[ticket/security-259] Stop checking image size of images in img bbcode

SECURITY-259

phpBB/phpbb/textformatter/s9e/factory.php

@@ -273,8 +273,6 @@ class factory implements \phpbb\textformatter\cache_interface
 			->add('#imageurl', __NAMESPACE__ . '\\parser::filter_img_url')
 			->addParameterByName('urlConfig')
 			->addParameterByName('logger')
-			->addParameterByName('max_img_height')
-			->addParameterByName('max_img_width')
 			->markAsSafeAsURL()
 			->setJS('UrlFilter.filter');
 

phpBB/phpbb/textformatter/s9e/parser.php

@@ -380,11 +380,10 @@ class parser implements \phpbb\textformatter\parser_interface
 	* @param  string  $url        Original URL
 	* @param  array   $url_config Config used by the URL filter
 	* @param  Logger  $logger
-	* @param  integer $max_height Maximum height allowed
-	* @param  integer $max_width  Maximum width allowed
+	*
 	* @return string|bool         Original value if valid, FALSE otherwise
 	*/
-	static public function filter_img_url($url, array $url_config, Logger $logger, $max_height, $max_width)
+	static public function filter_img_url($url, array $url_config, Logger $logger)
 	{
 		// Validate the URL
 		$url = UrlFilter::filter($url, $url_config, $logger);
@@ -393,29 +392,6 @@ class parser implements \phpbb\textformatter\parser_interface
 			return false;
 		}
 
-		if ($max_height || $max_width)
-		{
-			$imagesize = new \FastImageSize\FastImageSize();
-			$size_info = $imagesize->getImageSize($url);
-			if ($size_info === false)
-			{
-				$logger->err('UNABLE_GET_IMAGE_SIZE');
-				return false;
-			}
-
-			if ($max_height && $max_height < $size_info['height'])
-			{
-				$logger->err('MAX_IMG_HEIGHT_EXCEEDED', array('max_height' => $max_height));
-				return false;
-			}
-
-			if ($max_width && $max_width < $size_info['width'])
-			{
-				$logger->err('MAX_IMG_WIDTH_EXCEEDED', array('max_width' => $max_width));
-				return false;
-			}
-		}
-
 		return $url;
 	}