From 4a13ec9a8f4881ae1f23bdfd24d7b90cd0802cdc Mon Sep 17 00:00:00 2001 From: plegall Date: Sun, 26 Apr 2026 11:42:20 +0200 Subject: [PATCH] fixes GHSA-7w97-5g4p-xqvv more robust check on logo file type --- admin/themes_standard_pages.php | 94 ++++++++++++++++----------------- 1 file changed, 46 insertions(+), 48 deletions(-) diff --git a/admin/themes_standard_pages.php b/admin/themes_standard_pages.php index 7d38af7f5..53bd56134 100644 --- a/admin/themes_standard_pages.php +++ b/admin/themes_standard_pages.php @@ -16,7 +16,11 @@ if( !defined("PHPWG_ROOT_PATH") ) // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); -global $template, $conf; +if (!is_webmaster()) +{ + $page['warnings'][] = str_replace('%s', l10n('user_status_webmaster'), l10n('%s status is required to edit parameters.')); +} + // +-----------------------------------------------------------------------+ // | Update standard pages configuration | // +-----------------------------------------------------------------------+ @@ -42,7 +46,7 @@ $std_pgs_skin_options = array( "teal", ); -if (isset($_POST['submit']) and !empty($_POST)) +if (isset($_POST['submit']) and !empty($_POST) and is_webmaster()) { check_pwg_token(); @@ -65,46 +69,36 @@ if (isset($_POST['submit']) and !empty($_POST)) //Handle logo upload, allow png, jpg and svg if (isset($_FILES['std_pgs_logo']) and !empty($_FILES['std_pgs_logo']['tmp_name'])) { - // if (function_exists('mime_content_type')) - // { - $mime_type = mime_content_type($_FILES['std_pgs_logo']['tmp_name']); - - // Allowed MIME types - $allowed_mimes = array( - 'image/png', - 'image/jpeg', - 'image/svg+xml', - 'image/svg' + $finfo = finfo_open(FILEINFO_MIME_TYPE); + $mime_type = finfo_file($finfo, $_FILES['std_pgs_logo']['tmp_name']); + finfo_close($finfo); + + // Allowed MIME types + $allowed_mimes = array( + 'image/png' => 'png', + 'image/jpeg' => 'jpg', + 'image/svg+xml' => 'svg', + 'image/svg' => 'svg', + 'image/webp' => 'webp', + ); + + if (!in_array($mime_type, array_keys($allowed_mimes))) + { + $template->assign( + array( + 'save_error' => 'Invalid image file.', + ) ); - - // Only get image size for raster images aka png and jpg, - // exclude svg because getimagesize dones't work on svg - if ($mime_type !== 'image/svg+xml' && $mime_type !== 'image/svg') - { - $image_info = getimagesize($_FILES['std_pgs_logo']['tmp_name']); - if ($image_info === false) - { - $template->assign(array( - 'save_error' => l10n('Invalid image file.') - )); - return; - } - - list($width, $height, $type) = $image_info; - } - + } + else + { $upload_dir = PHPWG_ROOT_PATH . PWG_LOCAL_DIR . 'logo'; if (mkgetdir($upload_dir, MKGETDIR_DEFAULT & ~MKGETDIR_DIE_ON_ERROR)) { $pathinfo = pathinfo($_FILES['std_pgs_logo']['name']); - $filename = str2url($pathinfo['filename']); - $extension = strtolower($pathinfo['extension']); + $file_path = $upload_dir . '/' . str2url($pathinfo['filename']) . '.' . $allowed_mimes[ $mime_type ]; - $new_name = $filename . '.' . $extension; - $file_path = $upload_dir . '/' . $new_name; - - //Save logo path to conf conf_update_param('standard_pages_selected_logo_path', $file_path, true); if (move_uploaded_file($_FILES['std_pgs_logo']['tmp_name'], $file_path)) @@ -113,20 +107,24 @@ if (isset($_FILES['std_pgs_logo']) and !empty($_FILES['std_pgs_logo']['tmp_name' } else { - $template->assign(array( - 'save_error' => "$file_path " . l10n('no write access'), - )); + $template->assign( + array( + 'save_error' => "$file_path " . l10n('no write access'), + ) + ); } - // } - } - else - { - $template->assign(array( - 'save_error' => sprintf( - l10n('Add write access to the "%s" directory'), - $upload_dir - ), - )); + } + else + { + $template->assign( + array( + 'save_error' => sprintf( + l10n('Add write access to the "%s" directory'), + $upload_dir + ), + ) + ); + } } }