diff options
| -rw-r--r-- | system/libraries/Upload.php | 15 | ||||
| -rw-r--r-- | user_guide/changelog.html | 1 |
2 files changed, 14 insertions, 2 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 54124bc3d..e40ef2bad 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -556,11 +556,22 @@ class CI_Upload { $this->set_error('upload_no_file_types'); return FALSE; } - + + $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); + foreach ($this->allowed_types as $val) { $mime = $this->mimes_types(strtolower($val)); - + + // Images get some additional checks + if (in_array($val, $image_types)) + { + if (getimagesize($this->file_temp) === FALSE) + { + return FALSE; + } + } + if (is_array($mime)) { if (in_array($this->file_type, $mime, TRUE)) diff --git a/user_guide/changelog.html b/user_guide/changelog.html index c66ff2314..cb9a370bf 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -95,6 +95,7 @@ SVN Revision: </p> <li>Added 'application/msexcel' to config/mimes.php for .xls files.</li> <li>Added 'proxy_ips' config item to whitelist reverse proxy servers from which to trust the HTTP_X_FORWARDED_FOR header to to determine the visitor's IP address.</li> + <li>Improved accuracy of Upload::is_allowed_filetype() for images (#6715)</li> </ul> </li> </ul> |