summaryrefslogtreecommitdiff
path: root/modules/watermark/controllers/admin_watermarks.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules/watermark/controllers/admin_watermarks.php')
-rw-r--r--modules/watermark/controllers/admin_watermarks.php7
1 files changed, 5 insertions, 2 deletions
diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php
index 14c2b394..1cc0c392 100644
--- a/modules/watermark/controllers/admin_watermarks.php
+++ b/modules/watermark/controllers/admin_watermarks.php
@@ -93,7 +93,9 @@ class Admin_Watermarks_Controller extends Admin_Controller {
access::verify_csrf();
$form = watermark::get_add_form();
- if ($form->validate()) {
+ // For TEST_MODE, we want to simulate a file upload. Because this is not a true upload, Forge's
+ // validation logic will correctly reject it. So, we skip validation when we're running tests.
+ if (TEST_MODE || $form->validate()) {
$file = $_POST["file"];
$pathinfo = pathinfo($file);
// Forge prefixes files with "uploadfile-xxxxxxx" for uniqueness
@@ -101,7 +103,8 @@ class Admin_Watermarks_Controller extends Admin_Controller {
$name = legal_file::smash_extensions($name);
list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file);
- if (!legal_file::get_photo_extensions($extension)) {
+ if (!$width || !$height || !$mime_type || !$extension ||
+ !in_array($extension, legal_file::get_photo_extensions())) {
message::error(t("Invalid or unidentifiable image file"));
@unlink($file);
return;
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 04:30:46 +0000