From afa282f0ad2a7155766a69b605e27347d6c5f6fb Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Tue, 10 Feb 2009 17:11:52 +0000
Subject: added sanity check for images in is_allowed_filetype() using
 getimagesize()

---
 system/libraries/Upload.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'system/libraries')

diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 54124bc3d..e40ef2bad 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -556,11 +556,22 @@ class CI_Upload {
 			$this->set_error('upload_no_file_types');
 			return FALSE;
 		}
-			 	
+
+		$image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
+
 		foreach ($this->allowed_types as $val)
 		{
 			$mime = $this->mimes_types(strtolower($val));
-		
+
+			// Images get some additional checks
+			if (in_array($val, $image_types))
+			{
+				if (getimagesize($this->file_temp) === FALSE)
+				{
+					return FALSE;
+				}
+			}
+
 			if (is_array($mime))
 			{
 				if (in_array($this->file_type, $mime, TRUE))
-- 
cgit v1.2.3-24-g4f1b