* Fix #2979 : Better security when upload an image

centreon · Aug 4, 2015 · 60a817a · 60a817a
1 parent b11c0c8
commit 60a817a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 12 deletions.
diff --git a/www/include/options/media/images/DB-Func.php b/www/include/options/media/images/DB-Func.php
@@ -78,7 +78,7 @@ function isValidImage($filename) {
 			return false;
 		$imginfo = getimagesize($filename);
 
-		if (isset($imginfo)) {
+		if (isset($imginfo) && false !== $imginfo) {
 			return true;
 		} else {
 			return is_gd2($filename);
@@ -125,8 +125,9 @@ function handleUpload($HTMLfile, $dir_alias, $img_comment = "") {
 				foreach ($filelist as $file) {
 				    if (is_dir($uploaddir.$file))
 						continue; // skip directories in list
-				    if (!isValidImage($uploaddir.$file))
-				    	continue;
+				    if (!isValidImage($uploaddir.$file)) {
+				    	return false;
+                    }
 				    if (is_gd2($uploaddir.$file)) {
 				    	$im = imagecreatefromgd2($uploaddir.$file);
 				    	if (preg_match('/gd2$/', $file)) {
@@ -229,7 +230,7 @@ function deleteImg ($img_id) {
 
 	function updateImg($img_id, $HTMLfile, $dir_alias, $img_name, $img_comment) {
 		if (!$img_id)
-			return;
+			return false;
 		global $pearDB;
 		$mediadir = "./img/media/";
 		$uploaddir = "../filesUpload/images/";
@@ -243,7 +244,7 @@ function updateImg($img_id, $HTMLfile, $dir_alias, $img_name, $img_comment) {
 		$rq .= " WHERE img_id = '".$img_id."' AND img_id = img_img_id AND dir_dir_parent_id = dir_id";
 		$DBRESULT = $pearDB->query($rq);
 		if (!$DBRESULT)
-		    return;
+		    return false;
 		$img_info = $DBRESULT->fetchRow();
 
 		if ($dir_alias)

diff --git a/www/include/options/media/images/formImg.php b/www/include/options/media/images/formImg.php
@@ -157,16 +157,16 @@
 		$imgID = $form->getElement('img_id');
 		$imgPath = $form->getElement('directories')->getValue();
 		$imgComment = $form->getElement('img_comment')->getValue();
-		if ($form->getSubmitValue("submitA"))
-			handleUpload($file, $imgPath, $imgComment);
-		else if ($form->getSubmitValue("submitC")) {
+		if ($form->getSubmitValue("submitA")) {
+			$valid = handleUpload($file, $imgPath, $imgComment);
+        } else if ($form->getSubmitValue("submitC")) {
 			$imgName = $form->getElement('img_name')->getValue();
-			updateImg($imgID->getValue(), $file, $imgPath, $imgName, $imgComment);
+			$valid = updateImg($imgID->getValue(), $file, $imgPath, $imgName, $imgComment);
 		}
-		$o = NULL;
-		$form->addElement("button", "change", _("Modify"), array("onClick"=>"javascript:window.location.href='?p=".$p."&o=ci&img_id=".$imgID->getValue()."'"));
 		$form->freeze();
-		$valid = true;
+        if (false === $valid) {
+            $form->setElementError('filename', "An image is not uploaded.");
+        }
 	}
 	$action = $form->getSubmitValue("action");