[SECURITY] harden for imagetragick (we aren`t hit by the bug, but we were passing uncommon filetypes, like JPEG2000, directly to imagemagick)

2016-05-05 10:17:14 +02:00 · 2016-05-05 10:17:14 +02:00 · c4b98e94ce
commit c4b98e94ce
parent 77176faece
1 changed files with 3 additions and 0 deletions
--- a/post.php
+++ b/post.php
@ -639,6 +639,9 @@ if (isset($_POST['delete'])) {
 			if (!$size = @getimagesize($file['tmp_name'])) {
 				error($config['error']['invalidimg']);
 			}
+			if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
+				error($config['error']['invalidimg']);
+			}
 			if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
 				error($config['error']['maxsize']);
 			}