David A. Windham
david
/
lychee
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge branch 'master' into release/v3.0.0

# Conflicts:
#	dist/main.css
#	dist/main.js
#	dist/view.js
#	src/package.json
#	src/scripts/lychee.js
Tobias Reich 9 years ago
parent
2821383243 99e276324f
commit
88ef1e49b7
4 changed files with 33 additions and 5 deletions
Split View Show Diff Stats
  1. 7 0
      docs/Changelog.md
  2. 13 1
      php/modules/Import.php
  3. 10 4
      php/modules/Photo.php
  4. 3 0
      php/modules/misc.php

+ 7 - 0
docs/Changelog.md
View File 

@@ -1,3 +1,10 @@
 
+## v2.7.2
 
+
 
+Released April 13, 2015
 
+
 
+- `Fixed` Prevented remote code execution of photos imported using "Import from URL" (Thanks Segment S.r.l)
 
+- `Fixed` Stopped view.php from returning data of private photos
 
+
 
 ## v2.7.1
 
 
 Released January 26, 2015

+ 13 - 1
php/modules/Import.php
View File 

@@ -11,6 +11,9 @@ class Import extends Module {
 
 
 	static function photo($database, $plugins, $settings, $path, $albumID = 0, $description = '', $tags = '') {
 
 
+		# No need to validate photo type and extension in this function.
 
+		# $photo->add will take care of it.
 
+
 
 		$info	= getimagesize($path);
 
 		$size	= filesize($path);
 
 		$photo	= new Photo($database, $plugins, $settings, null);
 
@@ -37,7 +40,16 @@ class Import extends Module {
 
 
 		foreach ($urls as &$url) {
 
 
-			if (@exif_imagetype($url)===false) {
 
+			# Verify extension
 
+			$extension = getExtension($url);
 
+			if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
 
+				$error = true;
 
+				continue;
 
+			}
 
+
 
+			# Verify image
 
+			$type = @exif_imagetype($url);
 
+			if (!in_array($type, Photo::$validTypes, true)) {
 
 				$error = true;
 
 				continue;
 
 			}

+ 10 - 4
php/modules/Photo.php
View File 

@@ -13,12 +13,12 @@ class Photo extends Module {
 
 	private $settings	= null;
 
 	private $photoIDs	= null;
 
 
-	private $allowedTypes = array(
 
+	public static $validTypes = array(
 
 		IMAGETYPE_JPEG,
 
 		IMAGETYPE_GIF,
 
 		IMAGETYPE_PNG
 
 	);
 
-	private $validExtensions = array(
 
+	public static $validExtensions = array(
 
 		'.jpg',
 
 		'.jpeg',
 
 		'.png',
 
@@ -87,11 +87,17 @@ class Photo extends Module {
 
 
 			# Verify extension
 
 			$extension = getExtension($file['name']);
 
-			if (!in_array(strtolower($extension), $this->validExtensions, true)) continue;
 
+			if (!in_array(strtolower($extension), Photo::$validExtensions, true)) {
 
+				Log::error($this->database, __METHOD__, __LINE__, 'Photo format not supported');
 
+				exit('Error: Photo format not supported!');
 
+			}
 
 
 			# Verify image
 
 			$type = @exif_imagetype($file['tmp_name']);
 
-			if (!in_array($type, $this->allowedTypes, true)) continue;
 
+			if (!in_array($type, Photo::$validTypes, true)) {
 
+				Log::error($this->database, __METHOD__, __LINE__, 'Photo type not supported');
 
+				exit('Error: Photo type not supported!');
 
+			}
 
 
 			# Generate id
 
 			$id = str_replace('.', '', microtime(true));

+ 3 - 0
php/modules/misc.php
View File 

@@ -73,6 +73,9 @@ function getGraphHeader($database, $photoID) {
 
 
 	if (!isset($database, $photoID)) return false;
 
 
+	$photo = new Photo($database, null, null, $photoID);
 
+	if ($photo->getPublic('')===false) return false;
 
+
 
 	$query	= Database::prepare($database, "SELECT title, description, url, medium FROM ? WHERE id = '?'", array(LYCHEE_TABLE_PHOTOS, $photoID));
 
 	$result	= $database->query($query);
 
 	$row	= $result->fetch_object();