mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-23 23:20:57 +01:00
[SECURITY] harden for imagetragick (we aren`t hit by the bug, but we were passing uncommon filetypes, like JPEG2000, directly to imagemagick)
This commit is contained in:
parent
77176faece
commit
c4b98e94ce
3
post.php
3
post.php
@ -639,6 +639,9 @@ if (isset($_POST['delete'])) {
|
||||
if (!$size = @getimagesize($file['tmp_name'])) {
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
if (!in_array($size[2], array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_BMP))) {
|
||||
error($config['error']['invalidimg']);
|
||||
}
|
||||
if ($size[0] > $config['max_width'] || $size[1] > $config['max_height']) {
|
||||
error($config['error']['maxsize']);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user