From c4b98e94cee5cb6bf89aea8dc36253ce754c6dcd Mon Sep 17 00:00:00 2001
From: czaks <marcin@6irc.net>
Date: Thu, 5 May 2016 10:17:14 +0200
Subject: [PATCH] [SECURITY] harden for imagetragick (we aren`t hit by the bug,
 but we were passing uncommon filetypes, like JPEG2000, directly to
 imagemagick)

---
 post.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/post.php b/post.php
index 5c755a3c..dc303785 100644
--- a/post.php
+++ b/post.php
@@ -639,6 +639,9 @@ if (isset($_POST['delete'])) {
 			if (!$size = @getimagesize($file['tmp_name'])) {
 				error($config['error']['invalidimg']);
 			}
+			if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
+				error($config['error']['invalidimg']);
+			}
 			if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
 				error($config['error']['maxsize']);
 			}