1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-13 20:28:44 +01:00

[ticket/security-259] Stop checking image size of images in img bbcode

SECURITY-259
This commit is contained in:
Marc Alexander 2020-06-25 22:20:58 +02:00
parent 2afa989500
commit d0e2023a63
No known key found for this signature in database
GPG Key ID: 50E0D2423696F995
4 changed files with 2 additions and 84 deletions

View File

@ -401,32 +401,6 @@ class bbcode_firstpass extends bbcode
$in = 'http://' . $in;
}
if ($config['max_' . $this->mode . '_img_height'] || $config['max_' . $this->mode . '_img_width'])
{
$imagesize = new \FastImageSize\FastImageSize();
$size_info = $imagesize->getImageSize(htmlspecialchars_decode($in));
if ($size_info === false)
{
$error = true;
$this->warn_msg[] = $user->lang['UNABLE_GET_IMAGE_SIZE'];
}
else
{
if ($config['max_' . $this->mode . '_img_height'] && $config['max_' . $this->mode . '_img_height'] < $size_info['height'])
{
$error = true;
$this->warn_msg[] = $user->lang('MAX_IMG_HEIGHT_EXCEEDED', (int) $config['max_' . $this->mode . '_img_height']);
}
if ($config['max_' . $this->mode . '_img_width'] && $config['max_' . $this->mode . '_img_width'] < $size_info['width'])
{
$error = true;
$this->warn_msg[] = $user->lang('MAX_IMG_WIDTH_EXCEEDED', (int) $config['max_' . $this->mode . '_img_width']);
}
}
}
if ($error || $this->path_in_domain($in))
{
return '[img]' . $in . '[/img]';

View File

@ -273,8 +273,6 @@ class factory implements \phpbb\textformatter\cache_interface
->add('#imageurl', __NAMESPACE__ . '\\parser::filter_img_url')
->addParameterByName('urlConfig')
->addParameterByName('logger')
->addParameterByName('max_img_height')
->addParameterByName('max_img_width')
->markAsSafeAsURL()
->setJS('UrlFilter.filter');

View File

@ -380,11 +380,10 @@ class parser implements \phpbb\textformatter\parser_interface
* @param string $url Original URL
* @param array $url_config Config used by the URL filter
* @param Logger $logger
* @param integer $max_height Maximum height allowed
* @param integer $max_width Maximum width allowed
*
* @return string|bool Original value if valid, FALSE otherwise
*/
static public function filter_img_url($url, array $url_config, Logger $logger, $max_height, $max_width)
static public function filter_img_url($url, array $url_config, Logger $logger)
{
// Validate the URL
$url = UrlFilter::filter($url, $url_config, $logger);
@ -393,29 +392,6 @@ class parser implements \phpbb\textformatter\parser_interface
return false;
}
if ($max_height || $max_width)
{
$imagesize = new \FastImageSize\FastImageSize();
$size_info = $imagesize->getImageSize($url);
if ($size_info === false)
{
$logger->err('UNABLE_GET_IMAGE_SIZE');
return false;
}
if ($max_height && $max_height < $size_info['height'])
{
$logger->err('MAX_IMG_HEIGHT_EXCEEDED', array('max_height' => $max_height));
return false;
}
if ($max_width && $max_width < $size_info['width'])
{
$logger->err('MAX_IMG_WIDTH_EXCEEDED', array('max_width' => $max_width));
return false;
}
}
return $url;
}

View File

@ -342,26 +342,6 @@ class phpbb_text_processing_message_parser_test extends phpbb_test_case
},
array('You may only use fonts up to size 120.')
),
array(
'[img]http://example.org/100x100.png[/img]',
'<r>[img]<URL url="http://example.org/100x100.png">http://example.org/100x100.png</URL>[/img]</r>',
array(true, true, true, true, true, true, true),
function ($phpbb_container)
{
$phpbb_container->get('config')->set('max_post_img_height', 12);
},
array('Your images may only be up to 12 pixels high.')
),
array(
'[img]http://example.org/100x100.png[/img]',
'<r>[img]<URL url="http://example.org/100x100.png">http://example.org/100x100.png</URL>[/img]</r>',
array(true, true, true, true, true, true, true),
function ($phpbb_container)
{
$phpbb_container->get('config')->set('max_post_img_width', 34);
},
array('Your images may only be up to 34 pixels wide.')
),
array(
'[img]http://example.org/100x100.png[/img]',
'<r><IMG src="http://example.org/100x100.png"><s>[img]</s><URL url="http://example.org/100x100.png">http://example.org/100x100.png</URL><e>[/img]</e></IMG></r>',
@ -392,16 +372,6 @@ class phpbb_text_processing_message_parser_test extends phpbb_test_case
$phpbb_container->get('config')->set('max_sig_img_width', 34);
}
),
array(
'[img]http://example.org/404.png[/img]',
'<r>[img]<URL url="http://example.org/404.png">http://example.org/404.png</URL>[/img]</r>',
array(true, true, true, true, true, true, true),
function ($phpbb_container)
{
$phpbb_container->get('config')->set('max_post_img_height', 12);
},
array('It was not possible to determine the dimensions of the image.')
),
array(
'[flash=999,999]http://example.org/foo.swf[/flash]',
'<r>[flash=999,999]<URL url="http://example.org/foo.swf">http://example.org/foo.swf</URL>[/flash]</r>',