From 0312d1b071bd4434ddb3f82888b0323da6bf3732 Mon Sep 17 00:00:00 2001
From: shadlaws <shad@shadlaws.com>
Date: Fri, 8 Feb 2013 13:51:41 +0100
Subject: #1994 - Make get_file_metadata throw an exception if photo or movie
 is unidentifiable/illegal. - photo & movie helpers: modified to throw
 exceptions when file is known to be unidentifiable/illegal. - item model:
 revised to work with exceptions and be more explicit when the data file is
 invalid. - item model: removed duplicate get_file_metadata call for updated
 items. - admin_watermarks controller: revised to work with exceptions (really
 cleans up logic here). - graphics helper: revised to handle invalid
 placeholders (a nearly-impossible corner case, but still...). - photo & movie
 helper tests: revised to work with exceptions, added new tests for illegal
 files with valid extensions. - item model tests: revised to work with
 exceptions, added new tests for illegal files with valid extensions.

---
 modules/watermark/controllers/admin_watermarks.php | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

(limited to 'modules/watermark/controllers')

diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php
index 27c2efc9..59bb7fa9 100644
--- a/modules/watermark/controllers/admin_watermarks.php
+++ b/modules/watermark/controllers/admin_watermarks.php
@@ -102,18 +102,17 @@ class Admin_Watermarks_Controller extends Admin_Controller {
       $name = preg_replace("/uploadfile-[^-]+-(.*)/", '$1', $pathinfo["basename"]);
       $name = legal_file::smash_extensions($name);
 
-      list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file);
-      if (!$width || !$height || !$mime_type || !$extension ||
-          !legal_file::get_photo_extensions($extension)) {
-        message::error(t("Invalid or unidentifiable image file"));
-        @unlink($file);
-        return;
-      } else {
+      try {
+        list ($width, $height, $mime_type, $extension) = photo::get_file_metadata($file);
         // Force correct, legal extension type on file, which will be of our canonical type
         // (i.e. all lowercase, jpg instead of jpeg, etc.).  This renaming prevents the issues
         // addressed in ticket #1855, where an image that looked valid (header said jpg) with a
         // php extension was previously accepted without changing its extension.
         $name = legal_file::change_extension($name, $extension);
+      } catch (Exception $e) {
+        message::error(t("Invalid or unidentifiable image file"));
+        @unlink($file);
+        return;
       }
 
       rename($file, VARPATH . "modules/watermark/$name");
-- 
cgit v1.2.3