beber pushed a commit to branch master.
http://git.enlightenment.org/website/www.git/commit/?id=1d551927f77ad7c62ce42f2ec7971ae94e58dc37
commit 1d551927f77ad7c62ce42f2ec7971ae94e58dc37
Author: Bertrand Jacquin <be...@meleeweb.net>
Date: Tue Apr 29 21:53:25 2014 +0200
MEDIUM: shot: Find extension based on exif, not by magic signature
---
public_html/shot.php | 72 +++++++++++++++++++++++++++-------------------------
1 file changed, 37 insertions(+), 35 deletions(-)
diff --git a/public_html/shot.php b/public_html/shot.php
index 0ef7d64..a793571 100644
--- a/public_html/shot.php
+++ b/public_html/shot.php
@@ -6,23 +6,20 @@ function get_ip()
return $ip;
}
-function extn($str) {
- $i = strrpos($str,".");
- if (!$i) { return ""; }
- $l = strlen($str) - $i;
- $ext = substr($str,$i+1,$l);
- return $ext;
-}
-
function dothumb($f, $thumb, $new_w, $new_h) {
- $ext = extn($f);
- if (!strcmp("jpg", $ext))
- $src_img = imagecreatefromjpeg($f);
- if (!strcmp("png", $ext))
- $src_img = imagecreatefrompng($f);
+ $image_type = exif_imagetype($f);
- if (!$src_img)
- return false;
+ switch ($image_type) {
+ case IMAGETYPE_JPEG:
+ $src_img = imagecreatefromjpeg($f);
+ break;
+ case IMAGETYPE_PNG:
+ $src_img = imagecreatefrompng($f);
+ break;
+ default:
+ return false;
+ break;
+ }
$old_x = imageSX($src_img);
$old_y = imageSY($src_img);
@@ -39,10 +36,16 @@ function dothumb($f, $thumb, $new_w, $new_h) {
$dst_img = ImageCreateTrueColor($thumb_w, $thumb_h);
imagecopyresampled($dst_img, $src_img, 0, 0, 0, 0,
$thumb_w, $thumb_h, $old_x, $old_y);
- if (!strcmp("png", $ext))
- imagepng($dst_img, $thumb);
- else
- imagejpeg($dst_img, $thumb);
+
+ switch ($image_type) {
+ case IMAGETYPE_JPEG:
+ imagejpeg($dst_img, $thumb);
+ break;
+ case IMAGETYPE_PNG:
+ imagepng($dst_img, $thumb);
+ break;
+ }
+
imagedestroy($dst_img);
imagedestroy($src_img);
}
@@ -50,23 +53,22 @@ function dothumb($f, $thumb, $new_w, $new_h) {
ob_start();
############ limit - 6 mb.
$data = file_get_contents('php://input', NULL, NULL, 0, 6 * 1024 * 1024);
-############ magic jpeg signature
-$jpeg_match = "\xff\xd8\xff\xe0";
-$jpeg_magic = substr($data, 0, 4);
-############ magic png signature
-$png_match = "\x89\x50\x4e\x47";
-$png_magic = substr($data, 0, 4);
+$image_type = exif_imagetype($data);
-############ base on signaure, add file extension
-$ext = ".unknown";
-if ($jpeg_match == $jpeg_magic) $ext = ".jpg";
-else if ($png_match == $png_magic) $ext = ".png";
-############ not a correct matching file - abort
-else {
- header("HTTP/1.1 400 Bad Request");
- echo "Invalid File Format";
- ob_end_flush();
- die();
+case ($image_type) {
+ case IMAGETYPE_JPEG:
+ $ext = ".jpg";
+ break;
+ case IMAGETYPE_PNG:
+ $ext = ".png";
+ break;
+ default:
+ ############ not a correct matching file - abort
+ header("HTTP/1.1 400 Bad Request");
+ echo "Invalid File Format";
+ ob_end_flush();
+ die();
+ break;
}
############ get a unique name
--
