diff options
Diffstat (limited to 'include/attach.php')
| -rw-r--r-- | include/attach.php | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/include/attach.php b/include/attach.php index 02b94ddb6..0569b97fb 100644 --- a/include/attach.php +++ b/include/attach.php @@ -63,6 +63,7 @@ function z_mime_content_type($filename) { 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'webp' => 'image/webp', + 'avif' => 'image/avif', 'bmp' => 'image/bmp', 'ico' => 'image/vnd.microsoft.icon', 'tiff' => 'image/tiff', @@ -673,7 +674,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { logger('getimagesize: ' . print_r($gis,true), LOGGER_DATA); } - if(($gis) && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG || $gis[2] === IMAGETYPE_WEBP)) { + if(($gis) && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG || $gis[2] === IMAGETYPE_WEBP || $gis[2] === IMAGETYPE_AVIF)) { $is_photo = 1; if($gis[2] === IMAGETYPE_GIF) $def_extension = '.gif'; @@ -683,6 +684,8 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { $def_extension = '.png'; if($gis[2] === IMAGETYPE_WEBP) $def_extension = '.webp'; + if($gis[2] === IMAGETYPE_AVIF) + $def_extension = '.avif'; } // If we know it's a photo, over-ride the type in case the source system could not determine what it was @@ -796,6 +799,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { } } + if (mb_strlen($filename, 'UTF-8') > MAX_FILENAME_LENGTH) { + logger('filename too long'); + $ret['message'] = t('Filename too long'); + return $ret; + } + if(! $hash) $hash = new_uuid(); @@ -1180,11 +1189,17 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { return $ret; } - if(isset($arr['filename']) && !strlen($arr['filename'])) { + if(empty($arr['filename'])) { $ret['message'] = t('Empty pathname'); return $ret; } + if(mb_strlen($arr['filename'], 'UTF-8') > MAX_FOLDER_LENGTH) { + logger('pathname too long'); + $ret['message'] = t('Pathname too long'); + return $ret; + } + $arr['hash'] = $arr['hash'] ?? new_uuid(); // Check for duplicate name. @@ -1919,7 +1934,7 @@ function attach_store_item($channel, $observer, $file) { drop_item($r[0]['id'], $stage); if (empty($r[0]['item_hidden'])) { - Master::Summon(['Notifier', 'drop', $i[0]['id']]); + Master::Summon(['Notifier', 'drop', $r[0]['id']]); } } @@ -2589,6 +2604,11 @@ function attach_move($channel_id, $resource_id, $new_folder_hash, $newname = '', } } + if (mb_strlen($filename, 'UTF-8') > MAX_FILENAME_LENGTH) { + logger('filename too long'); + $ret['message'] = t('Filename too long'); + return $ret; + } q("update attach set content = '%s', folder = '%s', filename = '%s', edited = '%s' where id = %d", dbescbin($newstorepath), |