perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

post.php: check if the file is some other type of supported media

Browse source
This commit is contained in:
Zankaria 2025-03-25 23:01:47 +01:00
parent 71d8172495
commit 2b0473c2b8
1 changed files with 13 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

17
post.php
View file

@ -1289,12 +1289,14 @@ function handle_post(Context $ctx)
}
try {
$mime = Metadata\sniff_image($file['tmp_name'])[3];
if (\in_array($mime, Metadata\SUPPORTED_IMAGE_MIME_TYPES)) {
$ext = Metadata\mime_to_ext($mime);
$ret = Metadata\sniff_image($file['tmp_name']);
if (\in_array($ret[2], Metadata\SUPPORTED_IMAGE_MIME_TYPES)) {
$ext = Metadata\mime_to_ext($ret[2]);
$file['is_an_image'] = !\in_array($ext, $config['allowed_ext_files']);
if ($file['is_an_image']) {
$file['mime'] = $mime;
$file['width'] = $ret[0];
$file['height'] = $ret[1];
$file['mime'] = $ret[2];
}
}
$file['is_an_image'] = false;
@ -1302,6 +1304,13 @@ function handle_post(Context $ctx)
$file['is_an_image'] = false;
}
if (!$file['is_an_image']) {
if (!\in_array($file['extension'], $config['allowed_ext_files'])) {
// Should be 'invalid media' really.
error($config['error']['invalidimg']);
}
}
// Truncate filename if it is too long
$file['filename'] = mb_substr($file['filename'], 0, $config['max_filename_len']);