Better upload handling (don't move file before handling it)

inc/image.php

@@ -216,8 +216,7 @@
 		public function init() {
 			global $config;
 			
-			$this->temp = tempnam($config['tmp'], 'imagick');
-			
+			$this->temp = false;
 		}
 		public function from() {	
 			$size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]')));	
@@ -232,8 +231,13 @@
 			}
 		}
 		public function to($src) {
-			rename($this->temp, $src);
-			chmod($src, 0664);
+			if(!$this->temp) {
+				// $config['redraw_image']
+				shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src));
+			} else {
+				rename($this->temp, $src);
+				chmod($src, 0664);
+			}
 		}
 		public function width() {
 			return $this->width;
@@ -243,10 +247,18 @@
 		}
 		public function destroy() {
 			@unlink($this->temp);
+			$this->temp = false;
 		}
 		public function resize() {
 			global $config;
 			
+			if($this->temp) {
+				// remove old
+				$this->destroy();
+			}
+			
+			$this->temp = tempnam($config['tmp'], 'imagick');
+			
 			$quality = $config['thumb_quality'] * 10;
 			
 			if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp))

post.php

@@ -455,15 +455,18 @@
 			
 			// Truncate filename if it is too long
 			$post['filename'] = substr($post['filename'], 0, $config['max_filename_len']);
-			// Move the uploaded file
-			if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
 			
-			$post['filehash'] = $config['file_hash']($post['file']);
-			$post['filesize'] = filesize($post['file']);
+			$upload = $_FILES['file']['tmp_name'];
+			
+			if(!is_readable($upload))
+				error($config['error']['nomove']);
+			
+			$post['filehash'] = $config['file_hash']($upload);
+			$post['filesize'] = filesize($upload);
 			
 			if($is_an_image) {
 				// Check IE MIME type detection XSS exploit
-				$buffer = file_get_contents($post['file'], null, null, null, 255);
+				$buffer = file_get_contents($upload, null, null, null, 255);
 				if(preg_match($config['ie_mime_type_detection'], $buffer)) {
 					undoImage($post);
 					error($config['error']['mime_exploit']);
@@ -482,9 +485,9 @@
 					// PHP's memory limit.
 					
 					// first try GD's getimagesize()
-					if($size = @getimagesize($post['file'])) {
+					if($size = @getimagesize($upload)) {
 						if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
-							file_unlink($post['file']);
+
 							error($config['error']['maxsize']);
 						}
 					} else {
@@ -493,18 +496,16 @@
 					}
 				} else {
 					// find dimensions of an image using GD
-					if(!$size = @getimagesize($post['file'])) {
-						file_unlink($post['file']);
+					if(!$size = @getimagesize($upload)) {
 						error($config['error']['invalidimg']);
 					}
 					if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
-						file_unlink($post['file']);
 						error($config['error']['maxsize']);
 					}
 				}
 				
 				// create image object
-				$image = new Image($post['file'], $post['extension']);
+				$image = new Image($upload, $post['extension']);
 				
 				if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
 					$image->delete();
@@ -526,7 +527,7 @@
 					$post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
 				
 					// Copy, because there's nothing to resize
-					copy($post['file'], $post['thumb']);
+					copy($upload, $post['thumb']);
 				
 					$post['thumbwidth'] = $image->size->width;
 					$post['thumbheight'] = $image->size->height;
@@ -547,6 +548,9 @@
 				
 				if($config['redraw_image']) {
 					$image->to($post['file']);
+				} else {
+					if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file']))
+						error($config['error']['nomove']);
 				}
 				
 				$image->destroy();