Commit 9db183e2 authored by lfagundes's avatar lfagundes

Non SVG files uploaded with .svg extension are considered unsafe everywhere

parent 3bf4c7dc
......@@ -166,14 +166,14 @@ class Comments extends TikiLib
fclose($fp);
if ($forum_info['att_store'] == 'db') {
try {
$filegallib->assertUploadedContentIsSafe($data);
$filegallib->assertUploadedContentIsSafe($data, $name);
} catch (Exception $e) {
$errors[] = $e->getMessage();
return 0;
}
} else {
try {
$filegallib->assertUploadedFileIsSafe($filename);
$filegallib->assertUploadedFileIsSafe($filename, $name);
} catch (Exception $e) {
$errors[] = $e->getMessage();
fclose($fw);
......@@ -184,7 +184,7 @@ class Comments extends TikiLib
} else {
if ($forum_info['att_store'] == 'dir') {
try {
$filegallib->assertUploadedContentIsSafe($data);
$filegallib->assertUploadedContentIsSafe($data, $name);
} catch (Exception $e) {
$errors[] = $e->getMessage();
return 0;
......
......@@ -4162,10 +4162,6 @@ class FileGalLib extends TikiLib
}
public function fileIsSVG($path) {
$mimelib = TikiLib::lib('mime');
if (substr($mimelib->from_filename($path), 0, 9) == 'image/svg') {
return true;
}
$type = mime_content_type($path);
if (substr($type, 0, 18) == 'application/x-gzip') {
$data = file_get_contents($path);
......@@ -4174,10 +4170,19 @@ class FileGalLib extends TikiLib
return substr($type, 0, 9) == 'image/svg';
}
public function assertUploadedFileIsSafe($path, $galleryId = null) {
public function assertUploadedFileIsSafe($path, $filename = null, $galleryId = null) {
global $prefs;
$svgErrorMsg = tra("SVG files are not safe and cannot be uploaded");
if ($this->fileIsSVG($path)) {
if ($filename === null) {
$filename = $path;
}
$safe = true;
$mimelib = TikiLib::lib('mime');
if (substr($mimelib->from_filename($filename), 0, 9) == 'image/svg') {
$safe = false;
}
$safe = $safe && !$this->fileIsSVG($path);
if (!$safe) {
if ($prefs['fgal_allow_svg'] !== 'y') {
throw new FileIsNotSafeException($svgErrorMsg);
}
......
......@@ -958,7 +958,7 @@ class ImageGalsLib extends TikiLib
return false;
}
$filegallib = TikiLib::lib('filegal');
$filegallib->assertUploadedFileIsSafe($file['tmp_name']);
$filegallib->assertUploadedFileIsSafe($file['tmp_name'], $file['name']);
$data = fread($fp, $file['size']);
$etag = md5($data);
fclose($fp);
......@@ -2583,7 +2583,7 @@ class ImageGalsLib extends TikiLib
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES[$userfile]['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES[$userfile]['tmp_name'], $_FILES[$userfile]['name']);
} catch (Exception $e) {
$ret['msg'] = $e->getMessage();
return $ret;
......
......@@ -5555,7 +5555,7 @@ class TikiLib extends TikiDb_Bridge
}
try {
$filegallib = TikiLib::lib('filegal');
$filegallib->assertUploadedFileIsSafe($tmp_dest);
$filegallib->assertUploadedFileIsSafe($tmp_dest, $file_name);
} catch (Exception $e) {
return ['ok' => false, 'error' => $e->getMessage()];
}
......
......@@ -20,7 +20,7 @@ if (isset($_REQUEST["addtopic"])) {
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -390,7 +390,7 @@ if (isset($_REQUEST['preview']) or ! empty($errors)) {
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......@@ -565,7 +565,7 @@ if (isset($_REQUEST['save']) && empty($errors)) {
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -259,7 +259,7 @@ if (isset($_REQUEST["save"]) || isset($_REQUEST["create_zone"])) {
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -308,7 +308,7 @@ if (isset($_REQUEST['preview']) || ! empty($errors)) {
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......@@ -441,7 +441,7 @@ if ((isset($_REQUEST['save']) || isset($_REQUEST['submitarticle'])) && empty($er
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -30,7 +30,7 @@ if (isset($_REQUEST["edittopic"])) {
if (isset($_FILES['userfile1'])&&is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -555,7 +555,7 @@ if (($prefs['feature_wiki_pictures'] === 'y') && (isset($tiki_p_upload_picture))
if (@getimagesize($_FILES['picfile' . $i]['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['picfile' . $i]['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['picfile' . $i]['tmp_name'], $_FILES['picfile' . $i]['name']);
} catch (Exception $e) {
// This is never being reached, because right now getimagesize fails for
// any unsafe file (SVG). Doesn't hurt, as support is already done for future
......
......@@ -82,7 +82,7 @@ if (isset($_REQUEST['addtopic'])) {
if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES["userfile1"]['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -17,7 +17,7 @@ if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_na
check_ticket('notepad-list');
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -42,7 +42,7 @@ if (isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_na
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -90,7 +90,7 @@ if (isset($_REQUEST["upload"])) {
if (isset($_FILES['userfile1']) && ! empty($_FILES['userfile1']['name'])) {
if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
try {
$filegallib->assertUploadedFileIsSafe($_FILES["userfile1"]['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile1']['tmp_name'], $_FILES['userfile1']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......@@ -167,7 +167,7 @@ if (isset($_REQUEST["upload"])) {
// If the thumbnail was uploaded
if (isset($_FILES['userfile2']) && ! empty($_FILES['userfile2']['name'])) {
try {
$filegallib->assertUploadedFileIsSafe($_FILES["userfile2"]['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES['userfile2']['tmp_name'], $_FILES['userfile2']['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -42,7 +42,7 @@ for ($i = 0; $i < 5; $i++) {
check_ticket('user-files');
$filegallib = TikiLib::lib('filegal');
try {
$filegallib->assertUploadedFileIsSafe($_FILES["userfile$i"]['tmp_name']);
$filegallib->assertUploadedFileIsSafe($_FILES["userfile$i"]['tmp_name'], $_FILES["userfile$i"]['name']);
} catch (Exception $e) {
$smarty->assign('errortype', 403);
$smarty->assign('msg', $e->getMessage());
......
......@@ -670,9 +670,9 @@ if ($tracker_info["useAttachments"] == 'y') {
}
try {
if ($prefs['t_use_db'] == 'n') {
$filegallib->assertUploadedFileIsSafe($prefs['t_use_dir'] . $fhash);
$filegallib->assertUploadedFileIsSafe($prefs['t_use_dir'] . $fhash, $_FILES['userfile1']['name']);
} else {
$filegallib->assertUploadedContentIsSafe($data);
$filegallib->assertUploadedContentIsSafe($data, $_FILES['userfile1']['name']);
}
} catch (Exception $e) {
$smarty->assign('msg', $_FILES['userfile1']['name'] . ': ' . $e->getMessage());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment