mirror of
https://github.com/phpbb/phpbb.git
synced 2025-03-13 20:28:44 +01:00
[ticket/security-259] Stop checking image size of images in img bbcode
SECURITY-259
This commit is contained in:
Marc Alexander
parent
2afa989500
commit
d0e2023a63
@ -401,32 +401,6 @@ class bbcode_firstpass extends bbcode
|
||||
$in = 'http://' . $in;
|
||||
}
|
||||
|
||||
if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
|
||||
{
|
||||
$imagesize = new \FastImageSize\FastImageSize();
|
||||
$size_info = $imagesize->getImageSize(htmlspecialchars_decode($in));
|
||||
|
||||
if ($size_info === false)
|
||||
{
|
||||
$error = true;
|
||||
$this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $size_info['height'])
|
||||
{
|
||||
$error = true;
|
||||
$this->warn_msg[] = $user->lang('MAX_IMG_HEIGHT_EXCEEDED', (int) $config['max_' . $this->mode . '_img_height']);
|
||||
}
|
||||
|
||||
if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $size_info['width'])
|
||||
{
|
||||
$error = true;
|
||||
$this->warn_msg[] = $user->lang('MAX_IMG_WIDTH_EXCEEDED', (int) $config['max_' . $this->mode . '_img_width']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($error || $this->path_in_domain($in))
|
||||
{
|
||||
return '[img]' . $in . '[/img]';
|
||||
|
||||
@ -273,8 +273,6 @@ class factory implements \phpbb\textformatter\cache_interface
|
||||
->add('#imageurl', __NAMESPACE__ . '\\parser::filter_img_url')
|
||||
->addParameterByName('urlConfig')
|
||||
->addParameterByName('logger')
|
||||
->addParameterByName('max_img_height')
|
||||
->addParameterByName('max_img_width')
|
||||
->markAsSafeAsURL()
|
||||
->setJS('UrlFilter.filter');
|
||||
|
||||
|
||||
@ -380,11 +380,10 @@ class parser implements \phpbb\textformatter\parser_interface
|
||||
* @param string $url Original URL
|
||||
* @param array $url_config Config used by the URL filter
|
||||
* @param Logger $logger
|
||||
* @param integer $max_height Maximum height allowed
|
||||
* @param integer $max_width Maximum width allowed
|
||||
*
|
||||
* @return string|bool Original value if valid, FALSE otherwise
|
||||
*/
|
||||
static public function filter_img_url($url, array $url_config, Logger $logger, $max_height, $max_width)
|
||||
static public function filter_img_url($url, array $url_config, Logger $logger)
|
||||
{
|
||||
// Validate the URL
|
||||
$url = UrlFilter::filter($url, $url_config, $logger);
|
||||
@ -393,29 +392,6 @@ class parser implements \phpbb\textformatter\parser_interface
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($max_height || $max_width)
|
||||
{
|
||||
$imagesize = new \FastImageSize\FastImageSize();
|
||||
$size_info = $imagesize->getImageSize($url);
|
||||
if ($size_info === false)
|
||||
{
|
||||
$logger->err('UNABLE_GET_IMAGE_SIZE');
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($max_height && $max_height < $size_info['height'])
|
||||
{
|
||||
$logger->err('MAX_IMG_HEIGHT_EXCEEDED', array('max_height' => $max_height));
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($max_width && $max_width < $size_info['width'])
|
||||
{
|
||||
$logger->err('MAX_IMG_WIDTH_EXCEEDED', array('max_width' => $max_width));
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return $url;
|
||||
}
|
||||
|
||||
|
||||
@ -342,26 +342,6 @@ class phpbb_text_processing_message_parser_test extends phpbb_test_case
|
||||
},
|
||||
array('You may only use fonts up to size 120.')
|
||||
),
|
||||
array(
|
||||
'[img]http://example.org/100x100.png[/img]',
|
||||
'<r>[img]<URL url="http://example.org/100x100.png">http://example.org/100x100.png</URL>[/img]</r>',
|
||||
array(true, true, true, true, true, true, true),
|
||||
function ($phpbb_container)
|
||||
{
|
||||
$phpbb_container->get('config')->set('max_post_img_height', 12);
|
||||
},
|
||||
array('Your images may only be up to 12 pixels high.')
|
||||
),
|
||||
array(
|
||||
'[img]http://example.org/100x100.png[/img]',
|
||||
'<r>[img]<URL url="http://example.org/100x100.png">http://example.org/100x100.png</URL>[/img]</r>',
|
||||
array(true, true, true, true, true, true, true),
|
||||
function ($phpbb_container)
|
||||
{
|
||||
$phpbb_container->get('config')->set('max_post_img_width', 34);
|
||||
},
|
||||
array('Your images may only be up to 34 pixels wide.')
|
||||
),
|
||||
array(
|
||||
'[img]http://example.org/100x100.png[/img]',
|
||||
'<r><IMG src="http://example.org/100x100.png"><s>[img]</s><URL url="http://example.org/100x100.png">http://example.org/100x100.png</URL><e>[/img]</e></IMG></r>',
|
||||
@ -392,16 +372,6 @@ class phpbb_text_processing_message_parser_test extends phpbb_test_case
|
||||
$phpbb_container->get('config')->set('max_sig_img_width', 34);
|
||||
}
|
||||
),
|
||||
array(
|
||||
'[img]http://example.org/404.png[/img]',
|
||||
'<r>[img]<URL url="http://example.org/404.png">http://example.org/404.png</URL>[/img]</r>',
|
||||
array(true, true, true, true, true, true, true),
|
||||
function ($phpbb_container)
|
||||
{
|
||||
$phpbb_container->get('config')->set('max_post_img_height', 12);
|
||||
},
|
||||
array('It was not possible to determine the dimensions of the image.')
|
||||
),
|
||||
array(
|
||||
'[flash=999,999]http://example.org/foo.swf[/flash]',
|
||||
'<r>[flash=999,999]<URL url="http://example.org/foo.swf">http://example.org/foo.swf</URL>[/flash]</r>',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user