mirrors/htmlpurifier
0
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-01-03 05:11:52 +00:00
Code Releases Activity

avoid exif_imagetype exception with small files/corrupt data URI

Browse Source
This commit is contained in:
Bart Butler 2016-07-12 17:23:12 -07:00 committed by Edward Z. Yang
parent 0166c3728b
commit 3747cb7efb
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
library/HTMLPurifier/URIScheme/data.php
View File

@ -79,6 +79,11 @@ class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
} else {
$raw_data = $data;
}
if ( strlen($raw_data) < 12 ) {
// error; exif_imagetype throws exception with small files,
// and this likely indicates a corrupt URI/failed parse anyway
return false;
}
// XXX probably want to refactor this into a general mechanism
// for filtering arbitrary content types
if (function_exists('sys_get_temp_dir')) {

10
tests/HTMLPurifier/URISchemeTest.php
View File

@ -252,6 +252,16 @@ class HTMLPurifier_URISchemeTest extends HTMLPurifier_URIHarness
$this->assertValidation('ftp:///example.com', false);
}
public function test_data_bad_base64()
{
$this->assertValidation('data:image/png;base64,aGVsbG90aGVyZXk|', false);
}
public function test_data_too_short()
{
$this->assertValidation('data:image/png;base64,aGVsbG90aGVyZXk=', false);
}
}
// vim: et sw=4 sts=4