This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | // |
||||
3 | // ------------------------------------------------------------------------ // |
||||
4 | // XOOPS - PHP Content Management System // |
||||
5 | // Copyright (c) 2000-2020 XOOPS.org // |
||||
6 | // <https://xoops.org> // |
||||
7 | // ------------------------------------------------------------------------ // |
||||
8 | // This program is free software; you can redistribute it and/or modify // |
||||
9 | // it under the terms of the GNU General Public License as published by // |
||||
10 | // the Free Software Foundation; either version 2 of the License, or // |
||||
11 | // (at your option) any later version. // |
||||
12 | // // |
||||
13 | // You may not change or alter any portion of this comment or credits // |
||||
14 | // of supporting developers from this source code or any supporting // |
||||
15 | // source code which is considered copyrighted (c) material of the // |
||||
16 | // original comment or credit authors. // |
||||
17 | // // |
||||
18 | // This program is distributed in the hope that it will be useful, // |
||||
19 | // but WITHOUT ANY WARRANTY; without even the implied warranty of // |
||||
20 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // |
||||
21 | // GNU General Public License for more details. // |
||||
22 | // // |
||||
23 | // You should have received a copy of the GNU General Public License // |
||||
24 | // along with this program; if not, write to the Free Software // |
||||
25 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // |
||||
26 | // ------------------------------------------------------------------------ // |
||||
27 | // Author: phppp (D.J., [email protected]) // |
||||
28 | // URL: https://xoops.org // |
||||
29 | // Project: Article Project // |
||||
30 | // ------------------------------------------------------------------------ // |
||||
31 | |||||
32 | if (!defined('NEWBB_FUNCTIONS_IMAGE')) { |
||||
33 | define('NEWBB_FUNCTIONS_IMAGE', true); |
||||
34 | |||||
35 | /** |
||||
36 | * @param $source |
||||
37 | * @return string |
||||
38 | */ |
||||
39 | function newbbAttachmentImage($source) |
||||
40 | { |
||||
41 | $img_path = $GLOBALS['xoops']->path($GLOBALS['xoopsModuleConfig']['dir_attachments']); |
||||
42 | $img_url = XOOPS_URL . '/' . $GLOBALS['xoopsModuleConfig']['dir_attachments']; |
||||
43 | $thumb_path = $img_path . '/thumbs'; |
||||
44 | $thumb_url = $img_url . '/thumbs'; |
||||
45 | |||||
46 | $thumb = $thumb_path . '/' . $source; |
||||
47 | $image = $img_path . '/' . $source; |
||||
48 | $thumb_url = $thumb_url . '/' . $source; |
||||
49 | $image_url = $img_url . '/' . $source; |
||||
50 | |||||
51 | $imginfo = @getimagesize($image); |
||||
52 | $img_info = (count($imginfo) > 0) ? $imginfo[0] . 'X' . $imginfo[1] . ' px' : ''; |
||||
53 | |||||
54 | if ($GLOBALS['xoopsModuleConfig']['max_image_width'] > 0 |
||||
55 | && $GLOBALS['xoopsModuleConfig']['max_image_height'] > 0) { |
||||
56 | if ($imginfo[0] > $GLOBALS['xoopsModuleConfig']['max_image_width'] |
||||
57 | || $imginfo[1] > $GLOBALS['xoopsModuleConfig']['max_image_height']) { |
||||
58 | //if (!file_exists($thumb_path.'/'.$source) && $imginfo[0] > $GLOBALS['xoopsModuleConfig']['max_img_width']) { |
||||
59 | if (!file_exists($thumb_path . '/' . $source)) { |
||||
60 | newbbCreateThumbnail($source, $GLOBALS['xoopsModuleConfig']['max_image_width']); |
||||
61 | } |
||||
62 | } |
||||
63 | |||||
64 | if ($imginfo[0] > $GLOBALS['xoopsModuleConfig']['max_image_width'] |
||||
65 | || $imginfo[1] > $GLOBALS['xoopsModuleConfig']['max_image_height']) { |
||||
66 | $pseudo_width = $GLOBALS['xoopsModuleConfig']['max_image_width']; |
||||
67 | $pseudo_height = $GLOBALS['xoopsModuleConfig']['max_image_width'] * ($imginfo[1] / $imginfo[0]); |
||||
68 | $pseudo_size = "width='" . $pseudo_width . "px' height='" . $pseudo_height . "px'"; |
||||
69 | } |
||||
70 | // irmtfan to fix Undefined variable: pseudo_height |
||||
71 | if (!empty($pseudo_height) && $GLOBALS['xoopsModuleConfig']['max_image_height'] > 0 |
||||
72 | && $pseudo_height > $GLOBALS['xoopsModuleConfig']['max_image_height']) { |
||||
73 | $pseudo_height = $GLOBALS['xoopsModuleConfig']['max_image_height']; |
||||
74 | $pseudo_width = $GLOBALS['xoopsModuleConfig']['max_image_height'] * ($imginfo[0] / $imginfo[1]); |
||||
75 | $pseudo_size = "width='" . $pseudo_width . "px' height='" . $pseudo_height . "px'"; |
||||
76 | } |
||||
77 | } |
||||
78 | |||||
79 | if (file_exists($thumb)) { |
||||
80 | $attachmentImage = '<a href="' . $image_url . '" title="' . $source . ' ' . $img_info . '" target="_blank">'; |
||||
81 | // $attachmentImage .= '<img src="' . $thumb_url . '" alt="' . $source . ' ' . $img_info . '" >'; |
||||
82 | $attachmentImage .= '<img src="' . $image_url . '" ' . $pseudo_size . ' alt="' . $source . ' ' . $img_info . '" >'; |
||||
83 | $attachmentImage .= '</a>'; |
||||
84 | } elseif (!empty($pseudo_size)) { |
||||
85 | $attachmentImage = '<a href="' . $image_url . '" title="' . $source . ' ' . $img_info . '" target="_blank">'; |
||||
86 | $attachmentImage .= '<img src="' . $image_url . '" ' . $pseudo_size . ' alt="' . $source . ' ' . $img_info . '" >'; |
||||
87 | $attachmentImage .= '</a>'; |
||||
88 | } elseif (file_exists($image)) { |
||||
89 | $attachmentImage = '<img src="' . $image_url . '" alt="' . $source . ' ' . $img_info . '" >'; |
||||
90 | } else { |
||||
91 | $attachmentImage = ''; |
||||
92 | } |
||||
93 | |||||
94 | return $attachmentImage; |
||||
95 | } |
||||
96 | |||||
97 | /** |
||||
98 | * @param $source |
||||
99 | * @param $thumb_width |
||||
100 | * @return bool |
||||
101 | */ |
||||
102 | function newbbCreateThumbnail($source, $thumb_width) |
||||
103 | { |
||||
104 | $cmd = ''; |
||||
105 | $img_path = $GLOBALS['xoops']->path($GLOBALS['xoopsModuleConfig']['dir_attachments']); |
||||
106 | $thumb_path = $img_path . '/thumbs'; |
||||
107 | $src_file = $img_path . '/' . $source; |
||||
108 | $new_file = $thumb_path . '/' . $source; |
||||
109 | //$imageLibs = newbb_getImageLibs(); |
||||
110 | |||||
111 | if (!filesize($src_file) || !is_readable($src_file)) { |
||||
112 | return false; |
||||
113 | } |
||||
114 | |||||
115 | if (!is_dir($thumb_path) || !is_writable($thumb_path)) { |
||||
116 | return false; |
||||
117 | } |
||||
118 | |||||
119 | $imginfo = @getimagesize($src_file); |
||||
120 | |||||
121 | if (null === $imginfo) { |
||||
122 | return false; |
||||
123 | } |
||||
124 | if ($imginfo[0] < $thumb_width) { |
||||
125 | return false; |
||||
126 | } |
||||
127 | |||||
128 | $newWidth = (int)min($imginfo[0], $thumb_width); |
||||
129 | $newHeight = (int)($imginfo[1] * $newWidth / $imginfo[0]); |
||||
130 | |||||
131 | if (1 == $GLOBALS['xoopsModuleConfig']['image_lib'] || 0 == $GLOBALS['xoopsModuleConfig']['image_lib']) { |
||||
132 | if (preg_match('#[A-Z]:|\\\\#Ai', __FILE__)) { |
||||
133 | $cur_dir = __DIR__; |
||||
134 | $src_file_im = '"' . $cur_dir . '\\' . str_replace('/', '\\', $src_file) . '"'; |
||||
135 | $new_file_im = '"' . $cur_dir . '\\' . str_replace('/', '\\', $new_file) . '"'; |
||||
136 | } else { |
||||
137 | $src_file_im = @escapeshellarg($src_file); |
||||
138 | $new_file_im = @escapeshellarg($new_file); |
||||
139 | } |
||||
140 | $path = empty($GLOBALS['xoopsModuleConfig']['path_magick']) ? '' : $GLOBALS['xoopsModuleConfig']['path_magick'] . '/'; |
||||
141 | $magick_command = $path . 'convert -quality 85 -antialias -sample ' . $newWidth . 'x' . $newHeight . ' ' . $src_file_im . ' +profile "*" ' . str_replace('\\', '/', $new_file_im) . ''; |
||||
142 | |||||
143 | @passthru($magick_command); |
||||
0 ignored issues
–
show
|
|||||
144 | if (file_exists($new_file)) { |
||||
145 | return true; |
||||
146 | } |
||||
147 | } |
||||
148 | |||||
149 | if (2 == $GLOBALS['xoopsModuleConfig']['image_lib'] || 0 == $GLOBALS['xoopsModuleConfig']['image_lib']) { |
||||
150 | $path = empty($GLOBALS['xoopsModuleConfig']['path_netpbm']) ? '' : $GLOBALS['xoopsModuleConfig']['path_netpbm'] . '/'; |
||||
151 | if (preg_match("/\.png$/", $source)) { |
||||
152 | $cmd = $path . "pngtopnm $src_file | " . $path . "pnmscale -xysize $newWidth $newHeight | " . $path . "pnmtopng > $new_file"; |
||||
153 | } elseif (preg_match("/\.(jpg|jpeg)$/", $source)) { |
||||
154 | $cmd = $path . "jpegtopnm $src_file | " . $path . "pnmscale -xysize $newWidth $newHeight | " . $path . "ppmtojpeg -quality=90 > $new_file"; |
||||
155 | } elseif (preg_match("/\.gif$/", $source)) { |
||||
156 | $cmd = $path . "giftopnm $src_file | " . $path . "pnmscale -xysize $newWidth $newHeight | ppmquant 256 | " . $path . "ppmtogif > $new_file"; |
||||
157 | } |
||||
158 | |||||
159 | @exec($cmd, $output, $retval); |
||||
0 ignored issues
–
show
It seems like you do not handle an error condition for
exec() . This can introduce security issues, and is generally not recommended.
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||||
160 | if (file_exists($new_file)) { |
||||
161 | return true; |
||||
162 | } |
||||
163 | } |
||||
164 | |||||
165 | $type = $imginfo[2]; |
||||
166 | $supported_types = []; |
||||
167 | |||||
168 | if (!extension_loaded('gd')) { |
||||
169 | return false; |
||||
170 | } |
||||
171 | if (function_exists('imagegif')) { |
||||
172 | $supported_types[] = 1; |
||||
173 | } |
||||
174 | if (function_exists('imagejpeg')) { |
||||
175 | $supported_types[] = 2; |
||||
176 | } |
||||
177 | if (function_exists('imagepng')) { |
||||
178 | $supported_types[] = 3; |
||||
179 | } |
||||
180 | |||||
181 | $imageCreateFunction = function_exists('imagecreatetruecolor') ? 'imagecreatetruecolor' : 'imagecreate'; |
||||
182 | |||||
183 | if (in_array($type, $supported_types)) { |
||||
184 | switch ($type) { |
||||
185 | case 1: |
||||
186 | if (!function_exists('imagecreatefromgif')) { |
||||
187 | return false; |
||||
188 | } |
||||
189 | $im = imagecreatefromgif($src_file); |
||||
190 | $new_im = imagecreate($newWidth, $newHeight); |
||||
191 | imagecopyresized($new_im, $im, 0, 0, 0, 0, $newWidth, $newHeight, $imginfo[0], $imginfo[1]); |
||||
192 | imagegif($new_im, $new_file); |
||||
193 | imagedestroy($im); |
||||
194 | imagedestroy($new_im); |
||||
195 | break; |
||||
196 | case 2: |
||||
197 | $im = imagecreatefromjpeg($src_file); |
||||
198 | $new_im = $imageCreateFunction($newWidth, $newHeight); |
||||
199 | imagecopyresized($new_im, $im, 0, 0, 0, 0, $newWidth, $newHeight, $imginfo[0], $imginfo[1]); |
||||
200 | imagejpeg($new_im, $new_file, 90); |
||||
201 | imagedestroy($im); |
||||
202 | imagedestroy($new_im); |
||||
203 | break; |
||||
204 | case 3: |
||||
205 | $im = imagecreatefrompng($src_file); |
||||
206 | $new_im = $imageCreateFunction($newWidth, $newHeight); |
||||
207 | imagecopyresized($new_im, $im, 0, 0, 0, 0, $newWidth, $newHeight, $imginfo[0], $imginfo[1]); |
||||
208 | imagepng($new_im, $new_file); |
||||
209 | imagedestroy($im); |
||||
210 | imagedestroy($new_im); |
||||
211 | break; |
||||
212 | } |
||||
213 | } |
||||
214 | |||||
215 | if (file_exists($new_file)) { |
||||
216 | return true; |
||||
217 | } |
||||
218 | |||||
219 | return false; |
||||
220 | } |
||||
221 | } |
||||
222 |
If you suppress an error, we recommend checking for the error condition explicitly: