diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-09-05 15:17:45 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-09-05 15:17:45 +0000 |
| commit | 504eef65c5fe128c86cd2f122cda53cf4df04347 (patch) | |
| tree | ac2a79f958f0679295bd2a8eddff84229dfcf002 /phpBB | |
| parent | 2c2a2c10d92d76a1497469bb15b2e4f6d499793e (diff) | |
| download | forums-504eef65c5fe128c86cd2f122cda53cf4df04347.tar forums-504eef65c5fe128c86cd2f122cda53cf4df04347.tar.gz forums-504eef65c5fe128c86cd2f122cda53cf4df04347.tar.bz2 forums-504eef65c5fe128c86cd2f122cda53cf4df04347.tar.xz forums-504eef65c5fe128c86cd2f122cda53cf4df04347.zip | |
check file type
git-svn-id: file:///svn/phpbb/trunk@6354 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/functions_upload.php | 44 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 20 | ||||
| -rw-r--r-- | phpBB/language/en/common.php | 2 |
3 files changed, 65 insertions, 1 deletions
diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index ca2618c96a..9f02c5f74e 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -305,6 +305,25 @@ class filespec { $this->mimetype = $this->image_info['mime']; } + + // Check image type + $types = $this->upload->image_types(); + + if (!isset($types[$this->image_info[2]]) || !in_array($this->extension, $types[$this->image_info[2]])) + { + if (!isset($types[$this->image_info[2]])) + { + $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_INVALID'], $this->image_info[2], $this->mimetype); + } + else + { + $this->error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$this->image_info[2]][0], $this->extension); + } + } + } + else + { + $this->error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; } } @@ -790,6 +809,31 @@ class fileupload { return (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none') ? true : false; } + + /** + * Return image type/extension mapping + */ + function image_types() + { + return array( + 1 => array('gif'), + 2 => array('jpg', 'jpeg'), + 3 => array('png'), + 4 => array('swf'), + 5 => array('psd'), + 6 => array('bmp'), + 7 => array('tif', 'tiff'), + 8 => array('tif', 'tiff'), + 9 => array('jpg', 'jpeg'), + 10 => array('jpg', 'jpeg'), + 11 => array('jpg', 'jpeg'), + 12 => array('jpg', 'jpeg'), + 13 => array('swc'), + 14 => array('iff'), + 15 => array('wbmp'), + 16 => array('xbm'), + ); + } } ?>
\ No newline at end of file diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 1e688e8ab0..1d41aeb9ba 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -1255,7 +1255,7 @@ function avatar_delete($id) */ function avatar_remote($data, &$error) { - global $config, $db, $user, $phpbb_root_path; + global $config, $db, $user, $phpbb_root_path, $phpEx; if (!preg_match('#^(http|https|ftp)://#i', $data['remotelink'])) { @@ -1284,6 +1284,24 @@ function avatar_remote($data, &$error) return false; } + // Check image type + include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); + $types = fileupload::image_types(); + $extension = strtolower(filespec::get_extension($data['remotelink'])); + + if (!isset($types[$image_data[2]]) || !in_array($extension, $types[$image_data[2]])) + { + if (!isset($types[$image_data[2]])) + { + $error[] = $user->lang['UNABLE_GET_IMAGE_SIZE']; + } + else + { + $error[] = sprintf($user->lang['IMAGE_FILETYPE_MISMATCH'], $types[$image_data[2]][0], $extension); + } + return false; + } + if ($config['avatar_max_width'] || $config['avatar_max_height']) { if ($width > $config['avatar_max_width'] || $height > $config['avatar_max_height']) diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 7fafc09989..7ebbdeb84c 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -232,6 +232,8 @@ $lang = array_merge($lang, array( 'ICQ_STATUS' => 'ICQ status', 'IF' => 'if', 'IMAGE' => 'Image', + 'IMAGE_FILETYPE_INVALID' => 'Image filetype %d for mimetype %s not supported.', + 'IMAGE_FILETYPE_MISMATCH' => 'Image filetype mismatch: expected extension %1$s but extension %2$s given.', 'IN' => 'in', 'INDEX' => 'Index page', 'INFORMATION' => 'Information', |