PukiWiki
| Revisão | edfd4a4717f9ad5a8a15a8f97bae340fb5f0cbc3 (tree) |
|---|---|
| Hora | 2016-01-28 01:03:17 |
| Autor |  umorigu <umorigu@gmai...> |
| Commiter | umorigu |
BugTrack2/264 Call getimagesize() only for image named files
plugin/attach.inc.php (diff) plugin/ref.inc.php (diff)| @@ -345,41 +345,35 @@ function attach_showform() | ||
| 345 | 345 | |
| 346 | 346 | //-------- サービス |
| 347 | 347 | // mime-typeの決定 |
| 348 | -function attach_mime_content_type($filename) | |
| 348 | +function attach_mime_content_type($filename, $displayname) | |
| 349 | 349 | { |
| 350 | 350 | $type = 'application/octet-stream'; // default |
| 351 | 351 | |
| 352 | 352 | if (! file_exists($filename)) return $type; |
| 353 | - | |
| 354 | - $size = @getimagesize($filename); | |
| 355 | - if (is_array($size)) { | |
| 356 | - switch ($size[2]) { | |
| 357 | - case 1: return 'image/gif'; | |
| 358 | - case 2: return 'image/jpeg'; | |
| 359 | - case 3: return 'image/png'; | |
| 360 | - case 4: return 'application/x-shockwave-flash'; | |
| 353 | + $pathinfo = pathinfo($displayname); | |
| 354 | + $ext0 = $pathinfo['extension']; | |
| 355 | + if (preg_match('/^(gif|jpg|jpeg|png|swf)$/i', $ext0)) { | |
| 356 | + $size = @getimagesize($filename); | |
| 357 | + if (is_array($size)) { | |
| 358 | + switch ($size[2]) { | |
| 359 | + case 1: return 'image/gif'; | |
| 360 | + case 2: return 'image/jpeg'; | |
| 361 | + case 3: return 'image/png'; | |
| 362 | + case 4: return 'application/x-shockwave-flash'; | |
| 363 | + } | |
| 361 | 364 | } |
| 362 | 365 | } |
| 363 | - | |
| 364 | - $matches = array(); | |
| 365 | - if (! preg_match('/_((?:[0-9A-F]{2})+)(?:\.\d+)?$/', $filename, $matches)) | |
| 366 | - return $type; | |
| 367 | - | |
| 368 | - $filename = decode($matches[1]); | |
| 369 | - | |
| 370 | 366 | // mime-type一覧表を取得 |
| 371 | 367 | $config = new Config(PLUGIN_ATTACH_CONFIG_PAGE_MIME); |
| 372 | 368 | $table = $config->read() ? $config->get('mime-type') : array(); |
| 373 | 369 | unset($config); // メモリ節約 |
| 374 | - | |
| 375 | 370 | foreach ($table as $row) { |
| 376 | 371 | $_type = trim($row[0]); |
| 377 | 372 | $exts = preg_split('/\s+|,/', trim($row[1]), -1, PREG_SPLIT_NO_EMPTY); |
| 378 | 373 | foreach ($exts as $ext) { |
| 379 | - if (preg_match("/\.$ext$/i", $filename)) return $_type; | |
| 374 | + if (preg_match("/\.$ext$/i", $displayname)) return $_type; | |
| 380 | 375 | } |
| 381 | 376 | } |
| 382 | - | |
| 383 | 377 | return $type; |
| 384 | 378 | } |
| 385 | 379 |
| @@ -472,7 +466,7 @@ class AttachFile | ||
| 472 | 466 | $this->time_str = get_date('Y/m/d H:i:s', $this->time); |
| 473 | 467 | $this->size = filesize($this->filename); |
| 474 | 468 | $this->size_str = sprintf('%01.1f', round($this->size/1024, 1)) . 'KB'; |
| 475 | - $this->type = attach_mime_content_type($this->filename); | |
| 469 | + $this->type = attach_mime_content_type($this->filename, $this->file); | |
| 476 | 470 | |
| 477 | 471 | return TRUE; |
| 478 | 472 | } |
| @@ -40,7 +40,7 @@ define('PLUGIN_REF_DIRECT_ACCESS', FALSE); // FALSE or TRUE | ||
| 40 | 40 | ///////////////////////////////////////////////// |
| 41 | 41 | |
| 42 | 42 | // Image suffixes allowed |
| 43 | -define('PLUGIN_REF_IMAGE', '/\.(gif|png|jpe?g)$/i'); | |
| 43 | +define('PLUGIN_REF_IMAGE', '/\.(gif|png|jpe?g|swf)$/i'); | |
| 44 | 44 | |
| 45 | 45 | // Usage (a part of) |
| 46 | 46 | define('PLUGIN_REF_USAGE', "([pagename/]attached-file-name[,parameters, ... ][,title])"); |
| @@ -397,6 +397,10 @@ function plugin_ref_action() | ||
| 397 | 397 | if(! file_exists($ref)) |
| 398 | 398 | return array('msg'=>'Attach file not found', 'body'=>$usage); |
| 399 | 399 | |
| 400 | + $is_image = preg_match(PLUGIN_REF_IMAGE, $filename); | |
| 401 | + if (!$is_image) { | |
| 402 | + return array('msg'=>'Seems not an image', 'body'=>$usage); | |
| 403 | + } | |
| 400 | 404 | $got = @getimagesize($ref); |
| 401 | 405 | if (! isset($got[2])) $got[2] = FALSE; |
| 402 | 406 | switch ($got[2]) { |
Fork