From 8aec080e6949d913ff7e9c9f6ed726b36f151780 Mon Sep 17 00:00:00 2001 From: Bas Steelooper Date: Sun, 19 Feb 2023 19:52:24 +0100 Subject: [PATCH] fix for issue found by Matthew Hogg --- data/modules/albums/albums.admin.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/data/modules/albums/albums.admin.php b/data/modules/albums/albums.admin.php index f77a5157..8548a3d7 100644 --- a/data/modules/albums/albums.admin.php +++ b/data/modules/albums/albums.admin.php @@ -104,6 +104,7 @@ function albums_page_admin_albums() { function albums_page_admin_editalbum() { global $cont1, $cont2, $cont3, $lang, $var1; + $imagewhitelist = array('jfif', 'png', 'jpg', 'gif', 'jpeg'); //Let's process the image... if (isset($_POST['submit'])) { @@ -135,11 +136,15 @@ function albums_page_admin_editalbum() { //Don't do anything, if the name already exists. if (isset($name_exist)) $error = show_error($lang['albums']['image_exist'], 1, true); - + + elseif (!in_array(strtolower($ext), $imagewhitelist)){ + $error = show_error($lang['general']['upload_failed'], 1, true)); + //If we somehow can't copy the image, show an error. elseif (!copy($_FILES['imagefile']['tmp_name'], $fullimage) || !copy($_FILES['imagefile']['tmp_name'], $thumbimage)) $error = show_error($lang['general']['upload_failed'], 1, true); + else { //Compress the big image. $image_width = module_get_setting('albums','resize_image_width');