diff --git a/app/code/core/Mage/Core/Model/File/Validator/Image.php b/app/code/core/Mage/Core/Model/File/Validator/Image.php
index b0238e9e4de..4cfff748b89 100644
--- a/app/code/core/Mage/Core/Model/File/Validator/Image.php
+++ b/app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -74,7 +74,8 @@ public function setAllowedImageTypes(array $imageFileExtensions = [])
}
/**
- * Validation callback for checking is file is image
+ * Validation callback for checking if file is image
+ * Destroy malicious code in image by reprocessing
*
* @param string $filePath Path to temporary uploaded file
* @return null
@@ -85,8 +86,17 @@ public function validate($filePath)
list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
if ($fileType) {
if ($this->isImageType($fileType)) {
- /** if 'general/reprocess_images/active' false then skip image reprocessing. */
- if (!Mage::getStoreConfigFlag('general/reprocess_images/active')) {
+ // Config 'general/reprocess_images/active' is deprecated, replacement is the following:
+ $imageQuality = Mage::getStoreConfig('admin/security/reprocess_image_quality');
+ if ($imageQuality != '') {
+ $imageQuality = (int) $imageQuality;
+ } else {
+ // Value not set in backend. For BC, if depcrecated config does not exist, default to 85.
+ $imageQuality = Mage::getStoreConfig('general/reprocess_images/active') === null
+ ? 85
+ : (Mage::getStoreConfigFlag('general/reprocess_images/active') ? 85 : 0);
+ }
+ if ($imageQuality === 0) {
return null;
}
//replace tmp image with re-sampled copy to exclude images with malicious data
@@ -116,7 +126,7 @@ public function validate($filePath)
imagegif($img, $filePath);
break;
case IMAGETYPE_JPEG:
- imagejpeg($img, $filePath, 100);
+ imagejpeg($img, $filePath, $imageQuality);
break;
case IMAGETYPE_PNG:
imagepng($img, $filePath);
diff --git a/app/code/core/Mage/Core/etc/config.xml b/app/code/core/Mage/Core/etc/config.xml
index 5176685c5fb..a0528aed8db 100644
--- a/app/code/core/Mage/Core/etc/config.xml
+++ b/app/code/core/Mage/Core/etc/config.xml
@@ -497,10 +497,6 @@
-
-
- 1
-
diff --git a/app/code/core/Mage/Core/etc/system.xml b/app/code/core/Mage/Core/etc/system.xml
index 5d41b21654f..b54100f6e8e 100644
--- a/app/code/core/Mage/Core/etc/system.xml
+++ b/app/code/core/Mage/Core/etc/system.xml
@@ -1280,6 +1280,15 @@
00
+
+
+ The recommended value is 85, a higher value will increase the file size. You can set the value to 0 to disable image processing, but it may cause security risks.
+ validate-digits validate-digits-range digits-range-0-100
+ 180
+ 1
+ 1
+ 1
+
diff --git a/app/locale/en_US/Mage_Core.csv b/app/locale/en_US/Mage_Core.csv
index da7783a717b..4322d2f9f70 100644
--- a/app/locale/en_US/Mage_Core.csv
+++ b/app/locale/en_US/Mage_Core.csv
@@ -167,6 +167,7 @@
"How many links to display at once.","How many links to display at once."
"ID Path for Specified Store","ID Path for Specified Store"
"If the current frame position does not cover utmost pages, will render link to current position plus/minus this value.","If the current frame position does not cover utmost pages, will render link to current position plus/minus this value."
+"Image Reprocess Quality","Image Reprocess Quality"
"Incorrect credit card expiration date.","Incorrect credit card expiration date."
"Input type ""%value%"" not found in the input types list.","Input type ""%value%"" not found in the input types list."
"Invalid MIME type.","Invalid MIME type."
@@ -226,6 +227,7 @@
"New Website","New Website"
"No","No"
"Offloader header","Offloader header"
+"The recommended value is 85, a higher value will increase the file size. You can set the value to 0 to disable image processing, but it may cause security risks.","The recommended value is 85, a higher value will increase the file size. You can set the value to 0 to disable image processing, but it may cause security risks."
"PHP SOAP extension is required.","PHP SOAP extension is required."
"Package","Package"
"Pagination","Pagination"