diff options
| author | jeremydurand <jeremydurand24@hotmail.fr> | 2016-06-02 11:17:57 +0200 |
|---|---|---|
| committer | Pierrick Le Gall <plg@piwigo.org> | 2016-06-02 11:17:57 +0200 |
| commit | 43ecfbf60a8eba6886c3915774c68665fd4258b6 (patch) | |
| tree | d42c553c1e1d0bd04df8c571b4c49d53a5c9cae1 /admin/include/configuration_watermark_process.inc.php | |
| parent | 022bfd2493ebb97e0c6d5c66430ab2b8874c82b2 (diff) | |
fixes #488 make user input watermark filename safe (#492)
Diffstat (limited to 'admin/include/configuration_watermark_process.inc.php')
| -rw-r--r-- | admin/include/configuration_watermark_process.inc.php | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/admin/include/configuration_watermark_process.inc.php b/admin/include/configuration_watermark_process.inc.php index bc1451791..0e07380a7 100644 --- a/admin/include/configuration_watermark_process.inc.php +++ b/admin/include/configuration_watermark_process.inc.php @@ -26,6 +26,21 @@ if( !defined("PHPWG_ROOT_PATH") ) die ("Hacking attempt!"); } +function get_watermark_filename($list, $candidate, $step = 0) +{ + global $change_name; + $change_name = $candidate; + if ($step != 0) + { + $change_name .= '-'.$step; + } + if (in_array($change_name, $list)) + { + return get_watermark_filename($list, $candidate, $step+1); + } + return $change_name.'.png'; +} + $errors = array(); $pwatermark = $_POST['w']; @@ -45,8 +60,22 @@ if (isset($_FILES['watermarkImage']) and !empty($_FILES['watermarkImage']['tmp_n $upload_dir = PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'watermarks'; if (mkgetdir($upload_dir, MKGETDIR_DEFAULT&~MKGETDIR_DIE_ON_ERROR)) { - $new_name = get_filename_wo_extension($_FILES['watermarkImage']['name']).'.png'; - $file_path = $upload_dir.'/'.$new_name; + // file name may include exotic chars like single quote, we need a safe name + $new_name = str2url(get_filename_wo_extension($_FILES['watermarkImage']['name'])); + + // we need existing watermarks to avoid overwritting one + $watermark_files = array(); + if ( ($glob=glob(PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'watermarks/*.png')) !== false) + { + foreach ($glob as $file) + { + $watermark_files[] = get_filename_wo_extension( + substr($file, strlen(PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'watermarks/')) + ); + } + } + + $file_path = $upload_dir.'/'.get_watermark_filename($watermark_files, $new_name); if (move_uploaded_file($_FILES['watermarkImage']['tmp_name'], $file_path)) { @@ -183,4 +212,4 @@ else $template->assign('watermark', $pwatermark); $template->assign('ferrors', $errors); } -?>
\ No newline at end of file +?> |