Skip to content
GitLab
Commit b1267b06 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Don't believe the browser when detecting image artefacts

parent bd8e5620
Hide whitespace changes
Inline Side-by-side
htdocs/artefact/blog/lib.php
View file @ b1267b06
......@@ -688,6 +688,8 @@ class ArtefactTypeBlogPost extends ArtefactType {
$tempdir = self::$blogattachmentroot . ($result->tempfilename % 256);
$result->error = $um->process_file_upload($tempdir, $result->tempfilename);
$movedfile = get_config('dataroot') . $tempdir . '/' . $result->tempfilename;
if ($result->error) {
delete_records('artefact_blog_blogpost_file_pending', 'id', $result->tempfilename);
}
......@@ -701,8 +703,8 @@ class ArtefactTypeBlogPost extends ArtefactType {
}
db_commit();
safe_require('artefact', 'file');
$result->type = ArtefactTypeFile::detect_artefact_type($um->file['type']);
require_once('file.php');
$result->type = is_image_file($movedfile) ? 'image' : 'file';
return $result;
}
......
htdocs/artefact/file/lib.php
View file @ b1267b06
......@@ -698,20 +698,18 @@ class ArtefactTypeFile extends ArtefactTypeFileBase {
return get_config('dataroot') . self::get_file_directory($this->fileid) . '/' . $this->fileid;
}
public static function detect_artefact_type($mimetype) {
require_once('file.php');
if (is_image_mime_type($mimetype)) {
return 'image';
}
return 'file';
}
/**
* Test file type and return a new Image or File.
*/
public static function new_file($path, $data) {
if ($data->filetype && self::detect_artefact_type($data->filetype) == 'image') {
list($data->width, $data->height) = getimagesize($path);
require_once('file.php');
if (is_image_file($path)) {
// If it's detected as an image, overwrite the browser mime type
$imageinfo = getimagesize($path);
$data->filetype = $imageinfo['mime'];
$data->width = $imageinfo[0];
$data->height = $imageinfo[1];
return new ArtefactTypeImage(0, $data);
}
return new ArtefactTypeFile(0, $data);
......@@ -1246,14 +1244,6 @@ class ArtefactTypeImage extends ArtefactTypeFile {
return 'file';
}
/**
* err... wtf. Let's find where this method is called and change the call eh?
*/
public static function is_image_mime_type($type) {
require_once('file.php');
return is_image_mime_type($type);
}
public static function get_icon($options=null) {
$url = get_config('wwwroot') . 'artefact/file/download.php?';
$url .= 'file=' . $options['id'];
......
htdocs/artefact/file/profileicons.php
View file @ b1267b06
......@@ -165,7 +165,8 @@ $filesize = 0;
function upload_validate(Pieform $form, $values) {
global $USER, $filesize;
require_once('file.php');
if (!is_image_mime_type($values['file']['type'])) {
$imageinfo = getimagesize($values['file']['tmp_name']);
if (!$imageinfo || !is_image_type($imageinfo[2])) {
$form->set_error('file', get_string('filenotimage'));
}
......@@ -179,7 +180,8 @@ function upload_validate(Pieform $form, $values) {
}
// Check the file isn't greater than the max allowable size
list($width, $height) = getimagesize($values['file']['tmp_name']);
$width = $imageinfo[0];
$height = $imageinfo[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
if ($width > $imagemaxwidth || $height > $imagemaxheight) {
......@@ -211,10 +213,12 @@ function upload_submit(Pieform $form, $values) {
'owner' => $USER->id,
'title' => $values['title'] ? $values['title'] : $values['file']['name'],
'note' => $values['file']['name'],
'filetype' => $values['file']['type'],
'size' => $filesize,
);
list($data->width, $data->height) = getimagesize($values['file']['tmp_name']);
$imageinfo = getimagesize($values['file']['tmp_name']);
$data->width = $imageinfo[0];
$data->height = $imageinfo[1];
$data->filetype = $imageinfo['mime'];
$artefact = new ArtefactTypeProfileIcon(0, $data);
if (preg_match("/\.([^\.]+)$/", $values['file']['name'], $saved)) {
$artefact->set('oldextension', $saved[1]);
......
htdocs/auth/xmlrpc/lib.php
View file @ b1267b06
......@@ -301,12 +301,12 @@ class AuthXmlrpc extends Auth {
require_once('file.php');
$imagesize = getimagesize($filename);
$mime = $imagesize['mime'];
if (!is_image_mime_type($mime)) {
if (!$imagesize || !is_image_type($imagesize[2])) {
$error = get_string('filenotimage');
}
$width = $imagesize[0];
$mime = $imagesize['mime'];
$width = $imagesize[0];
$height = $imagesize[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
......
htdocs/lib/file.php
View file @ b1267b06
......@@ -328,6 +328,43 @@ function is_image_mime_type($type) {
return in_array($type, $supported);
}
/**
* Given an image type returned by getimagesize or exif_imagetype, returns whether
* Mahara thinks it is a valid image type.
*
* Not all image types are valid for Mahara. Mahara supports JPEG, PNG, GIF
* and BMP.
*
* @param string $type The type to check
* @return boolean Whether the type is a valid image type for Mahara
*/
function is_image_type($type) {
$supported = array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG);
if (extension_loaded('imagick')) {
$supported[] = IMAGETYPE_BMP;
}
return $type && in_array($type, $supported);
}
/**
* Given path to a file, returns whether Mahara thinks it is a valid image file.
*
* Not all image types are valid for Mahara. Mahara supports JPEG, PNG, GIF
* and BMP.
*
* @param string $path The file to check
* @return boolean Whether the file is a valid image file for Mahara
*/
function is_image_file($path) {
if (!$type = exif_imagetype($path)) {
return false;
}
return is_image_type($type);
}
/**
* Given a path under dataroot, an ID and a size, return the path to a file
* matching all criteria.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment