mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-29 21:10:31 +02:00
Code Issues Releases Wiki Activity

Merge pull request #61 from phpbb/ticket/security-259

Browse Source 
[ticket/security-259] Stop checking image size of images in img BBCode
This commit is contained in:
Marc Alexander
2020-07-25 11:16:07 +02:00
parent 8e5a635bfb b0b78ee144
commit a378e0eb0c
5 changed files with 6 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
phpBB/includes/message_parser.php
View File

@@ -401,32 +401,6 @@ class bbcode_firstpass extends bbcode
$in = 'http://' . $in;
}
if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
{
$imagesize = new \FastImageSize\FastImageSize();
$size_info = $imagesize->getImageSize(htmlspecialchars_decode($in));
if ($size_info === false)
{
$error = true;
$this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
}
else
{
if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $size_info['height'])
{
$error = true;
$this->warn_msg[] = $user->lang('MAX_IMG_HEIGHT_EXCEEDED', (int) $config['max_' . $this->mode . '_img_height']);
}
if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $size_info['width'])
{
$error = true;
$this->warn_msg[] = $user->lang('MAX_IMG_WIDTH_EXCEEDED', (int) $config['max_' . $this->mode . '_img_width']);
}
}
}
if ($error || $this->path_in_domain($in))
{
return '[img]' . $in . '[/img]';