From 2b0473c2b819ddc069b340d646a44951935a5f77 Mon Sep 17 00:00:00 2001 From: Zankaria Date: Tue, 25 Mar 2025 23:01:47 +0100 Subject: [PATCH] post.php: check if the file is some other type of supported media --- post.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/post.php b/post.php index 328aedc1..ebb9dc81 100644 --- a/post.php +++ b/post.php @@ -1289,12 +1289,14 @@ function handle_post(Context $ctx) } try { - $mime = Metadata\sniff_image($file['tmp_name'])[3]; - if (\in_array($mime, Metadata\SUPPORTED_IMAGE_MIME_TYPES)) { - $ext = Metadata\mime_to_ext($mime); + $ret = Metadata\sniff_image($file['tmp_name']); + if (\in_array($ret[2], Metadata\SUPPORTED_IMAGE_MIME_TYPES)) { + $ext = Metadata\mime_to_ext($ret[2]); $file['is_an_image'] = !\in_array($ext, $config['allowed_ext_files']); if ($file['is_an_image']) { - $file['mime'] = $mime; + $file['width'] = $ret[0]; + $file['height'] = $ret[1]; + $file['mime'] = $ret[2]; } } $file['is_an_image'] = false; @@ -1302,6 +1304,13 @@ function handle_post(Context $ctx) $file['is_an_image'] = false; } + if (!$file['is_an_image']) { + if (!\in_array($file['extension'], $config['allowed_ext_files'])) { + // Should be 'invalid media' really. + error($config['error']['invalidimg']); + } + } + // Truncate filename if it is too long $file['filename'] = mb_substr($file['filename'], 0, $config['max_filename_len']);