diff --git a/Chase/Helga/Functions/filevalidator.php b/Chase/Helga/Functions/filevalidator.php index bbecfd6..72d3e5f 100644 --- a/Chase/Helga/Functions/filevalidator.php +++ b/Chase/Helga/Functions/filevalidator.php @@ -7,27 +7,41 @@ const PDF_MAGIC = "\x25\x50\x44\x46\x2D"; const OFFICE_MAGIC = "\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1"; +function hasCode(string $string) +{ + return ( + strpos($string, "") !== false || + strpos($string, "()") !== false || + preg_match("/\$_\w+/", $string) || + preg_match("/\$\w+/", $string) + ); +} + function containsCode(array $headers) { foreach ($headers as $title => $contents) { if (is_array($contents)) { containsCode($contents); } else if (is_string($contents)) { - if ( - strpos($contents, "") !== false || - strpos($contents, "()") !== false || - preg_match("/\$_\w+/", $contents) || - preg_match("/\$\w+/", $contents) - ) { + if (hasCode($contents)) { return true; } } } } +function rawContainsCode(string $path) +{ + $contents = file_get_contents($path); + if(hasCode($contents)){ + return true; + } +} + + /** * Checks if a file is one of several mimes. * @@ -68,7 +82,7 @@ function isImage(string $path) if (!hasMime($path, ['image/jpeg', 'image/png', 'image/gif', 'image/webp'])) { return false; } - + $data = @exif_read_data($path); if (is_array($data)) { if (containsCode($data)) { @@ -76,6 +90,10 @@ function isImage(string $path) } } + if (rawContainsCode($path)) { + return false; + } + $image = false; switch ($type) { case IMAGETYPE_GIF: diff --git a/s.jpg b/s.jpg new file mode 100644 index 0000000..622c20e Binary files /dev/null and b/s.jpg differ