diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2007-02-11 23:32:30 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2007-02-11 23:32:30 +0100 |
| commit | 8cb1eb011a72ab9d73730fff0851c6d1abcabad1 (patch) | |
| tree | 04489a692741843513832e302795382b363cbbe3 | |
| parent | 26890ffb7807f55dc64188e3794adebf175d13ef (diff) | |
| download | rpg-8cb1eb011a72ab9d73730fff0851c6d1abcabad1.tar.gz rpg-8cb1eb011a72ab9d73730fff0851c6d1abcabad1.tar.bz2 | |
check if uploaded content matches the given mime type
A first attempt at fixing FS#1077
currently checks images and spam
darcs-hash:20070211223230-7ad00-ba8186c5e848e8783acabb9bf598739617aabdf2.gz
| -rw-r--r-- | inc/lang/en/lang.php | 2 | ||||
| -rw-r--r-- | inc/media.php | 52 |
2 files changed, 49 insertions, 5 deletions
diff --git a/inc/lang/en/lang.php b/inc/lang/en/lang.php index 486041522..20f6f43c7 100644 --- a/inc/lang/en/lang.php +++ b/inc/lang/en/lang.php @@ -103,6 +103,8 @@ $lang['uploadsucc'] = 'Upload successful'; $lang['uploadfail'] = 'Upload failed. Maybe wrong permissions?'; $lang['uploadwrong'] = 'Upload denied. This file extension is forbidden!'; $lang['uploadexist'] = 'File already exists. Nothing done.'; +$lang['uploadbadcontent'] = 'The uploaded content did not match the %s file extension.'; +$lang['uploadspam'] = 'The upload was blocked by the spam blacklist'; $lang['deletesucc'] = 'The file "%s" has been deleted.'; $lang['deletefail'] = '"%s" couldn\'t be deleted - check permissions.'; $lang['mediainuse'] = 'The file "%s" hasn\'t been deleted - it is still in use.'; diff --git a/inc/media.php b/inc/media.php index 593d1211c..ed64e6388 100644 --- a/inc/media.php +++ b/inc/media.php @@ -191,11 +191,12 @@ function media_upload($ns,$auth){ if(empty($id)) $id = $file['name']; // check extensions - list($fext) = mimetype($file['name']); - list($iext) = mimetype($id); + list($fext,$fmime) = mimetype($file['name']); + list($iext,$imime) = mimetype($id); if($fext && !$iext){ - // no extension specified in id - readd original one - $id .= '.'.$fext; + // no extension specified in id - read original one + $id .= '.'.$fext; + $imime = $fmime; }elseif($fext && $fext != $iext){ // extension was changed, print warning msg(sprintf($lang['mediaextchange'],$fext,$iext)); @@ -217,6 +218,16 @@ function media_upload($ns,$auth){ msg($lang['uploadexist'],0); return false; } + // check for valid content + $ok = media_contentcheck($file['tmp_name'],$imime); + if($ok == -1){ + msg(sprintf($lang['uploadbadcontent'],".$iext"),-1); + return false; + }elseif($ok == -2){ + msg($lang['uploadspam'],-1); + return false; + } + // prepare directory io_createNamespace($id, 'media'); if(move_uploaded_file($file['tmp_name'], $fn)) { @@ -235,7 +246,38 @@ function media_upload($ns,$auth){ return false; } - +/** + * This function checks if the uploaded content is really what the + * mimetype says it is. We also do spam checking for text types here + * + * We need to do this stuff because we can not rely on the browser + * to do this check correctly. Yes, IE is broken as usual. + * + * @author Andreas Gohr <andi@splitbrain.org> + * @link http://weblog.philringnalda.com/2004/04/06/getting-around-ies-mime-type-mangling + * @fixme check all 26 magic IE filetypes here? + */ +function media_contentcheck($file,$mime){ + if(substr($mime,0,6) == 'image/'){ + $info = @getimagesize($file); + if($mime == 'image/gif' && $info[2] != 1){ + return -1; + }elseif($mime == 'image/jpeg' && $info[2] != 2){ + return -1; + }elseif($mime == 'image/png' && $info[2] != 3){ + return -1; + } + # fixme maybe check other images types as well + }elseif(substr($mime,0,5) == 'text/'){ + global $TEXT; + $TEXT = io_readFile($file); + if(checkwordblock()){ + msg('Content seems to be spam',-1); + return -2; + } + } + return 0; +} /** * List all files in a given Media namespace |