PukiWiki
Revisão | edfd4a4717f9ad5a8a15a8f97bae340fb5f0cbc3 (tree) |
---|---|
Hora | 2016-01-28 01:03:17 |
Autor | umorigu <umorigu@gmai...> |
Commiter | umorigu |
BugTrack2/264 Call getimagesize() only for image named files
@@ -345,41 +345,35 @@ function attach_showform() | ||
345 | 345 | |
346 | 346 | //-------- サービス |
347 | 347 | // mime-typeの決定 |
348 | -function attach_mime_content_type($filename) | |
348 | +function attach_mime_content_type($filename, $displayname) | |
349 | 349 | { |
350 | 350 | $type = 'application/octet-stream'; // default |
351 | 351 | |
352 | 352 | if (! file_exists($filename)) return $type; |
353 | - | |
354 | - $size = @getimagesize($filename); | |
355 | - if (is_array($size)) { | |
356 | - switch ($size[2]) { | |
357 | - case 1: return 'image/gif'; | |
358 | - case 2: return 'image/jpeg'; | |
359 | - case 3: return 'image/png'; | |
360 | - case 4: return 'application/x-shockwave-flash'; | |
353 | + $pathinfo = pathinfo($displayname); | |
354 | + $ext0 = $pathinfo['extension']; | |
355 | + if (preg_match('/^(gif|jpg|jpeg|png|swf)$/i', $ext0)) { | |
356 | + $size = @getimagesize($filename); | |
357 | + if (is_array($size)) { | |
358 | + switch ($size[2]) { | |
359 | + case 1: return 'image/gif'; | |
360 | + case 2: return 'image/jpeg'; | |
361 | + case 3: return 'image/png'; | |
362 | + case 4: return 'application/x-shockwave-flash'; | |
363 | + } | |
361 | 364 | } |
362 | 365 | } |
363 | - | |
364 | - $matches = array(); | |
365 | - if (! preg_match('/_((?:[0-9A-F]{2})+)(?:\.\d+)?$/', $filename, $matches)) | |
366 | - return $type; | |
367 | - | |
368 | - $filename = decode($matches[1]); | |
369 | - | |
370 | 366 | // mime-type一覧表を取得 |
371 | 367 | $config = new Config(PLUGIN_ATTACH_CONFIG_PAGE_MIME); |
372 | 368 | $table = $config->read() ? $config->get('mime-type') : array(); |
373 | 369 | unset($config); // メモリ節約 |
374 | - | |
375 | 370 | foreach ($table as $row) { |
376 | 371 | $_type = trim($row[0]); |
377 | 372 | $exts = preg_split('/\s+|,/', trim($row[1]), -1, PREG_SPLIT_NO_EMPTY); |
378 | 373 | foreach ($exts as $ext) { |
379 | - if (preg_match("/\.$ext$/i", $filename)) return $_type; | |
374 | + if (preg_match("/\.$ext$/i", $displayname)) return $_type; | |
380 | 375 | } |
381 | 376 | } |
382 | - | |
383 | 377 | return $type; |
384 | 378 | } |
385 | 379 |
@@ -472,7 +466,7 @@ class AttachFile | ||
472 | 466 | $this->time_str = get_date('Y/m/d H:i:s', $this->time); |
473 | 467 | $this->size = filesize($this->filename); |
474 | 468 | $this->size_str = sprintf('%01.1f', round($this->size/1024, 1)) . 'KB'; |
475 | - $this->type = attach_mime_content_type($this->filename); | |
469 | + $this->type = attach_mime_content_type($this->filename, $this->file); | |
476 | 470 | |
477 | 471 | return TRUE; |
478 | 472 | } |
@@ -40,7 +40,7 @@ define('PLUGIN_REF_DIRECT_ACCESS', FALSE); // FALSE or TRUE | ||
40 | 40 | ///////////////////////////////////////////////// |
41 | 41 | |
42 | 42 | // Image suffixes allowed |
43 | -define('PLUGIN_REF_IMAGE', '/\.(gif|png|jpe?g)$/i'); | |
43 | +define('PLUGIN_REF_IMAGE', '/\.(gif|png|jpe?g|swf)$/i'); | |
44 | 44 | |
45 | 45 | // Usage (a part of) |
46 | 46 | define('PLUGIN_REF_USAGE', "([pagename/]attached-file-name[,parameters, ... ][,title])"); |
@@ -397,6 +397,10 @@ function plugin_ref_action() | ||
397 | 397 | if(! file_exists($ref)) |
398 | 398 | return array('msg'=>'Attach file not found', 'body'=>$usage); |
399 | 399 | |
400 | + $is_image = preg_match(PLUGIN_REF_IMAGE, $filename); | |
401 | + if (!$is_image) { | |
402 | + return array('msg'=>'Seems not an image', 'body'=>$usage); | |
403 | + } | |
400 | 404 | $got = @getimagesize($ref); |
401 | 405 | if (! isset($got[2])) $got[2] = FALSE; |
402 | 406 | switch ($got[2]) { |