From afa282f0ad2a7155766a69b605e27347d6c5f6fb Mon Sep 17 00:00:00 2001
From: Derek Jones
Date: Tue, 10 Feb 2009 17:11:52 +0000
Subject: added sanity check for images in is_allowed_filetype() using
getimagesize()
---
system/libraries/Upload.php | 15 +++++++++++++--
user_guide/changelog.html | 1 +
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 54124bc3d..e40ef2bad 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -556,11 +556,22 @@ class CI_Upload {
$this->set_error('upload_no_file_types');
return FALSE;
}
-
+
+ $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
+
foreach ($this->allowed_types as $val)
{
$mime = $this->mimes_types(strtolower($val));
-
+
+ // Images get some additional checks
+ if (in_array($val, $image_types))
+ {
+ if (getimagesize($this->file_temp) === FALSE)
+ {
+ return FALSE;
+ }
+ }
+
if (is_array($mime))
{
if (in_array($this->file_type, $mime, TRUE))
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index c66ff2314..cb9a370bf 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -95,6 +95,7 @@ SVN Revision:
Added 'application/msexcel' to config/mimes.php for .xls files.
Added 'proxy_ips' config item to whitelist reverse proxy servers from which to trust the HTTP_X_FORWARDED_FOR header to
to determine the visitor's IP address.
+ Improved accuracy of Upload::is_allowed_filetype() for images (#6715)
--
cgit v1.2.3-24-g4f1b