Enhanced media upload check to also check redirects for local files, thanks to Xu Yue (again!)

2016-11-02 12:18:49 +01:00 · 2016-11-02 12:18:49 +01:00 · 26de428c18
commit 26de428c18
parent d7980e5f94
2 changed files with 10 additions and 1 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -1,3 +1,9 @@
+Version 2.1 ()
+------------------------------------------------------------------------
+
+    * [Security] Enhanced media upload check to also check redirects
+      for local files, thanks to Xu Yue (again!)
+
 Version 2.1-beta2 (September 26th, 2016)
 ------------------------------------------------------------------------

--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@ -290,7 +290,10 @@ switch ($serendipity['GET']['adminAction']) {
                    // Fetch file
                    $fContent = $response->getBody();

-                    if ($serendipity['POST']['imageimporttype'] == 'hotlink') {
+                    $fUrl = $response->getEffectiveUrl();
+                    if (!serendipity_url_allowed($fUrl)) {
+                        $messages[] = sprintf('<span class="msg_error"><span class="icon-attention-circled"></span> ' . REMOTE_FILE_INVALID . "</span>\n", $fUrl);
+                    } elseif ($serendipity['POST']['imageimporttype'] == 'hotlink') {
                        $tempfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . '/hotlink_' . time();
                        $fp = fopen($tempfile, 'w');
                        fwrite($fp, $fContent);