leftypol
/
leftypol
4
5
Fork 2
Code Issues 59 Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Better upload handling (don't move file before handling it)

pull/40/head
Michael Save 12 years ago
parent
fb5fc04599
commit
c136d44894
2 changed files with 32 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      inc/image.php
  2. 28
      post.php

20
inc/image.php
View File

@ -216,8 +216,7 @@
public function init() { public function init() {
global $config; global $config;
$this->temp = tempnam($config['tmp'], 'imagick'); $this->temp = false;
} }
public function from() { public function from() {
$size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]'))); $size = trim(shell_exec('identify -format "%w %h" ' . escapeshellarg($this->src . '[0]')));
@ -232,8 +231,13 @@
} }
} }
public function to($src) { public function to($src) {
rename($this->temp, $src); if(!$this->temp) {
chmod($src, 0664); // $config['redraw_image']
shell_exec('convert ' . escapeshellarg($this->src) . ' ' . escapeshellarg($src));
} else {
rename($this->temp, $src);
chmod($src, 0664);
}
} }
public function width() { public function width() {
return $this->width; return $this->width;
@ -243,10 +247,18 @@
} }
public function destroy() { public function destroy() {
@unlink($this->temp); @unlink($this->temp);
$this->temp = false;
} }
public function resize() { public function resize() {
global $config; global $config;
if($this->temp) {
// remove old
$this->destroy();
}
$this->temp = tempnam($config['tmp'], 'imagick');
$quality = $config['thumb_quality'] * 10; $quality = $config['thumb_quality'] * 10;
if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp)) if(shell_exec("convert -flatten -filter Point -scale {$this->width}x{$this->height} +antialias -quality {$quality} " . escapeshellarg($this->src . '[0]') . " " . escapeshellarg($this->temp)) || !file_exists($this->temp))

28
post.php
View File

@ -455,15 +455,18 @@
// Truncate filename if it is too long // Truncate filename if it is too long
$post['filename'] = substr($post['filename'], 0, $config['max_filename_len']); $post['filename'] = substr($post['filename'], 0, $config['max_filename_len']);
// Move the uploaded file
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file'])) error($config['error']['nomove']);
$post['filehash'] = $config['file_hash']($post['file']); $upload = $_FILES['file']['tmp_name'];
$post['filesize'] = filesize($post['file']);
if(!is_readable($upload))
error($config['error']['nomove']);
$post['filehash'] = $config['file_hash']($upload);
$post['filesize'] = filesize($upload);
if($is_an_image) { if($is_an_image) {
// Check IE MIME type detection XSS exploit // Check IE MIME type detection XSS exploit
$buffer = file_get_contents($post['file'], null, null, null, 255); $buffer = file_get_contents($upload, null, null, null, 255);
if(preg_match($config['ie_mime_type_detection'], $buffer)) { if(preg_match($config['ie_mime_type_detection'], $buffer)) {
undoImage($post); undoImage($post);
error($config['error']['mime_exploit']); error($config['error']['mime_exploit']);
@ -482,9 +485,9 @@
// PHP's memory limit. // PHP's memory limit.
// first try GD's getimagesize() // first try GD's getimagesize()
if($size = @getimagesize($post['file'])) { if($size = @getimagesize($upload)) {
if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
file_unlink($post['file']);
error($config['error']['maxsize']); error($config['error']['maxsize']);
} }
} else { } else {
@ -493,18 +496,16 @@
} }
} else { } else {
// find dimensions of an image using GD // find dimensions of an image using GD
if(!$size = @getimagesize($post['file'])) { if(!$size = @getimagesize($upload)) {
file_unlink($post['file']);
error($config['error']['invalidimg']); error($config['error']['invalidimg']);
} }
if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) { if($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
file_unlink($post['file']);
error($config['error']['maxsize']); error($config['error']['maxsize']);
} }
} }
// create image object // create image object
$image = new Image($post['file'], $post['extension']); $image = new Image($upload, $post['extension']);
if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) { if($image->size->width > $config['max_width'] || $image->size->height > $config['max_height']) {
$image->delete(); $image->delete();
@ -526,7 +527,7 @@
$post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) { $post['extension'] == ($config['thumb_ext'] ? $config['thumb_ext'] : $post['extension'])) {
// Copy, because there's nothing to resize // Copy, because there's nothing to resize
copy($post['file'], $post['thumb']); copy($upload, $post['thumb']);
$post['thumbwidth'] = $image->size->width; $post['thumbwidth'] = $image->size->width;
$post['thumbheight'] = $image->size->height; $post['thumbheight'] = $image->size->height;
@ -547,6 +548,9 @@
if($config['redraw_image']) { if($config['redraw_image']) {
$image->to($post['file']); $image->to($post['file']);
} else {
if(!@move_uploaded_file($_FILES['file']['tmp_name'], $post['file']))
error($config['error']['nomove']);
} }
$image->destroy(); $image->destroy();

Write Preview
Loading…
Cancel
Save