rb' ) ; 90 91 //open_basedir restriction, see #1906 92 if ( $fp === false || !flock( $fp, LOCK_SH ) ) 93 { 94 return -1 ; 95 } 96 90 97 $chunk = fread( $fp, 1024 ) ; 98 flock( $fp, LOCK_UN ) ; 91 99 fclose( $fp ) ; 92 100 93 101 $chunk = strtolower( $chunk ) ; … … 149 157 */ 150 158 function IsImageValid( $filePath, $extension ) 151 159 { 160 if (!@is_readable($filePath)) { 161 return -1; 162 } 163 152 164 $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff'); 153 165 154 166 // version_compare is available since PHP4 >= 4.0.7
