From eef2d586dd32c838eefc5dfe0397c9ac86ebd968 Mon Sep 17 00:00:00 2001 From: x2003bruneau Date: Thu, 15 Feb 2007 20:40:58 +0000 Subject: [PATCH] Better checks on image type for photos: -> mime_content_type MUST begin with image/ -> if image processing fails, do not submit the validation git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1502 839d8a87-29fc-0310-9880-83ba4fa771e5 --- ChangeLog | 3 +++ include/validations/photos.inc.php | 13 +++++++++++-- modules/profile.php | 13 ++++++++----- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2baeb6..46b06bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ New: Bug/Wish: + * Profile: + - Better checks on image type for photos -FRU + * Xnet: - #639: Fix the number of pages -FRU diff --git a/include/validations/photos.inc.php b/include/validations/photos.inc.php index 3a7e452..07c2adc 100644 --- a/include/validations/photos.inc.php +++ b/include/validations/photos.inc.php @@ -31,6 +31,7 @@ class PhotoReq extends Validate var $y; var $unique = true; + var $valid = false; var $rules = "Refuser les photos copyrightées, de mineurs, ou ayant un caractère pornographique, violent, etc... Si une photo est mal @@ -45,7 +46,7 @@ class PhotoReq extends Validate function PhotoReq($_uid, $_data, $_stamp=0) { $this->Validate($_uid, true, 'photo', $_stamp); - $this->_get_image($_data); + $this->valid = $this->_get_image($_data); } // }}} @@ -111,6 +112,14 @@ class PhotoReq extends Validate } // }}} + // {{{ function isValid() + + function isValid() + { + return $this->valid; + } + + // }}} // {{{ function get_request() function get_request($uid) @@ -140,7 +149,7 @@ class PhotoReq extends Validate if (isset($_FILES['userfile']['tmp_name'])) { $file = $_FILES['userfile']['tmp_name']; if ($data = file_get_contents($file)) { - if ($this->_get_image($data)) { + if ($this->valid = $this->_get_image($data)) { return true; } } else { diff --git a/modules/profile.php b/modules/profile.php index b4a2c2a..efa3076 100644 --- a/modules/profile.php +++ b/modules/profile.php @@ -124,16 +124,19 @@ class ProfileModule extends PLModule .'/'.S::v('forlife').'.jpg'; if (Env::has('upload')) { - if (isset($_FILES['userfile']['tmp_name']) - && !is_uploaded_file($_FILES['userfile']['tmp_name'])) { + if (isset($_FILES['userfile']['tmp_name']) && !is_uploaded_file($_FILES['userfile']['tmp_name'])) { $page->trig('Une erreur s\'est produite lors du transfert du fichier'); - } else { + } elseif (strpos(trim(mime_content_type($_FILES['userfile']['tmp_name'])), 'image/') !== 0) { + $page->trig('Le fichier que tu as transmis n\'est pas une image.'); + } else { $file = is_uploaded_file($_FILES['userfile']['tmp_name']) ? $_FILES['userfile']['tmp_name'] : Env::v('photo'); if ($data = file_get_contents($file)) { $myphoto = new PhotoReq(S::v('uid'), $data); - $myphoto->submit(); + if ($myphoto->isValid()) { + $myphoto->submit(); + } } else { $page->trig('Fichier inexistant ou vide'); } @@ -141,7 +144,7 @@ class ProfileModule extends PLModule } elseif (Env::has('trombi')) { $myphoto = new PhotoReq(S::v('uid'), file_get_contents($trombi_x)); - if ($myphoto) { + if ($myphoto->isValid()) { $myphoto->commit(); $myphoto->clean(); } -- 2.1.4