Better upload handling (don't move file before handling it)
This commit is contained in:
parent
fb5fc04599
commit
c136d44894
@ -216,8 +216,7 @@
|
||||
public function init() {
|
||||
global $config;
|
||||
|
||||
$this->temp = tempnam($config['tmp'], 'imagick');
|
||||
|
||||
$this->temp = false;
|
||||
}
|
||||
public function from() {
|
||||
$size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]')));
|
||||
@ -232,8 +231,13 @@
|
||||
}
|
||||
}
|
||||
public function to($src) {
|
||||
rename($this->temp, $src);
|
||||
chmod($src, 0664);
|
||||
if(!$this->temp) {
|
||||
// $config['redraw_image']
|
||||
shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src));
|
||||
} else {
|
||||
rename($this->temp, $src);
|
||||
chmod($src, 0664);
|
||||
}
|
||||
}
|
||||
public function width() {
|
||||
return $this->width;
|
||||
@ -243,10 +247,18 @@
|
||||
}
|
||||
public function destroy() {
|
||||
@unlink($this->temp);
|
||||
$this->temp = false;
|
||||
}
|
||||
public function resize() {
|
||||
global $config;
|
||||
|
||||
if($this->temp) {
|
||||
// remove old
|
||||
$this->destroy();
|
||||
}
|
||||
|
||||
$this->temp = tempnam($config['tmp'], 'imagick');
|
||||
|
||||
$quality = $config['thumb_quality'] * 10;
|
||||
|
||||
if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp))
|
||||
|
28
post.php
28
post.php
@ -455,15 +455,18 @@
|
||||
|
||||
// Truncate filename if it is too long
|
||||
$post['filename'] = substr($post['filename'], 0, $config['max_filename_len']);
|
||||
// Move the uploaded file
|
||||
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
|
||||
|
||||
$post['filehash'] = $config['file_hash']($post['file']);
|
||||
$post['filesize'] = filesize($post['file']);
|
||||
$upload = $_FILES['file']['tmp_name'];
|
||||
|
||||
if(!is_readable($upload))
|
||||
error($config['error']['nomove']);
|
||||
|
||||
$post['filehash'] = $config['file_hash']($upload);
|
||||
$post['filesize'] = filesize($upload);
|
||||
|
||||
if($is_an_image) {
|
||||
// Check IE MIME type detection XSS exploit
|
||||
$buffer = file_get_contents($post['file'], null, null, null, 255);
|
||||
$buffer = file_get_contents($upload, null, null, null, 255);
|
||||
if(preg_match($config['ie_mime_type_detection'], $buffer)) {
|
||||
undoImage($post);
|
||||
error($config['error']['mime_exploit']);
|
||||
@ -482,9 +485,9 @@
|
||||
// PHP's memory limit.
|
||||
|
||||
// first try GD's getimagesize()
|
||||
if($size = @getimagesize($post['file'])) {
|
||||
if($size = @getimagesize($upload)) {
|
||||
if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
||||
file_unlink($post['file']);
|
||||
|
||||
error($config['error']['maxsize']);
|
||||
}
|
||||
} else {
|
||||
@ -493,18 +496,16 @@
|
||||
}
|
||||
} else {
|
||||
// find dimensions of an image using GD
|
||||
if(!$size = @getimagesize($post['file'])) {
|
||||
file_unlink($post['file']);
|
||||
if(!$size = @getimagesize($upload)) {
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
||||
file_unlink($post['file']);
|
||||
error($config['error']['maxsize']);
|
||||
}
|
||||
}
|
||||
|
||||
// create image object
|
||||
$image = new Image($post['file'], $post['extension']);
|
||||
$image = new Image($upload, $post['extension']);
|
||||
|
||||
if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
|
||||
$image->delete();
|
||||
@ -526,7 +527,7 @@
|
||||
$post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
|
||||
|
||||
// Copy, because there's nothing to resize
|
||||
copy($post['file'], $post['thumb']);
|
||||
copy($upload, $post['thumb']);
|
||||
|
||||
$post['thumbwidth'] = $image->size->width;
|
||||
$post['thumbheight'] = $image->size->height;
|
||||
@ -547,6 +548,9 @@
|
||||
|
||||
if($config['redraw_image']) {
|
||||
$image->to($post['file']);
|
||||
} else {
|
||||
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file']))
|
||||
error($config['error']['nomove']);
|
||||
}
|
||||
|
||||
$image->destroy();
|
||||
|
Loading…
Reference in New Issue
Block a user