From 19b21fb2bf5b0ce8a3a9d80873e25aa5eca2e73b Mon Sep 17 00:00:00 2001
From: alex-mpoet <alex-mpoet@users.noreply.github.com>
Date: Thu, 11 Jul 2024 19:27:35 +0300
Subject: [PATCH] Improve TemplateImageLoader robustness

[MAILPOET-3923]
---
 .../NewsletterTemplates/TemplateImageLoader.php    | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/mailpoet/lib/NewsletterTemplates/TemplateImageLoader.php b/mailpoet/lib/NewsletterTemplates/TemplateImageLoader.php
index c3ce865317..7018309049 100644
--- a/mailpoet/lib/NewsletterTemplates/TemplateImageLoader.php
+++ b/mailpoet/lib/NewsletterTemplates/TemplateImageLoader.php
@@ -29,6 +29,7 @@ class TemplateImageLoader {
       // Failed to load the image
       return false;
     }
+    $mime = $this->wp->wpGetImageMime($image);
     if (!$this->isTypeAllowed($image, $mime)) {
       // Wrong file type
       @unlink($image);
@@ -46,11 +47,11 @@ class TemplateImageLoader {
   }
 
   private function isUrlAllowed($url) {
-    $urlParts = parse_url($url);
+    $urlParts = $this->wp->wpParseUrl($url);
     $allowedExtensions = ['gif', 'png', 'jpg', 'jpeg'];
     if (
       !isset($urlParts['path'])
-      || !preg_match('/(' . join('|', $allowedExtensions) . ')$/', $urlParts['path'])
+      || !preg_match('/\.(' . join('|', $allowedExtensions) . ')$/i', $urlParts['path'])
     ) {
       return false;
     }
@@ -59,10 +60,12 @@ class TemplateImageLoader {
       'https://ps.w.org/mailpoet/assets/newsletter-templates/',
     ]);
     foreach ($allowedUrls as $allowedUrl) {
-      $allowedUrlParts = parse_url($allowedUrl);
+      $allowedUrlParts = $this->wp->wpParseUrl($allowedUrl);
       if (
-        isset($urlParts['host'], $allowedUrlParts['host'], $allowedUrlParts['path'])
+        isset($urlParts['host'], $urlParts['scheme'])
+        && isset($allowedUrlParts['host'], $allowedUrlParts['scheme'], $allowedUrlParts['path'])
         && $urlParts['host'] === $allowedUrlParts['host']
+        && $urlParts['scheme'] === $allowedUrlParts['scheme']
         && strpos($urlParts['path'], $allowedUrlParts['path']) === 0
       ) {
         return true;
@@ -71,13 +74,12 @@ class TemplateImageLoader {
     return false;
   }
 
-  private function isTypeAllowed($image, &$mime = null) {
+  private function isTypeAllowed($image, $mime) {
     $allowedMimeTypes = [
       'image/gif',
       'image/jpeg',
       'image/png',
     ];
-    $mime = $this->wp->wpGetImageMime($image);
     return $mime && in_array($mime, $allowedMimeTypes);
   }
 }