diff options
| author | Derek Jones <derek.jones@ellislab.com> | 2009-02-10 18:11:52 +0100 |
|---|---|---|
| committer | Derek Jones <derek.jones@ellislab.com> | 2009-02-10 18:11:52 +0100 |
| commit | afa282f0ad2a7155766a69b605e27347d6c5f6fb (patch) | |
| tree | 5d557bbf0d4533ba1751d09f79b82da67666453c /system/libraries | |
| parent | 254c0e4e3e4d4024d8fb9b79a5e891731bfb34d5 (diff) | |
added sanity check for images in is_allowed_filetype() using getimagesize()
Diffstat (limited to 'system/libraries')
| -rw-r--r-- | system/libraries/Upload.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 54124bc3d..e40ef2bad 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -556,11 +556,22 @@ class CI_Upload { $this->set_error('upload_no_file_types'); return FALSE; } - + + $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); + foreach ($this->allowed_types as $val) { $mime = $this->mimes_types(strtolower($val)); - + + // Images get some additional checks + if (in_array($val, $image_types)) + { + if (getimagesize($this->file_temp) === FALSE) + { + return FALSE; + } + } + if (is_array($mime)) { if (in_array($this->file_type, $mime, TRUE)) |