summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2009-02-10 18:11:52 +0100
committerDerek Jones <derek.jones@ellislab.com>2009-02-10 18:11:52 +0100
commitafa282f0ad2a7155766a69b605e27347d6c5f6fb (patch)
tree5d557bbf0d4533ba1751d09f79b82da67666453c /system/libraries/Upload.php
parent254c0e4e3e4d4024d8fb9b79a5e891731bfb34d5 (diff)
added sanity check for images in is_allowed_filetype() using getimagesize()
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r--system/libraries/Upload.php15
1 files changed, 13 insertions, 2 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 54124bc3d..e40ef2bad 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -556,11 +556,22 @@ class CI_Upload {
$this->set_error('upload_no_file_types');
return FALSE;
}
-
+
+ $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
+
foreach ($this->allowed_types as $val)
{
$mime = $this->mimes_types(strtolower($val));
-
+
+ // Images get some additional checks
+ if (in_array($val, $image_types))
+ {
+ if (getimagesize($this->file_temp) === FALSE)
+ {
+ return FALSE;
+ }
+ }
+
if (is_array($mime))
{
if (in_array($this->file_type, $mime, TRUE))