Welcome to Vtiger Community. To gain access for account, please contact [ info @ vtiger.com ]

Commit 6fe24c8c220865173c67bc2dec0e766a78f21c33

Authored by Prasad
1 parent 11464d43

Added short-tag config check in validation.

Showing 1 changed file with 5 additions and 4 deletions
vtlib/Vtiger/Functions.php
... ... @@ -575,14 +575,14 @@ class Vtiger_Functions {
575 575 return $filepath;
576 576 }
577 577  
578   - static function validateImageMetadata($data) {
  578 + static function validateImageMetadata($data, $short=true) {
579 579 if (is_array($data)) {
580 580 foreach ($data as $key => $value) {
581 581 $ok = self::validateImageMetadata($value);
582 582 if (!$ok) return false;
583 583 }
584 584 } else {
585   - if (stripos($data, "<?") !== false) { // suspicious dynamic content
  585 + if (stripos($data, $short ? "<?" : "<?php") !== false) { // suspicious dynamic content
586 586 return false;
587 587 }
588 588 }
... ... @@ -613,9 +613,10 @@ class Vtiger_Functions {
613 613 }
614 614  
615 615 //metadata check
  616 + $shortTagSupported = ini_get('short_open_tag') ? true : false;
616 617 if ($saveimage == 'true') {
617 618 $exifdata = exif_read_data($file_details['tmp_name']);
618   - if ($exifdata && !self::validateImageMetadata($exifdata)) {
  619 + if ($exifdata && !self::validateImageMetadata($exifdata, $shortTagSupported)) {
619 620 $saveimage = 'false';
620 621 }
621 622 }
... ... @@ -623,7 +624,7 @@ class Vtiger_Functions {
623 624 // Check for php code injection
624 625 if ($saveimage == 'true') {
625 626 $imageContents = file_get_contents($file_details['tmp_name']);
626   - if (stripos('<?', $imageContents) !== false) { // suspicious dynamic content.
  627 + if (stripos($imageContents, $shortTagSupported ? "<?" : "<?php") !== false) { // suspicious dynamic content.
627 628 $saveimage = 'false';
628 629 }
629 630 }
... ...