yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-03 01:39:24 +02:00
Code Issues Releases Wiki Activity

TALOS-2023-1881

Browse source 
CVE-2023-49738
This commit is contained in:
Daniel Neto 2023-12-15 11:27:32 -03:00
parent 2792f538ce
commit fb2372b191
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
view/img/image404.php
View file

@ -70,6 +70,12 @@ if(ImagesPlaceHolders::isDefaultImage($file)){
}else{ }else{
header("HTTP/1.0 200 OK"); header("HTTP/1.0 200 OK");
} }
$imageInfo = getimagesize($file);
if (empty($imageInfo)) {
die('not image');
}
header('Content-Type:' . $type); header('Content-Type:' . $type);
header('Content-Length: ' . filesize($file)); header('Content-Length: ' . filesize($file));
readfile($file); readfile($file);

5
view/img/image404Raw.php
View file

@ -10,9 +10,12 @@ if($imageURL == 'favicon.ico'){
} }
if (file_exists($imgLocalFile)) { if (file_exists($imgLocalFile)) {
$imageInfo = getimagesize($imgLocalFile);
if (empty($imageInfo)) {
die('not image');
}
// Determine the content type based on the file extension // Determine the content type based on the file extension
$fileExtension = strtolower(pathinfo($imgLocalFile, PATHINFO_EXTENSION)); $fileExtension = strtolower(pathinfo($imgLocalFile, PATHINFO_EXTENSION));
switch ($fileExtension) { switch ($fileExtension) {
case 'jpg': case 'jpg':
case 'jpeg': case 'jpeg':