diff options
author | Andreas Gohr <andi@splitbrain.org> | 2006-10-18 14:49:42 +0200 |
---|---|---|
committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-18 14:49:42 +0200 |
commit | d1ed0b61f4795d01c2d9675949d2aad4568bc0c7 (patch) | |
tree | 1226d0e3ddf7046431613e2db4b6c4e5ec0793eb /lib/exe/fetch.php | |
parent | 894a80cc56d188b10cc78bb4c088bea731f991a2 (diff) | |
download | rpg-d1ed0b61f4795d01c2d9675949d2aad4568bc0c7.tar.gz rpg-d1ed0b61f4795d01c2d9675949d2aad4568bc0c7.tar.bz2 |
better check for images in fetch.php
This patch is an enhancement to yesterday's changes. The ability to download
external content could be used for XSS attacks, when faking the sent MIME
type. This patch adds a check on the received data for valid images.
darcs-hash:20061018124942-7ad00-4e8bca7d3877e6a10c348b5d45499cf8adf8b087.gz
Diffstat (limited to 'lib/exe/fetch.php')
-rw-r--r-- | lib/exe/fetch.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 1f854b338..94aae7deb 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -31,9 +31,9 @@ } //media to local file - if(preg_match('#^(https?|ftp)://#i',$MEDIA)){ - //handle external media - $FILE = get_from_URL($MEDIA,$EXT,$CACHE); + if(preg_match('#^(https?)://#i',$MEDIA)){ + //handle external images + if(strncmp($MIME,'image/',6) == 0) $FILE = get_from_URL($MEDIA,$EXT,$CACHE); if(!$FILE){ //download failed - redirect to original URL header('Location: '.$MEDIA); @@ -272,6 +272,14 @@ function image_download($url,$file){ fwrite($fp,$data); fclose($fp); if(!$fileexists and $conf['fperm']) chmod($file, $conf['fperm']); + + // check if it is really an image + $info = @getimagesize($file); + if(!$info){ + @unlink($file); + return false; + } + return true; } |