mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-12 18:46:20 +02:00
Code Issues Releases Wiki Activity

Better handle uploaded images - performance and bugfix

Browse Source
This commit is contained in:
SecretR
2015-09-19 19:18:08 +03:00
parent 5ef1d56ec6
commit af5ca367e8
1 changed files with 62 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
e107_handlers/upload_handler.php
View File

@ -533,6 +533,48 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
// VETTING AND UTILITY ROUTINES // VETTING AND UTILITY ROUTINES
//==================================================================== //====================================================================
/**
* Get image (string) mime type
* or when extended - array [(string) mime-type, (array) associated extensions)].
* A much faster way to retrieve mimes than getimagesize()
*
* @param $filename
* @param bool|false $extended
* @return array|string|false
*/
function get_image_mime($filename, $extended = false)
{
// mime types as returned from image_type_to_mime_type()
// and associated file extensions
$imageExtensions = array(
'image/gif' => array('gif'),
'image/jpeg' => array('jpg'),
'image/png' => array('png'),
'application/x-shockwave-flash' => array('swf', 'swc'),
'image/psd' => array('psd'),
'image/bmp' => array('bmp'),
'image/tiff' => array('tiff'),
'application/octet-stream' => array('jpc', 'jpx', 'jb2'),
'image/jp2' => array('jp2'),
'image/iff' => array('iff'),
'image/vnd.wap.wbmp' => array('wbmp'),
'image/xbm' => array('xbm'),
'image/vnd.microsoft.icon' => array('ico')
);
$ret = image_type_to_mime_type(exif_imagetype($filename));
if($extended)
{
return array(
$ret,
$ret && isset($imageExtensions[$ret]) ? $imageExtensions[$ret]: array()
);
}
return $ret;
}
/** /**
* Check uploaded file to try and identify dodgy content. * Check uploaded file to try and identify dodgy content.
@ -549,7 +591,7 @@ function file_upload($uploaddir, $avatar = FALSE, $fileinfo = "", $overwrite = "
* 2 - can't read file contents * 2 - can't read file contents
* 3 - illegal file contents (usually '<?php') * 3 - illegal file contents (usually '<?php')
* 4 - not an image file * 4 - not an image file
* 5 - bad image parameters * 5 - bad image parameters - REMOVED
* 6 - not in supplementary list * 6 - not in supplementary list
* 7 - suspicious file contents * 7 - suspicious file contents
* 8 - unknown file type * 8 - unknown file type
@ -604,11 +646,25 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
case 'jpeg': case 'jpeg':
case 'pjpeg': case 'pjpeg':
case 'bmp': case 'bmp':
$ret = getimagesize($filename); case 'swf':
if (!is_array($ret)) case 'swc':
return 4; // getimagesize didn't like something case 'psd':
if (($ret[0] == 0) || ($ret[1] == 0)) case 'tiff':
return 5; // Zero size picture or bad file format case 'jpc': // http://fileinfo.com/extension/jpc
case 'jpx': // http://fileinfo.com/extension/jpx
case 'jb2': // http://fileinfo.com/extension/jb2
case 'jp2': // http://fileinfo.com/extension/jp2
case 'iff':
case 'wbmp':
case 'xbm':
case 'ico':
$ret = get_image_mime($filename);
if ($ret === false)
{
return 4; // exif_imagetype didn't recognize the image mime
}
// getimagesize() is extremely slow + it can't handle all required media!!! Abandon this check!
// return 5; // Zero size picture or bad file format
break; break;
case 'zip': case 'zip':
@ -621,7 +677,6 @@ function vet_file($filename, $target_name, $allowed_filetypes = '', $unknown = F
case '7z': case '7z':
case 'csv': case 'csv':
case 'wmv': case 'wmv':
case 'swf':
case 'flv': //Flash stream case 'flv': //Flash stream
case 'f4v': //Flash stream case 'f4v': //Flash stream
case 'mov': //media case 'mov': //media