makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

check file type

Browse source 
git-svn-id: file:///svn/phpbb/trunk@6354 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-09-05 15:17:45 +00:00
parent 2c2a2c10d9
commit 504eef65c5
3 changed files with 65 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
phpBB/includes/functions_upload.php
View file

@ -305,6 +305,25 @@ class filespec
{ {
$this->mimetype = $this->image_info['mime']; $this->mimetype = $this->image_info['mime'];
} }
// Check image type
$types = $this->upload->image_types();
if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]]))
{
if (!isset($types[$this->image_info[2]]))
{
$this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype);
}
else
{
$this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension);
}
}
}
else
{
$this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
} }
} }
@ -790,6 +809,31 @@ class fileupload
{ {
return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false; return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false;
} }
/**
* Return image type/extension mapping
*/
function image_types()
{
return array(
1 => array('gif'),
2 => array('jpg', 'jpeg'),
3 => array('png'),
4 => array('swf'),
5 => array('psd'),
6 => array('bmp'),
7 => array('tif', 'tiff'),
8 => array('tif', 'tiff'),
9 => array('jpg', 'jpeg'),
10 => array('jpg', 'jpeg'),
11 => array('jpg', 'jpeg'),
12 => array('jpg', 'jpeg'),
13 => array('swc'),
14 => array('iff'),
15 => array('wbmp'),
16 => array('xbm'),
);
}
} }
?> ?>

20
phpBB/includes/functions_user.php
View file

@ -1255,7 +1255,7 @@ function avatar_delete($id)
*/ */
function avatar_remote($data, &$error) function avatar_remote($data, &$error)
{ {
global $config, $db, $user, $phpbb_root_path; global $config, $db, $user, $phpbb_root_path, $phpEx;
if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink'])) if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink']))
{ {
@ -1284,6 +1284,24 @@ function avatar_remote($data, &$error)
return false; return false;
} }
// Check image type
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$types = fileupload::image_types();
$extension = strtolower(filespec::get_extension($data['remotelink']));
if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]]))
{
if (!isset($types[$image_data[2]]))
{
$error[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
}
else
{
$error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension);
}
return false;
}
if ($config['avatar_max_width'] || $config['avatar_max_height']) if ($config['avatar_max_width'] || $config['avatar_max_height'])
{ {
if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height'])

2
phpBB/language/en/common.php
View file

@ -232,6 +232,8 @@ $lang = array_merge($lang, array(
'ICQ_STATUS' => 'ICQ status', 'ICQ_STATUS' => 'ICQ status',
'IF' => 'if', 'IF' => 'if',
'IMAGE' => 'Image', 'IMAGE' => 'Image',
'IMAGE_FILETYPE_INVALID' => 'Image filetype %d for mimetype %s not supported.',
'IMAGE_FILETYPE_MISMATCH' => 'Image filetype mismatch: expected extension %1$s but extension %2$s given.',
'IN' => 'in', 'IN' => 'in',
'INDEX' => 'Index page', 'INDEX' => 'Index page',
'INFORMATION' => 'Information', 'INFORMATION' => 'Information',