From 007cf7d1803bfaa7b84d064ba6a99efd14e726ed Mon Sep 17 00:00:00 2001 From: Bernhard Rusch Date: Mon, 25 Oct 2021 11:01:01 +0200 Subject: [PATCH] [Asset] Pixel flood validation fix --- .../DependencyInjection/Configuration.php | 3 +++ models/Asset.php | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/bundles/CoreBundle/DependencyInjection/Configuration.php b/bundles/CoreBundle/DependencyInjection/Configuration.php index 58c42dad236..7dceae51c10 100644 --- a/bundles/CoreBundle/DependencyInjection/Configuration.php +++ b/bundles/CoreBundle/DependencyInjection/Configuration.php @@ -450,6 +450,9 @@ private function addAssetNode(ArrayNodeDefinition $rootNode) ->arrayNode('image') ->addDefaultsIfNotSet() ->children() + ->integerNode('max_pixels') + ->defaultValue(40000000) + ->end() ->arrayNode('low_quality_image_preview') ->addDefaultsIfNotSet() ->canBeDisabled() diff --git a/models/Asset.php b/models/Asset.php index c601553d124..9062ee3a8ea 100644 --- a/models/Asset.php +++ b/models/Asset.php @@ -35,6 +35,7 @@ use Pimcore\Model\Element\ElementInterface; use Pimcore\Model\Element\Service; use Pimcore\Model\Element\Traits\ScheduledTasksTrait; +use Pimcore\Model\Element\ValidationException; use Pimcore\Model\Exception\NotFoundException; use Pimcore\Tool; use Pimcore\Tool\Storage; @@ -345,18 +346,21 @@ public static function create($parentId, $data = [], $save = true) $tmpFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/asset-create-tmp-file-' . uniqid() . '.' . File::getFileExtension($data['filename']); if (array_key_exists('data', $data)) { File::put($tmpFile, $data['data']); + self::checkMaxPixels($tmpFile); $mimeType = MimeTypes::getDefault()->guessMimeType($tmpFile); unlink($tmpFile); } else { $streamMeta = stream_get_meta_data($data['stream']); if (file_exists($streamMeta['uri'])) { // stream is a local file, so we don't have to write a tmp file + self::checkMaxPixels($streamMeta['uri']); $mimeType = MimeTypes::getDefault()->guessMimeType($streamMeta['uri']); } else { // write a tmp file because the stream isn't a pointer to the local filesystem $isRewindable = @rewind($data['stream']); $dest = fopen($tmpFile, 'w+', false, File::getContext()); stream_copy_to_stream($data['stream'], $dest); + self::checkMaxPixels($tmpFile); $mimeType = MimeTypes::getDefault()->guessMimeType($tmpFile); if (!$isRewindable) { @@ -371,6 +375,7 @@ public static function create($parentId, $data = [], $save = true) if (is_dir($data['sourcePath'])) { $mimeType = 'directory'; } else { + self::checkMaxPixels($data['sourcePath']); $mimeType = MimeTypes::getDefault()->guessMimeType($data['sourcePath']); if (is_file($data['sourcePath'])) { $data['stream'] = fopen($data['sourcePath'], 'rb', false, File::getContext()); @@ -400,6 +405,17 @@ public static function create($parentId, $data = [], $save = true) return $asset; } + private static function checkMaxPixels(string $localPath): void + { + $maxPixels = \Pimcore::getContainer()->getParameter('pimcore.config')['assets']['image']['max_pixels']; + if($size = getimagesize($localPath)) { + if($size[0] * $size[1] > $maxPixels) { + throw new ValidationException( + 'Image exceeds max pixel size of ' . $maxPixels . ', you can change the value in config pimcore.assets.image.max_pixels'); + } + } + } + /** * @param array $config *