Index: /FCKeditor/trunk/editor/filemanager/connectors/php/commands.php =================================================================== --- /FCKeditor/trunk/editor/filemanager/connectors/php/commands.php (revision 943) +++ /FCKeditor/trunk/editor/filemanager/connectors/php/commands.php (revision 944) @@ -185,5 +185,13 @@ if ( isset( $Config['SecureImageUploads'] ) ) { - if ( !IsFileValid( $oFile['tmp_name'], $sExtension, $Config['SecureImageUploads'] ) ) + if ( !IsImageValid( $oFile['tmp_name'], $sExtension ) ) + { + $sErrorNumber = '202' ; + } + } + + if ( isset( $Config['HtmlExtensions'] ) ) + { + if ( !IsHtmlExtension( $sExtension, $Config['HtmlExtensions'] ) && DetectHtml( $oFile['tmp_name'] ) ) { $sErrorNumber = '202' ; Index: /FCKeditor/trunk/editor/filemanager/connectors/php/config.php =================================================================== --- /FCKeditor/trunk/editor/filemanager/connectors/php/config.php (revision 943) +++ /FCKeditor/trunk/editor/filemanager/connectors/php/config.php (revision 944) @@ -48,11 +48,7 @@ $Config['ForceSingleExtension'] = true ; -// Perform additional checks for image files - check whether uploaded images are valid image files -// 0 = turn off -// 1 = validate image files using getimagesize, should be enough to reject files that are not images at all -// 2 = most secure option, validate images also against MIME Type Detection bug that -// can lead to Cross Site Scripting attacks (when image contains HTML tags in the first 1KB, some browsers may render it as a HTML file). -// Attention: it may produce false positives in some situations -$Config['SecureImageUploads'] = 2; +// Perform additional checks for image files +// if set to true, validate image size (using getimagesize) +$Config['SecureImageUploads'] = true; // What the user can do with this connector @@ -61,4 +57,8 @@ // Allowed Resource Types $Config['ConfigAllowedTypes'] = array('File', 'Image', 'Flash', 'Media') ; + +// For security, HTML is allowed in the first Kb of data for files having the +// following extensions only. +$Config['HtmlExtensions'] = array("html", "htm", "xml", "xsd", "txt", "js") ; /* Index: /FCKeditor/trunk/editor/filemanager/connectors/php/util.php =================================================================== --- /FCKeditor/trunk/editor/filemanager/connectors/php/util.php (revision 943) +++ /FCKeditor/trunk/editor/filemanager/connectors/php/util.php (revision 944) @@ -54,4 +54,25 @@ return ( htmlspecialchars( $value ) ) ; } +} + +/** + * Check whether given extension is in html etensions list + * + * @param string $ext + * @param array $htmlExtensions + * @return boolean + */ +function IsHtmlExtension( $ext, $htmlExtensions ) +{ + if ( !$htmlExtensions || !is_array( $htmlExtensions ) ) + { + return false ; + } + $lcaseHtmlExtensions = array() ; + foreach ( $htmlExtensions as $key => $val ) + { + $lcaseHtmlExtensions[$key] = strtolower( $val ) ; + } + return in_array( $ext, $lcaseHtmlExtensions ) ; } @@ -127,10 +148,6 @@ * @return boolean */ -function IsFileValid( $filePath, $extension, $detectionLevel ) +function IsImageValid( $filePath, $extension ) { - if ( $detectionLevel <= 0 ) { - return true; - } - $imageCheckExtensions = array('gif', 'jpeg', 'jpg', 'png', 'swf', 'psd', 'bmp', 'iff'); @@ -159,15 +176,7 @@ } - if ( $detectionLevel >= 1) { - if ( @getimagesize( $filePath ) === false ) { - return false ; - } - } - - if ( $detectionLevel >= 2) { - if ( DetectHtml( $filePath ) ) { - return false; - } - } + if ( @getimagesize( $filePath ) === false ) { + return false ; + } return true;