From 0356a84a6e0dc2b4adc490361e01009751e8d3e2 Mon Sep 17 00:00:00 2001
From: shish <shish@7f39781d-f577-437e-ae19-be835c7a54ca>
Date: Sat, 29 Mar 2008 03:59:34 +0000
Subject: [PATCH] make extra-sure that only valud file types are handled (.bmp
 renamed to .jpg used to sneak though)

git-svn-id: file:///home/shish/svn/shimmie2/trunk@732 7f39781d-f577-437e-ae19-be835c7a54ca
---
 ext/handle_pixel/main.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ext/handle_pixel/main.php b/ext/handle_pixel/main.php
index e2f7e9d6..33fc02fa 100644
--- a/ext/handle_pixel/main.php
+++ b/ext/handle_pixel/main.php
@@ -72,7 +72,12 @@ class PixelFileHandler extends Extension {
 	}
 
 	private function check_contents($file) {
-		return (file_exists($file) && !is_null(getimagesize($file)));
+		$valid = Array(IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_JPEG);
+		if(!file_exists($file)) return false;
+		$info = getimagesize($file);
+		if(is_null($info)) return false;
+		if(array_contains($valid, $info[2])) return true;
+		return false;
 	}
 
 	private function create_thumb($hash) {