Adding security check that image filename is always below the path

`image_path` as specified in `img_config.php` #37.

README.md

@@ -133,6 +133,7 @@ Revision history
 
 v0.5.x (latest)
 
+* Adding security check that image filename is always below the path `image_path` as specified in `img_config.php` #37.
 * Adding configuration item in `img_config.php` for setting valid characters in image filename.
 * Moving `webroot/test*` into directory `webroot/test`.
 * `webroot/check_system.php` now outputs if extension for exif is loaded.

webroot/img.php

@@ -128,9 +128,32 @@ $verbose = getDefined(array('verbose', 'v'), true, false);
 $srcImage = get('src')
     or errorPage('Must set src-attribute.');
 
+
+// Check for valid/invalid characters
 preg_match($config['valid_filename'], $srcImage)
     or errorPage('Filename contains invalid characters.');
 
+
+// Check that the image is a file below the directory 'image_path'.
+if ($config['image_path_constraint']) {
+    
+    $pathToImage = realpath($config['image_path'] . $srcImage);
+    $imageDir    = realpath($config['image_path']);
+
+    is_file($pathToImage)
+        or errorPage(
+            'Source image is not a valid file, check the filename and that a 
+            matching file exists on the filesystem.'
+        );
+
+    substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
+        or errorPage(
+            'Security constraint: Source image is not below the directory "image_path" 
+            as specified in the config file img_config.php.'
+        );
+}
+
+
 verbose("src = $srcImage");
 
 

webroot/img_config.php

@@ -17,6 +17,13 @@ return array(
 
 
 
+    /**
+     * Check that the imagefile is a file below 'image_path' using realpath().
+     */
+    'image_path_constraint' => true,
+
+
+
     /**
      * A regexp for validating characters in the image filename.
      */