escape dot's in user input

src/Lib/Func.php

@@ -498,6 +498,10 @@ Verantwortlich für den Inhalt nach § 55 Abs. 2 RStV:<br />
 
 	public function img($file = false, $size = 'mini', $format = 'q', $altimg = false)
 	{
+		// prevent path traversal
+		$file = preg_replace('/%/', '', $file);
+		$file = preg_replace('/\.+/', '.', $file); 
+
 		if ($file === false) {
 			$file = $_SESSION['client']['photo'];
 		}
@@ -1005,6 +1009,9 @@ Verantwortlich für den Inhalt nach § 55 Abs. 2 RStV:<br />
 
 	private function resizeImg($img, $width, $format)
 	{
+		// prevent path traversal
+		$img = preg_replace('/%/', '', $img);
+		$img = preg_replace('/\.+/', '.', $img); 
 		if (file_exists($img)) {
 			$opt = 'auto';
 			if ($format == 'q') {

src/Lib/Xhr/XhrMethods.php

@@ -594,8 +594,6 @@ class XhrMethods
 
 	public function xhr_pictureCrop($data)
 	{
-		$data['img'];
-		$data['id'];
 		/*
 		 * [ratio-val] => [{"x":37,"y":87,"w":500,"h":281},{"x":64,"y":0,"w":450,"h":450}]
 		  [resize] => [250,528]
@@ -604,6 +602,10 @@ class XhrMethods
 		$ratio = json_decode($_POST['ratio-val'], true);
 		$resize = json_decode($_POST['resize']);
 
+		// prevent path traversal
+		$data['id'] = preg_replace('/[^a-z0-9\-_]/', '', $data['id']);
+		$data['img'] = preg_replace('/[^a-z0-9\-_\.]/', '', $data['img']);
+
 		if (is_array($ratio) && is_array($resize)) {
 			foreach ($ratio as $i => $r) {
 				$this->cropImg(ROOT_DIR . 'images/' . $data['id'], $data['img'], $i, $r['x'], $r['y'], $r['w'], $r['h']);
@@ -671,12 +673,14 @@ class XhrMethods
 
 	private function pictureResize($data)
 	{
-		$id = $data['id'];
-		$img = $data['img'];
+		$id = preg_replace('/[^a-z0-9\-_]/', '', $data['id']);
+		$img = preg_replace('/[^a-z0-9\-_\.]/', '', $data['img']);
+
 		$resize = json_decode($data['resize'], true);
 
 		if (is_array($resize)) {
 			foreach ($resize as $r) {
+				$r = (int)$r;
 				copy(ROOT_DIR . 'images/' . $id . '/' . $img, ROOT_DIR . 'images/' . $id . '/' . $r . '_' . $img);
 				$image = new fImage(ROOT_DIR . 'images/' . $id . '/' . $r . '_' . $img);
 				$image->resize($r, 0);
@@ -847,6 +851,10 @@ class XhrMethods
 			if (isset($_FILES['uploadpic'])) {
 				$error = 0;
 				$datei = $_FILES['uploadpic']['tmp_name'];
+				// prevent path traversal
+				$datei = preg_replace('/%/', '', $datei);
+				$datei = preg_replace('/\.+/', '.', $datei);
+
 				$datein = $_FILES['uploadpic']['name'];
 				$datein = strtolower($datein);
 				$datein = str_replace('.jpeg', '.jpg', $datein);
@@ -869,6 +877,7 @@ class XhrMethods
 			}
 		} elseif (isset($_POST['action']) && $_POST['action'] == 'crop') {
 			$file = str_replace('/', '', $_POST['file']);
+
 			if ($img = $this->cropImage($file, $_POST['x'], $_POST['y'], $_POST['w'], $_POST['h'])) {
 				$id = strip_tags($_POST['pic_id']);
 

src/Modules/Email/EmailControl.php

@@ -354,6 +354,12 @@ class EmailControl extends Control
 				$hheight = $tag->getAttribute('height');
 				$iname = $tag->getAttribute('name');
 
+				// prevent path traversal attacks
+				$src = preg_replace('/%/', '', $src);
+				$src = preg_replace('/\.+/', '.', $src); 
+				$iname = preg_replace('/%/', '', $iname);
+				$iname = preg_replace('/\.+/', '.', $iname); 
+
 				if (!empty($wwith) || !empty($hheight)) {
 					$old_filepath = '';
 

src/Modules/Login/LoginXhr.php

@@ -260,6 +260,10 @@ class LoginXhr extends Control
 
 	private function resizeAvatar($img)
 	{
+		// prevent path traversal
+		$img = preg_replace('/%/', '', $img);
+		$img = preg_replace('/\.+/', '.', $img); 
+		
 		$folder = ROOT_DIR . 'tmp/';
 		if (file_exists($folder . $img)) {
 			$image = new fImage($folder . $img);