diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2009-02-10 18:11:52 +0100 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2009-02-10 18:11:52 +0100 |
| commit | afa282f0ad2a7155766a69b605e27347d6c5f6fb (patch) | |
| tree | 5d557bbf0d4533ba1751d09f79b82da67666453c | |
| parent | 254c0e4e3e4d4024d8fb9b79a5e891731bfb34d5 (diff) | |
added sanity check for images in is_allowed_filetype() using getimagesize()
| -rw-r--r-- | system/libraries/Upload.php | 15 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 14 insertions, 2 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 54124bc3d..e40ef2bad 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -556,11 +556,22 @@ class CI_Upload { $this->set_error('upload_no_file_types'); return FALSE; } - + + $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); + foreach ($this->allowed_types as $val) { $mime = $this->mimes_types(strtolower($val)); - + + // Images get some additional checks + if (in_array($val, $image_types)) + { + if (getimagesize($this->file_temp) === FALSE) + { + return FALSE; + } + } + if (is_array($mime)) { if (in_array($this->file_type, $mime, TRUE)) diff --git a/user_guide/changelog.html b/user_guide/changelog.html index c66ff2314..cb9a370bf 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -95,6 +95,7 @@ SVN Revision: </p> <li>Added 'application/msexcel' to config/mimes.php for .xls files.</li> <li>Added 'proxy_ips' config item to whitelist reverse proxy servers from which to trust the HTTP_X_FORWARDED_FOR header to to determine the visitor's IP address.</li> + <li>Improved accuracy of Upload::is_allowed_filetype() for images (#6715)</li> </ul> </li> </ul> |