kashire/lainchan
4
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

[SECURITY] harden for imagetragick (we aren`t hit by the bug, but we were passing uncommon filetypes, like JPEG2000, directly to imagemagick)

Browse Source
This commit is contained in:
czaks 2016-05-05 10:17:14 +02:00
parent 77176faece
commit c4b98e94ce
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
post.php
View File

@ -639,6 +639,9 @@ if (isset($_POST['delete'])) {
if (!$size = @getimagesize($file['tmp_name'])) {
error($config['error']['invalidimg']);
}
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
error($config['error']['invalidimg']);
}
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
error($config['error']['maxsize']);
}