From e463c4d71c2fdcc224e70f7576582220ae64e3d7 Mon Sep 17 00:00:00 2001
From: Wes Baker <wes@wesbaker.com>
Date: Fri, 4 May 2012 18:44:24 -0400
Subject: Added a return false if an image doesn't pass XSS cleaning to prevent
 file_get_contents from returning a NULL and passing through unscathed.

---
 system/libraries/Upload.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'system')

diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index b0490de30..0e5d73b19 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -868,6 +868,10 @@ class CI_Upload {
 			{
 				return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
 			}
+			else
+			{
+				return FALSE;
+			}
 		}
 
 		if (($data = @file_get_contents($file)) === FALSE)
-- 
cgit v1.2.3-24-g4f1b