diff options
| author | Mario <mario@mariovavti.com> | 2018-11-25 10:18:26 +0100 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2018-11-25 10:18:26 +0100 |
| commit | c7ae3fdc9af6e78ddee63fff4a9938df27d0d39d (patch) | |
| tree | ec547ab9507de9a67d48f91fe1345b4746c0ef0f /vendor/blueimp | |
| parent | bc9f2922e0e255e97cb607d099f60c8a81c4736f (diff) | |
| download | volse-hubzilla-c7ae3fdc9af6e78ddee63fff4a9938df27d0d39d.tar.gz volse-hubzilla-c7ae3fdc9af6e78ddee63fff4a9938df27d0d39d.tar.bz2 volse-hubzilla-c7ae3fdc9af6e78ddee63fff4a9938df27d0d39d.zip | |
update jquery-file-upload and psr-log via composer
Diffstat (limited to 'vendor/blueimp')
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/README.md | 2 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/SECURITY.md | 2 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/angularjs.html | 8 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/basic-plus.html | 8 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/basic.html | 6 | ||||
| -rw-r--r--[-rwxr-xr-x] | vendor/blueimp/jquery-file-upload/bower-version-update.js | 0 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/bower.json | 2 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/cors/postmessage.html | 2 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/index.html | 6 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/jquery-ui.html | 6 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/package.json | 2 | ||||
| -rw-r--r--[-rwxr-xr-x] | vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php | 34 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/server/php/index.php | 2 | ||||
| -rw-r--r-- | vendor/blueimp/jquery-file-upload/test/index.html | 6 |
14 files changed, 47 insertions, 39 deletions
diff --git a/vendor/blueimp/jquery-file-upload/README.md b/vendor/blueimp/jquery-file-upload/README.md index d2f104d5c..d9e16ed18 100644 --- a/vendor/blueimp/jquery-file-upload/README.md +++ b/vendor/blueimp/jquery-file-upload/README.md @@ -10,7 +10,7 @@ Supports cross-domain, chunked and resumable file uploads and client-side image ## ⚠️ Security Notice Security related releases: -* [v9.25.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.25.1) Mitigates some [Potential vulnerabilities with PHP+ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php+imagemagick). +* [v9.25.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.25.1) Mitigates some [Potential vulnerabilities with PHP+ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php-imagemagick). * [v9.24.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.24.1) Fixes a [Remote code execution vulnerability in the PHP component](VULNERABILITIES.md#remote-code-execution-vulnerability-in-the-php-component). * v[9.10.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/9.10.1) Fixes an [Open redirect vulnerability in the GAE components](VULNERABILITIES.md#open-redirect-vulnerability-in-the-gae-components). * Commit [4175032](https://github.com/blueimp/jQuery-File-Upload/commit/41750323a464e848856dc4c5c940663498beb74a) (*fixed in all tagged releases*) Fixes a [Cross-site scripting vulnerability in the Iframe Transport](VULNERABILITIES.md#cross-site-scripting-vulnerability-in-the-iframe-transport). diff --git a/vendor/blueimp/jquery-file-upload/SECURITY.md b/vendor/blueimp/jquery-file-upload/SECURITY.md index db58f7dd7..86ffc163b 100644 --- a/vendor/blueimp/jquery-file-upload/SECURITY.md +++ b/vendor/blueimp/jquery-file-upload/SECURITY.md @@ -113,7 +113,7 @@ location ^~ /path/to/project/server/php/files { ``` ## Secure image processing configurations -The following configuration mitigates [potential image processing vulnerabilities with ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php+imagemagick) by limiting the attack vectors to a small subset of image types (`GIF/JPEG/PNG`). +The following configuration mitigates [potential image processing vulnerabilities with ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php-imagemagick) by limiting the attack vectors to a small subset of image types (`GIF/JPEG/PNG`). Please also consider using alternative, safer image processing libraries like [libvips](https://github.com/libvips/libvips) or [imageflow](https://github.com/imazen/imageflow). diff --git a/vendor/blueimp/jquery-file-upload/angularjs.html b/vendor/blueimp/jquery-file-upload/angularjs.html index 2051bbf79..e8b05e77f 100644 --- a/vendor/blueimp/jquery-file-upload/angularjs.html +++ b/vendor/blueimp/jquery-file-upload/angularjs.html @@ -22,7 +22,7 @@ <meta name="description" content="File Upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for AngularJS. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads."> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Bootstrap styles --> -<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> +<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- Generic page styles --> <link rel="stylesheet" href="css/style.css"> <!-- blueimp Gallery styles --> @@ -177,8 +177,8 @@ <a class="play-pause"></a> <ol class="indicator"></ol> </div> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> -<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.15/angular.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script> +<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.15/angular.min.js" integrity="sha384-r6jjWwxAypHaESwS5an5J9dkfzwQuKVNV9FZM9B6fnt8PFuY0cVwLhV7BltCZhLy" crossorigin="anonymous"></script> <!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included --> <script src="js/vendor/jquery.ui.widget.js"></script> <!-- The Load Image plugin is included for the preview images and image resizing functionality --> @@ -186,7 +186,7 @@ <!-- The Canvas to Blob plugin is included for image resizing functionality --> <script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script> <!-- Bootstrap JS is not required, but included for the responsive demo navigation --> -<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> +<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <!-- blueimp Gallery script --> <script src="https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js"></script> <!-- The Iframe Transport is required for browsers without support for XHR file uploads --> diff --git a/vendor/blueimp/jquery-file-upload/basic-plus.html b/vendor/blueimp/jquery-file-upload/basic-plus.html index acee24843..6d53acdc1 100644 --- a/vendor/blueimp/jquery-file-upload/basic-plus.html +++ b/vendor/blueimp/jquery-file-upload/basic-plus.html @@ -20,7 +20,7 @@ <meta name="description" content="File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads."> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Bootstrap styles --> -<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> +<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- Generic page styles --> <link rel="stylesheet" href="css/style.css"> <!-- CSS to style the file input field as button and adjust the Bootstrap progress bars --> @@ -96,15 +96,15 @@ </div> </div> </div> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script> <!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included --> <script src="js/vendor/jquery.ui.widget.js"></script> <!-- The Load Image plugin is included for the preview images and image resizing functionality --> -<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script> +<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script> <!-- The Canvas to Blob plugin is included for image resizing functionality --> <script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script> <!-- Bootstrap JS is not required, but included for the responsive demo navigation --> -<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> +<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <!-- The Iframe Transport is required for browsers without support for XHR file uploads --> <script src="js/jquery.iframe-transport.js"></script> <!-- The basic File Upload plugin --> diff --git a/vendor/blueimp/jquery-file-upload/basic.html b/vendor/blueimp/jquery-file-upload/basic.html index 232a24624..a9ef6273e 100644 --- a/vendor/blueimp/jquery-file-upload/basic.html +++ b/vendor/blueimp/jquery-file-upload/basic.html @@ -20,7 +20,7 @@ <meta name="description" content="File Upload widget with multiple file selection, drag&drop support and progress bar for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads."> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Bootstrap styles --> -<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> +<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- Generic page styles --> <link rel="stylesheet" href="css/style.css"> <!-- CSS to style the file input field as button and adjust the Bootstrap progress bars --> @@ -96,7 +96,7 @@ </div> </div> </div> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script> <!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included --> <script src="js/vendor/jquery.ui.widget.js"></script> <!-- The Iframe Transport is required for browsers without support for XHR file uploads --> @@ -104,7 +104,7 @@ <!-- The basic File Upload plugin --> <script src="js/jquery.fileupload.js"></script> <!-- Bootstrap JS is not required, but included for the responsive demo navigation --> -<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> +<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <script> /*jslint unparam: true */ /*global window, $ */ diff --git a/vendor/blueimp/jquery-file-upload/bower-version-update.js b/vendor/blueimp/jquery-file-upload/bower-version-update.js index 09ce3927e..09ce3927e 100755..100644 --- a/vendor/blueimp/jquery-file-upload/bower-version-update.js +++ b/vendor/blueimp/jquery-file-upload/bower-version-update.js diff --git a/vendor/blueimp/jquery-file-upload/bower.json b/vendor/blueimp/jquery-file-upload/bower.json index 34594a32f..2a56262a1 100644 --- a/vendor/blueimp/jquery-file-upload/bower.json +++ b/vendor/blueimp/jquery-file-upload/bower.json @@ -1,6 +1,6 @@ { "name": "blueimp-file-upload", - "version": "9.25.1", + "version": "9.28.0", "title": "jQuery File Upload", "description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images.", "keywords": [ diff --git a/vendor/blueimp/jquery-file-upload/cors/postmessage.html b/vendor/blueimp/jquery-file-upload/cors/postmessage.html index 6a56cf0b6..381a8e0cd 100644 --- a/vendor/blueimp/jquery-file-upload/cors/postmessage.html +++ b/vendor/blueimp/jquery-file-upload/cors/postmessage.html @@ -15,7 +15,7 @@ <head> <meta charset="utf-8"> <title>jQuery File Upload Plugin postMessage API</title> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script> </head> <body> <script> diff --git a/vendor/blueimp/jquery-file-upload/index.html b/vendor/blueimp/jquery-file-upload/index.html index c8c66ad8b..37e08a7cb 100644 --- a/vendor/blueimp/jquery-file-upload/index.html +++ b/vendor/blueimp/jquery-file-upload/index.html @@ -22,7 +22,7 @@ <meta name="description" content="File Upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads."> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- Bootstrap styles --> -<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"> +<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"> <!-- Generic page styles --> <link rel="stylesheet" href="css/style.css"> <!-- blueimp Gallery styles --> @@ -216,7 +216,7 @@ </tr> {% } %} </script> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script> <!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included --> <script src="js/vendor/jquery.ui.widget.js"></script> <!-- The Templates plugin is included to render the upload/download listings --> @@ -226,7 +226,7 @@ <!-- The Canvas to Blob plugin is included for image resizing functionality --> <script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script> <!-- Bootstrap JS is not required, but included for the responsive demo navigation --> -<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script> +<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> <!-- blueimp Gallery script --> <script src="https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js"></script> <!-- The Iframe Transport is required for browsers without support for XHR file uploads --> diff --git a/vendor/blueimp/jquery-file-upload/jquery-ui.html b/vendor/blueimp/jquery-file-upload/jquery-ui.html index 842dd4ca7..e44d41e89 100644 --- a/vendor/blueimp/jquery-file-upload/jquery-ui.html +++ b/vendor/blueimp/jquery-file-upload/jquery-ui.html @@ -22,7 +22,7 @@ <meta name="description" content="File Upload widget with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads."> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <!-- jQuery UI styles --> -<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/dark-hive/jquery-ui.css" id="theme"> +<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/dark-hive/jquery-ui.css" integrity="sha384-ufZtQaOYGuy/CibAC5jmelOpBu3H78Js7HrXSLo4LGccHUrGGHXt+uaTcDbio3kI" crossorigin="anonymous"> <!-- Generic page styles --> <link rel="stylesheet" href="css/style.css"> <!-- Demo styles --> @@ -201,8 +201,8 @@ </tr> {% } %} </script> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> -<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js" integrity="sha384-Dziy8F2VlJQLMShA6FHWNul/veM9bCkRUaLqr199K94ntO5QUrLJBEbYegdSkkqX" crossorigin="anonymous"></script> <!-- The Templates plugin is included to render the upload/download listings --> <script src="https://blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script> <!-- The Load Image plugin is included for the preview images and image resizing functionality --> diff --git a/vendor/blueimp/jquery-file-upload/package.json b/vendor/blueimp/jquery-file-upload/package.json index 4b33a0362..0a635397c 100644 --- a/vendor/blueimp/jquery-file-upload/package.json +++ b/vendor/blueimp/jquery-file-upload/package.json @@ -1,6 +1,6 @@ { "name": "blueimp-file-upload", - "version": "9.25.1", + "version": "9.28.0", "title": "jQuery File Upload", "description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.", "keywords": [ diff --git a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php index e44004395..5215e4c0f 100755..100644 --- a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php +++ b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php @@ -38,9 +38,9 @@ class UploadHandler 'image_resize' => 'Failed to resize image' ); - protected const IMAGETYPE_GIF = 1; - protected const IMAGETYPE_JPEG = 2; - protected const IMAGETYPE_PNG = 3; + const IMAGETYPE_GIF = 1; + const IMAGETYPE_JPEG = 2; + const IMAGETYPE_PNG = 3; protected $image_objects = array(); @@ -1047,13 +1047,18 @@ class UploadHandler } protected function create_scaled_image($file_name, $version, $options) { - if ($this->options['image_library'] === 2) { - return $this->imagemagick_create_scaled_image($file_name, $version, $options); - } - if ($this->options['image_library'] && extension_loaded('imagick')) { - return $this->imagick_create_scaled_image($file_name, $version, $options); + try { + if ($this->options['image_library'] === 2) { + return $this->imagemagick_create_scaled_image($file_name, $version, $options); + } + if ($this->options['image_library'] && extension_loaded('imagick')) { + return $this->imagick_create_scaled_image($file_name, $version, $options); + } + return $this->gd_create_scaled_image($file_name, $version, $options); + } catch (\Exception $e) { + error_log($e->getMessage()); + return false; } - return $this->gd_create_scaled_image($file_name, $version, $options); } protected function destroy_image_object($file_path) { @@ -1066,12 +1071,12 @@ class UploadHandler $fp = fopen($file_path, 'r'); $data = fread($fp, 4); fclose($fp); - // GIF: 47 49 46 - if (substr($data, 0, 3) === 'GIF') { + // GIF: 47 49 46 38 + if ($data === 'GIF8') { return self::IMAGETYPE_GIF; } - // JPG: FF D8 - if (bin2hex(substr($data, 0, 2)) === 'ffd8') { + // JPG: FF D8 FF + if (bin2hex(substr($data, 0, 3)) === 'ffd8ff') { return self::IMAGETYPE_JPEG; } // PNG: 89 50 4E 47 @@ -1082,6 +1087,9 @@ class UploadHandler } protected function is_valid_image_file($file_path) { + if (!preg_match('/\.(gif|jpe?g|png)$/i', $file_path)) { + return false; + } return !!$this->imagetype($file_path); } diff --git a/vendor/blueimp/jquery-file-upload/server/php/index.php b/vendor/blueimp/jquery-file-upload/server/php/index.php index 9c2cfb8eb..6caabb710 100644 --- a/vendor/blueimp/jquery-file-upload/server/php/index.php +++ b/vendor/blueimp/jquery-file-upload/server/php/index.php @@ -9,7 +9,7 @@ * Licensed under the MIT license: * https://opensource.org/licenses/MIT */ -exit; + error_reporting(E_ALL | E_STRICT); require('UploadHandler.php'); $upload_handler = new UploadHandler(); diff --git a/vendor/blueimp/jquery-file-upload/test/index.html b/vendor/blueimp/jquery-file-upload/test/index.html index 0b5cf57b7..b8c585df5 100644 --- a/vendor/blueimp/jquery-file-upload/test/index.html +++ b/vendor/blueimp/jquery-file-upload/test/index.html @@ -20,7 +20,7 @@ <meta charset="utf-8"> <title>jQuery File Upload Plugin Test</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> -<link rel="stylesheet" href="https://code.jquery.com/qunit/qunit-1.23.1.css"> +<link rel="stylesheet" href="https://code.jquery.com/qunit/qunit-1.23.1.css" integrity="sha384-RW07PgMHO3eNYL7ddFK/okEi1rjvSeJ3Ck/TxGUHkmzSlGmw4R9/KGJYUD3OicMd" crossorigin="anonymous"> </head> <body> <h1 id="qunit-header">jQuery File Upload Plugin Test</h1> @@ -145,7 +145,7 @@ </tr> {% } %} </script> -<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script> +<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js" integrity="sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ" crossorigin="anonymous"></script> <script src="../js/vendor/jquery.ui.widget.js"></script> <script src="https://blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script> <script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script> @@ -166,7 +166,7 @@ window.testBasicWidget = $.blueimp.fileupload; /* global window, $ */ window.testUIWidget = $.blueimp.fileupload; </script> -<script src="https://code.jquery.com/qunit/qunit-1.23.1.js"></script> +<script src="https://code.jquery.com/qunit/qunit-1.23.1.js" integrity="sha384-FJbPWND3tHbuhP8PhCp3Kn0bEtCxaIq+sfkmiJ+Su0jchKFnVbPQTTyPiuwqbkXa" crossorigin="anonymous"></script> <script src="test.js"></script> </body> </html> |