Welcome to Vtiger Community. To gain access for account, please contact [ info @ vtiger.com ]

Commit 618b9ebbba4a7f1c628cea09f8d60e29b7273dfb

Authored by Prasad
1 parent 1899fbb9

Added mime content check for validating image.

Showing 1 changed file with 3 additions and 4 deletions
vtlib/Vtiger/Functions.php
... ... @@ -582,8 +582,7 @@ class Vtiger_Functions {
582 582 if (!$ok) return false;
583 583 }
584 584 } else {
585   - if (stripos($data, "<?php")!== false ||
586   - (stripos($data, "<?") !== false && preg_match("/\)[\s]*;/", $data))) {
  585 + if (stripos($data, "<?") !== false) { // suspicious dynamic content
587 586 return false;
588 587 }
589 588 }
... ... @@ -609,7 +608,7 @@ class Vtiger_Functions {
609 608 //mime type check
610 609 $mimeType = mime_content_type($file_details['tmp_name']);
611 610 $mimeTypeContents = explode('/', $mimeType);
612   - if (!$file_details['size'] || !in_array($mimeTypeContents[1], $mimeTypesList)) {
  611 + if (!$file_details['size'] || strtolower($mimeTypeContents[0]) !== 'image' || !in_array($mimeTypeContents[1], $mimeTypesList)) {
613 612 $saveimage = 'false';
614 613 }
615 614  
... ... @@ -624,7 +623,7 @@ class Vtiger_Functions {
624 623 // Check for php code injection
625 624 if ($saveimage == 'true') {
626 625 $imageContents = file_get_contents($file_details['tmp_name']);
627   - if (preg_match('/(<\?php?(.*?))/i', $imageContents) == 1) {
  626 + if (stripos('<?', $imageContents) !== false) { // suspicious dynamic content.
628 627 $saveimage = 'false';
629 628 }
630 629 }
... ...