• R/O
  • HTTP
  • SSH
  • HTTPS

pukiwiki: Commit


Commit MetaInfo

Revisionedfd4a4717f9ad5a8a15a8f97bae340fb5f0cbc3 (tree)
Time2016-01-28 01:03:17
Authorumorigu <umorigu@gmai...>
Commiterumorigu

Log Message

BugTrack2/264 Call getimagesize() only for image named files

Change Summary

Incremental Difference

--- a/plugin/attach.inc.php
+++ b/plugin/attach.inc.php
@@ -345,41 +345,35 @@ function attach_showform()
345345
346346 //-------- サービス
347347 // mime-typeの決定
348-function attach_mime_content_type($filename)
348+function attach_mime_content_type($filename, $displayname)
349349 {
350350 $type = 'application/octet-stream'; // default
351351
352352 if (! file_exists($filename)) return $type;
353-
354- $size = @getimagesize($filename);
355- if (is_array($size)) {
356- switch ($size[2]) {
357- case 1: return 'image/gif';
358- case 2: return 'image/jpeg';
359- case 3: return 'image/png';
360- case 4: return 'application/x-shockwave-flash';
353+ $pathinfo = pathinfo($displayname);
354+ $ext0 = $pathinfo['extension'];
355+ if (preg_match('/^(gif|jpg|jpeg|png|swf)$/i', $ext0)) {
356+ $size = @getimagesize($filename);
357+ if (is_array($size)) {
358+ switch ($size[2]) {
359+ case 1: return 'image/gif';
360+ case 2: return 'image/jpeg';
361+ case 3: return 'image/png';
362+ case 4: return 'application/x-shockwave-flash';
363+ }
361364 }
362365 }
363-
364- $matches = array();
365- if (! preg_match('/_((?:[0-9A-F]{2})+)(?:\.\d+)?$/', $filename, $matches))
366- return $type;
367-
368- $filename = decode($matches[1]);
369-
370366 // mime-type一覧表を取得
371367 $config = new Config(PLUGIN_ATTACH_CONFIG_PAGE_MIME);
372368 $table = $config->read() ? $config->get('mime-type') : array();
373369 unset($config); // メモリ節約
374-
375370 foreach ($table as $row) {
376371 $_type = trim($row[0]);
377372 $exts = preg_split('/\s+|,/', trim($row[1]), -1, PREG_SPLIT_NO_EMPTY);
378373 foreach ($exts as $ext) {
379- if (preg_match("/\.$ext$/i", $filename)) return $_type;
374+ if (preg_match("/\.$ext$/i", $displayname)) return $_type;
380375 }
381376 }
382-
383377 return $type;
384378 }
385379
@@ -472,7 +466,7 @@ class AttachFile
472466 $this->time_str = get_date('Y/m/d H:i:s', $this->time);
473467 $this->size = filesize($this->filename);
474468 $this->size_str = sprintf('%01.1f', round($this->size/1024, 1)) . 'KB';
475- $this->type = attach_mime_content_type($this->filename);
469+ $this->type = attach_mime_content_type($this->filename, $this->file);
476470
477471 return TRUE;
478472 }
--- a/plugin/ref.inc.php
+++ b/plugin/ref.inc.php
@@ -40,7 +40,7 @@ define('PLUGIN_REF_DIRECT_ACCESS', FALSE); // FALSE or TRUE
4040 /////////////////////////////////////////////////
4141
4242 // Image suffixes allowed
43-define('PLUGIN_REF_IMAGE', '/\.(gif|png|jpe?g)$/i');
43+define('PLUGIN_REF_IMAGE', '/\.(gif|png|jpe?g|swf)$/i');
4444
4545 // Usage (a part of)
4646 define('PLUGIN_REF_USAGE', "([pagename/]attached-file-name[,parameters, ... ][,title])");
@@ -397,6 +397,10 @@ function plugin_ref_action()
397397 if(! file_exists($ref))
398398 return array('msg'=>'Attach file not found', 'body'=>$usage);
399399
400+ $is_image = preg_match(PLUGIN_REF_IMAGE, $filename);
401+ if (!$is_image) {
402+ return array('msg'=>'Seems not an image', 'body'=>$usage);
403+ }
400404 $got = @getimagesize($ref);
401405 if (! isset($got[2])) $got[2] = FALSE;
402406 switch ($got[2]) {
Show on old repository browser