From 14c9142e76d47285f87e8389caf86f89d14903ee Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 25 Mar 2025 22:54:00 +0100 Subject: [PATCH] post.php: also check image by mime --- post.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/post.php b/post.php index 27a45413..b5c03b38 100644 --- a/post.php +++ b/post.php @@ -6,6 +6,7 @@ use Vichan\Context; use Vichan\Data\ReportQueries; use Vichan\Data\Driver\LogDriver; +use Vichan\Functions\Metadata; require_once 'inc/bootstrap.php'; @@ -1287,7 +1288,19 @@ function handle_post(Context $ctx) error($config['error']['unknownext']); } - $file['is_an_image'] = !in_array($file['extension'], $config['allowed_ext_files']); + try { + $mime = Metadata\sniff_image($file['tmp_name'])[3]; + if (\in_array($mime, Metadata\SUPPORTED_IMAGE_MIME_TYPES)) { + $ext = Metadata\mime_to_ext($mime); + $file['is_an_image'] = !\in_array($ext, $config['allowed_ext_files']); + if ($file['is_an_image']) { + $file['mime'] = $mime; + } + } + $file['is_an_image'] = false; + } catch (\RuntimeException $e) { + $file['is_an_image'] = false; + } // Truncate filename if it is too long $file['filename'] = mb_substr($file['filename'], 0, $config['max_filename_len']);