From 716e7cdae0d462a375cadee1e0f5a9b24c4645e3 Mon Sep 17 00:00:00 2001
From: Zankaria <zankaria.auxa@mailu.io>
Date: Tue, 25 Mar 2025 23:48:28 +0100
Subject: [PATCH] GdMediaHandler.php: check image size, use MediaException and
 MediaHandlerTrait

---
 inc/Service/Media/GdMediaHandler.php | 48 ++++++++++++++--------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/inc/Service/Media/GdMediaHandler.php b/inc/Service/Media/GdMediaHandler.php
index ae4f78a8..b96a63c9 100644
--- a/inc/Service/Media/GdMediaHandler.php
+++ b/inc/Service/Media/GdMediaHandler.php
@@ -9,11 +9,15 @@ use Vichan\Functions\{Fs, Metadata};
  * Basically a fallback implementation. GD does not handle color profiles outside of webp.
  */
 class GdMediaHandler implements MediaHandler {
+	use MediaHandlerTrait;
+
 	private const PHP81 = \PHP_MAJOR_VERSION >= 8 && \PHP_MINOR_VERSION >= 1;
 
 
 	private bool $strip_redraw;
 	private array $exif_readers;
+	private int $image_max_width;
+	private int $image_max_height;
 
 
 	private static function imageCreateFrom(string $file, string $mime): mixed {
@@ -99,15 +103,7 @@ class GdMediaHandler implements MediaHandler {
 		if ($width <= $max_width && $height <= $max_height) {
 			$out_path = $preferred_out_file_dir . DIRECTORY_SEPARATOR . $preferred_out_file_name . '.' . Metadata\mime_to_ext($source_file_mime);
 
-			if ($source_file_kind === self::FILE_KIND_UPLOADED) {
-				if (!Fs\move_or_copy_uploaded($source_file_path, $out_path)) {
-					throw new \RuntimeException("Could not move or copy uploaded file '$source_file_path' to '$out_path'");
-				}
-			} else {
-				if (!Fs\link_or_copy($source_file_path, $out_path)) {
-					throw new \RuntimeException("Could not link or copy '$source_file_path' to '$out_path'");
-				}
-			}
+			$this->move_or_link_or_copy($source_file_kind, $source_file_path, $out_path);
 
 			return new ThumbGenerationResult(
 				$out_path,
@@ -124,7 +120,7 @@ class GdMediaHandler implements MediaHandler {
 
 			if (!self::imageSaveTo($gd_other, $out_path, $preferred_out_mime)) {
 				\imagedestroy($gd_other);
-				throw new \RuntimeException("Could not create thumbnail file at '$out_path'");
+				throw new MediaException("Could not create thumbnail file at '$out_path'", MediaException::ERR_IO_ERR);
 			}
 
 			\imagedestroy($gd_other);
@@ -144,7 +140,7 @@ class GdMediaHandler implements MediaHandler {
 	 *                           May cause the loss of color profiles. Orientation is still handled in JPG and PNG.
 	 * @param array $exif_readers A map of mime types to {@link Vichan\Data\Driver\Metadata\ExifReader} instances.
 	 */
-	public function __construct(bool $strip_redraw, array $exif_readers) {
+	public function __construct(bool $strip_redraw, array $exif_readers, int $max_width, int $max_height) {
 		$this->strip_redraw = $strip_redraw;
 		$this->exif_readers = $exif_readers;
 	}
@@ -160,9 +156,21 @@ class GdMediaHandler implements MediaHandler {
 	}
 
 	public function openHandle(string $file_path, string $file_mime, int $file_kind): mixed {
+		try {
+			list($width, $height, $mime) = Metadata\sniff_image($file_path);
+			if ($width > $this->image_max_width || $height > $this->image_max_height) {
+				throw new MediaException("Image too big", MediaException::ERR_IMAGE_TOO_LARGE);
+			}
+			if ($mime !== $file_mime) {
+				throw new MediaException("Mime type mismatch, expected $file_mime, got $mime", MediaException::ERR_COMPUTE_ERR);
+			}
+		} catch (\RuntimeException $e) {
+			throw new MediaException("Could not sniff '$file_path'", MediaException::ERR_NO_OPEN, $e);
+		}
+
 		$gd = self::imageCreateFrom($file_path, $file_mime);
 		if ($gd === false) {
-			throw new \RuntimeException("Could not open '$file_path'");
+			throw new MediaException("Could not open '$file_path'", MediaException::ERR_NO_OPEN);
 		}
 
 		// Fix the orientation once and for all.
@@ -176,14 +184,14 @@ class GdMediaHandler implements MediaHandler {
 				$gd_other = \imagerotate($gd, 360 - $degrees, \imagecolorallocatealpha($gd, 0, 0, 0, 127));
 				\imagedestroy($gd);
 				if ($gd_other === false) {
-					throw new \RuntimeException("Error while correcting rotation of '$file_path'");
+					throw new MediaException("Error while correcting rotation of '$file_path'", MediaException::ERR_COMPUTE_ERR);
 				}
 				$gd = $gd_other;
 			}
 
 			if ($flipped) {
 				if (!\imageflip($gd, \IMG_FLIP_HORIZONTAL)) {
-					throw new \RuntimeException("Error while correcting flipping of '$file_path'");
+					throw new MediaException("Error while correcting flipping of '$file_path'", MediaException::ERR_COMPUTE_ERR);
 				}
 			}
 		}
@@ -210,18 +218,10 @@ class GdMediaHandler implements MediaHandler {
 
 		if ($this->strip_redraw) {
 			if (!self::imageSaveTo($gd, $out_path, $source_file_mime)) {
-				throw new \RuntimeException("Could not create media file at '$out_path'");
+				throw new MediaException("Could not create media file at '$out_path'", MediaException::ERR_IO_ERR);
 			}
 		} else {
-			if ($source_file_kind === self::FILE_KIND_UPLOADED) {
-				if (!Fs\move_or_copy_uploaded($source_file_path, $out_path)) {
-					throw new \RuntimeException("Could not move or copy uploaded file '$source_file_path' to '$out_path'");
-				}
-			} else {
-				if (!Fs\link_or_copy($source_file_path, $out_path)) {
-					throw new \RuntimeException("Could not link or copy '$source_file_path' to '$out_path'");
-				}
-			}
+			$this->move_or_link_or_copy($source_file_kind, $source_file_path, $out_path);
 		}
 
 		return $this->generateThumbImpl(