summaryrefslogtreecommitdiff
path: root/lib/exe/fetch.php
diff options
context:
space:
mode:
authorAndreas Gohr <andi@splitbrain.org>2006-10-18 14:49:42 +0200
committerAndreas Gohr <andi@splitbrain.org>2006-10-18 14:49:42 +0200
commitd1ed0b61f4795d01c2d9675949d2aad4568bc0c7 (patch)
tree1226d0e3ddf7046431613e2db4b6c4e5ec0793eb /lib/exe/fetch.php
parent894a80cc56d188b10cc78bb4c088bea731f991a2 (diff)
downloadrpg-d1ed0b61f4795d01c2d9675949d2aad4568bc0c7.tar.gz
rpg-d1ed0b61f4795d01c2d9675949d2aad4568bc0c7.tar.bz2
better check for images in fetch.php
This patch is an enhancement to yesterday's changes. The ability to download external content could be used for XSS attacks, when faking the sent MIME type. This patch adds a check on the received data for valid images. darcs-hash:20061018124942-7ad00-4e8bca7d3877e6a10c348b5d45499cf8adf8b087.gz
Diffstat (limited to 'lib/exe/fetch.php')
-rw-r--r--lib/exe/fetch.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php
index 1f854b338..94aae7deb 100644
--- a/lib/exe/fetch.php
+++ b/lib/exe/fetch.php
@@ -31,9 +31,9 @@
}
//media to local file
- if(preg_match('#^(https?|ftp)://#i',$MEDIA)){
- //handle external media
- $FILE = get_from_URL($MEDIA,$EXT,$CACHE);
+ if(preg_match('#^(https?)://#i',$MEDIA)){
+ //handle external images
+ if(strncmp($MIME,'image/',6) == 0) $FILE = get_from_URL($MEDIA,$EXT,$CACHE);
if(!$FILE){
//download failed - redirect to original URL
header('Location: '.$MEDIA);
@@ -272,6 +272,14 @@ function image_download($url,$file){
fwrite($fp,$data);
fclose($fp);
if(!$fileexists and $conf['fperm']) chmod($file, $conf['fperm']);
+
+ // check if it is really an image
+ $info = @getimagesize($file);
+ if(!$info){
+ @unlink($file);
+ return false;
+ }
+
return true;
}