aboutsummaryrefslogtreecommitdiffstats
path: root/admin
diff options
context:
space:
mode:
authorjeremydurand <jeremydurand24@hotmail.fr>2016-06-02 11:17:57 +0200
committerPierrick Le Gall <plg@piwigo.org>2016-06-02 11:17:57 +0200
commit43ecfbf60a8eba6886c3915774c68665fd4258b6 (patch)
treed42c553c1e1d0bd04df8c571b4c49d53a5c9cae1 /admin
parent022bfd2493ebb97e0c6d5c66430ab2b8874c82b2 (diff)
fixes #488 make user input watermark filename safe (#492)
Diffstat (limited to 'admin')
-rw-r--r--admin/include/configuration_watermark_process.inc.php35
1 files changed, 32 insertions, 3 deletions
diff --git a/admin/include/configuration_watermark_process.inc.php b/admin/include/configuration_watermark_process.inc.php
index bc1451791..0e07380a7 100644
--- a/admin/include/configuration_watermark_process.inc.php
+++ b/admin/include/configuration_watermark_process.inc.php
@@ -26,6 +26,21 @@ if( !defined("PHPWG_ROOT_PATH") )
die ("Hacking attempt!");
}
+function get_watermark_filename($list, $candidate, $step = 0)
+{
+ global $change_name;
+ $change_name = $candidate;
+ if ($step != 0)
+ {
+ $change_name .= '-'.$step;
+ }
+ if (in_array($change_name, $list))
+ {
+ return get_watermark_filename($list, $candidate, $step+1);
+ }
+ return $change_name.'.png';
+}
+
$errors = array();
$pwatermark = $_POST['w'];
@@ -45,8 +60,22 @@ if (isset($_FILES['watermarkImage']) and !empty($_FILES['watermarkImage']['tmp_n
$upload_dir = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'watermarks';
if (mkgetdir($upload_dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR))
{
- $new_name = get_filename_wo_extension($_FILES['watermarkImage']['name']).'.png';
- $file_path = $upload_dir.'/'.$new_name;
+ // file name may include exotic chars like single quote, we need a safe name
+ $new_name = str2url(get_filename_wo_extension($_FILES['watermarkImage']['name']));
+
+ // we need existing watermarks to avoid overwritting one
+ $watermark_files = array();
+ if ( ($glob=glob(PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'watermarks/*.png')) !== false)
+ {
+ foreach ($glob as $file)
+ {
+ $watermark_files[] = get_filename_wo_extension(
+ substr($file, strlen(PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'watermarks/'))
+ );
+ }
+ }
+
+ $file_path = $upload_dir.'/'.get_watermark_filename($watermark_files, $new_name);
if (move_uploaded_file($_FILES['watermarkImage']['tmp_name'], $file_path))
{
@@ -183,4 +212,4 @@ else
$template->assign('watermark', $pwatermark);
$template->assign('ferrors', $errors);
}
-?> \ No newline at end of file
+?>