Skip to content

GitLab

mahara
mahara
Commit b1267b06 authored by Richard Mansfield's avatar Richard Mansfield
Browse files
Options

Don't believe the browser when detecting image artefacts

parent bd8e5620
Hide whitespace changes
Inline Side-by-side
Showing with 59 additions and 26 deletions
htdocs/artefact/blog/lib.php
View file @ b1267b06
......@@ -688,6 +688,8 @@ class ArtefactTypeBlogPost extends ArtefactType {
$tempdir = self::$blogattachmentroot . ($result->tempfilename % 256);
$result->error = $um->process_file_upload($tempdir, $result->tempfilename);
$movedfile = get_config('dataroot') . $tempdir . '/' . $result->tempfilename;
if ($result->error) {
delete_records('artefact_blog_blogpost_file_pending', 'id', $result->tempfilename);
}
......@@ -701,8 +703,8 @@ class ArtefactTypeBlogPost extends ArtefactType {
}
db_commit();
safe_require('artefact', 'file');
$result->type = ArtefactTypeFile::detect_artefact_type($um->file['type']);
require_once('file.php');
$result->type = is_image_file($movedfile) ? 'image' : 'file';
return $result;
}
......
htdocs/artefact/file/lib.php
View file @ b1267b06
......@@ -698,20 +698,18 @@ class ArtefactTypeFile extends ArtefactTypeFileBase {
return get_config('dataroot') . self::get_file_directory($this->fileid) . '/' . $this->fileid;
}
public static function detect_artefact_type($mimetype) {
require_once('file.php');
if (is_image_mime_type($mimetype)) {
return 'image';
}
return 'file';
}
/**
* Test file type and return a new Image or File.
*/
public static function new_file($path, $data) {
if ($data->filetype && self::detect_artefact_type($data->filetype) == 'image') {
list($data->width, $data->height) = getimagesize($path);
require_once('file.php');
if (is_image_file($path)) {
// If it's detected as an image, overwrite the browser mime type
$imageinfo = getimagesize($path);
$data->filetype = $imageinfo['mime'];
$data->width = $imageinfo[0];
$data->height = $imageinfo[1];
return new ArtefactTypeImage(0, $data);
}
return new ArtefactTypeFile(0, $data);
......@@ -1246,14 +1244,6 @@ class ArtefactTypeImage extends ArtefactTypeFile {
return 'file';
}
/**
* err... wtf. Let's find where this method is called and change the call eh?
*/
public static function is_image_mime_type($type) {
require_once('file.php');
return is_image_mime_type($type);
}
public static function get_icon($options=null) {
$url = get_config('wwwroot') . 'artefact/file/download.php?';
$url .= 'file=' . $options['id'];
......
htdocs/artefact/file/profileicons.php
View file @ b1267b06
......@@ -165,7 +165,8 @@ $filesize = 0;
function upload_validate(Pieform $form, $values) {
global $USER, $filesize;
require_once('file.php');
if (!is_image_mime_type($values['file']['type'])) {
$imageinfo = getimagesize($values['file']['tmp_name']);
if (!$imageinfo || !is_image_type($imageinfo[2])) {
$form->set_error('file', get_string('filenotimage'));
}
......@@ -179,7 +180,8 @@ function upload_validate(Pieform $form, $values) {
}
// Check the file isn't greater than the max allowable size
list($width, $height) = getimagesize($values['file']['tmp_name']);
$width = $imageinfo[0];
$height = $imageinfo[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
if ($width > $imagemaxwidth || $height > $imagemaxheight) {
......@@ -211,10 +213,12 @@ function upload_submit(Pieform $form, $values) {
'owner' => $USER->id,
'title' => $values['title'] ? $values['title'] : $values['file']['name'],
'note' => $values['file']['name'],
'filetype' => $values['file']['type'],
'size' => $filesize,
);
list($data->width, $data->height) = getimagesize($values['file']['tmp_name']);
$imageinfo = getimagesize($values['file']['tmp_name']);
$data->width = $imageinfo[0];
$data->height = $imageinfo[1];
$data->filetype = $imageinfo['mime'];
$artefact = new ArtefactTypeProfileIcon(0, $data);
if (preg_match("/\.([^\.]+)$/", $values['file']['name'], $saved)) {
$artefact->set('oldextension', $saved[1]);
......
htdocs/auth/xmlrpc/lib.php
View file @ b1267b06
......@@ -301,12 +301,12 @@ class AuthXmlrpc extends Auth {
require_once('file.php');
$imagesize = getimagesize($filename);
$mime = $imagesize['mime'];
if (!is_image_mime_type($mime)) {
if (!$imagesize || !is_image_type($imagesize[2])) {
$error = get_string('filenotimage');
}
$width = $imagesize[0];
$mime = $imagesize['mime'];
$width = $imagesize[0];
$height = $imagesize[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
......
htdocs/lib/file.php
View file @ b1267b06
......@@ -328,6 +328,43 @@ function is_image_mime_type($type) {
return in_array($type, $supported);
}
/**
* Given an image type returned by getimagesize or exif_imagetype, returns whether
* Mahara thinks it is a valid image type.
*
* Not all image types are valid for Mahara. Mahara supports JPEG, PNG, GIF
* and BMP.
*
* @param string $type The type to check
* @return boolean Whether the type is a valid image type for Mahara
*/
function is_image_type($type) {
$supported = array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG);
if (extension_loaded('imagick')) {
$supported[] = IMAGETYPE_BMP;
}
return $type && in_array($type, $supported);
}
/**
* Given path to a file, returns whether Mahara thinks it is a valid image file.
*
* Not all image types are valid for Mahara. Mahara supports JPEG, PNG, GIF
* and BMP.
*
* @param string $path The file to check
* @return boolean Whether the file is a valid image file for Mahara
*/
function is_image_file($path) {
if (!$type = exif_imagetype($path)) {
return false;
}
return is_image_type($type);
}
/**
* Given a path under dataroot, an ID and a size, return the path to a file
* matching all criteria.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment