aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/blueimp/jquery-file-upload
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/blueimp/jquery-file-upload')
-rw-r--r--vendor/blueimp/jquery-file-upload/README.md2
-rw-r--r--vendor/blueimp/jquery-file-upload/SECURITY.md2
-rw-r--r--vendor/blueimp/jquery-file-upload/angularjs.html8
-rw-r--r--vendor/blueimp/jquery-file-upload/basic-plus.html8
-rw-r--r--vendor/blueimp/jquery-file-upload/basic.html6
-rw-r--r--[-rwxr-xr-x]vendor/blueimp/jquery-file-upload/bower-version-update.js0
-rw-r--r--vendor/blueimp/jquery-file-upload/bower.json2
-rw-r--r--vendor/blueimp/jquery-file-upload/cors/postmessage.html2
-rw-r--r--vendor/blueimp/jquery-file-upload/index.html6
-rw-r--r--vendor/blueimp/jquery-file-upload/jquery-ui.html6
-rw-r--r--vendor/blueimp/jquery-file-upload/package.json2
-rw-r--r--[-rwxr-xr-x]vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php34
-rw-r--r--vendor/blueimp/jquery-file-upload/server/php/index.php2
-rw-r--r--vendor/blueimp/jquery-file-upload/test/index.html6
14 files changed, 47 insertions, 39 deletions
diff --git a/vendor/blueimp/jquery-file-upload/README.md b/vendor/blueimp/jquery-file-upload/README.md
index d2f104d5c..d9e16ed18 100644
--- a/vendor/blueimp/jquery-file-upload/README.md
+++ b/vendor/blueimp/jquery-file-upload/README.md
@@ -10,7 +10,7 @@ Supports cross-domain, chunked and resumable file uploads and client-side image
## ⚠️ Security Notice
Security related releases:
-* [v9.25.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.25.1) Mitigates some [Potential vulnerabilities with PHP+ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php+imagemagick).
+* [v9.25.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.25.1) Mitigates some [Potential vulnerabilities with PHP+ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php-imagemagick).
* [v9.24.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/v9.24.1) Fixes a [Remote code execution vulnerability in the PHP component](VULNERABILITIES.md#remote-code-execution-vulnerability-in-the-php-component).
* v[9.10.1](https://github.com/blueimp/jQuery-File-Upload/releases/tag/9.10.1) Fixes an [Open redirect vulnerability in the GAE components](VULNERABILITIES.md#open-redirect-vulnerability-in-the-gae-components).
* Commit [4175032](https://github.com/blueimp/jQuery-File-Upload/commit/41750323a464e848856dc4c5c940663498beb74a) (*fixed in all tagged releases*) Fixes a [Cross-site scripting vulnerability in the Iframe Transport](VULNERABILITIES.md#cross-site-scripting-vulnerability-in-the-iframe-transport).
diff --git a/vendor/blueimp/jquery-file-upload/SECURITY.md b/vendor/blueimp/jquery-file-upload/SECURITY.md
index db58f7dd7..86ffc163b 100644
--- a/vendor/blueimp/jquery-file-upload/SECURITY.md
+++ b/vendor/blueimp/jquery-file-upload/SECURITY.md
@@ -113,7 +113,7 @@ location ^~ /path/to/project/server/php/files {
```
## Secure image processing configurations
-The following configuration mitigates [potential image processing vulnerabilities with ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php+imagemagick) by limiting the attack vectors to a small subset of image types (`GIF/JPEG/PNG`).
+The following configuration mitigates [potential image processing vulnerabilities with ImageMagick](VULNERABILITIES.md#potential-vulnerabilities-with-php-imagemagick) by limiting the attack vectors to a small subset of image types (`GIF/JPEG/PNG`).
Please also consider using alternative, safer image processing libraries like [libvips](https://github.com/libvips/libvips) or [imageflow](https://github.com/imazen/imageflow).
diff --git a/vendor/blueimp/jquery-file-upload/angularjs.html b/vendor/blueimp/jquery-file-upload/angularjs.html
index 2051bbf79..e8b05e77f 100644
--- a/vendor/blueimp/jquery-file-upload/angularjs.html
+++ b/vendor/blueimp/jquery-file-upload/angularjs.html
@@ -22,7 +22,7 @@
<meta name="description" content="File Upload widget with multiple file selection, drag&amp;drop support, progress bars, validation and preview images, audio and video for AngularJS. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads.">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap styles -->
-<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Generic page styles -->
<link rel="stylesheet" href="css/style.css">
<!-- blueimp Gallery styles -->
@@ -177,8 +177,8 @@
<a class="play-pause"></a>
<ol class="indicator"></ol>
</div>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
-<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.15/angular.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.3.15/angular.min.js" integrity="sha384-r6jjWwxAypHaESwS5an5J9dkfzwQuKVNV9FZM9B6fnt8PFuY0cVwLhV7BltCZhLy" crossorigin="anonymous"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
@@ -186,7 +186,7 @@
<!-- The Canvas to Blob plugin is included for image resizing functionality -->
<script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
<!-- Bootstrap JS is not required, but included for the responsive demo navigation -->
-<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<!-- blueimp Gallery script -->
<script src="https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js"></script>
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
diff --git a/vendor/blueimp/jquery-file-upload/basic-plus.html b/vendor/blueimp/jquery-file-upload/basic-plus.html
index acee24843..6d53acdc1 100644
--- a/vendor/blueimp/jquery-file-upload/basic-plus.html
+++ b/vendor/blueimp/jquery-file-upload/basic-plus.html
@@ -20,7 +20,7 @@
<meta name="description" content="File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap styles -->
-<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Generic page styles -->
<link rel="stylesheet" href="css/style.css">
<!-- CSS to style the file input field as button and adjust the Bootstrap progress bars -->
@@ -96,15 +96,15 @@
</div>
</div>
</div>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
-<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script>
+<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script>
<!-- The Canvas to Blob plugin is included for image resizing functionality -->
<script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
<!-- Bootstrap JS is not required, but included for the responsive demo navigation -->
-<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
<script src="js/jquery.iframe-transport.js"></script>
<!-- The basic File Upload plugin -->
diff --git a/vendor/blueimp/jquery-file-upload/basic.html b/vendor/blueimp/jquery-file-upload/basic.html
index 232a24624..a9ef6273e 100644
--- a/vendor/blueimp/jquery-file-upload/basic.html
+++ b/vendor/blueimp/jquery-file-upload/basic.html
@@ -20,7 +20,7 @@
<meta name="description" content="File Upload widget with multiple file selection, drag&amp;drop support and progress bar for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads.">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap styles -->
-<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Generic page styles -->
<link rel="stylesheet" href="css/style.css">
<!-- CSS to style the file input field as button and adjust the Bootstrap progress bars -->
@@ -96,7 +96,7 @@
</div>
</div>
</div>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
@@ -104,7 +104,7 @@
<!-- The basic File Upload plugin -->
<script src="js/jquery.fileupload.js"></script>
<!-- Bootstrap JS is not required, but included for the responsive demo navigation -->
-<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<script>
/*jslint unparam: true */
/*global window, $ */
diff --git a/vendor/blueimp/jquery-file-upload/bower-version-update.js b/vendor/blueimp/jquery-file-upload/bower-version-update.js
index 09ce3927e..09ce3927e 100755..100644
--- a/vendor/blueimp/jquery-file-upload/bower-version-update.js
+++ b/vendor/blueimp/jquery-file-upload/bower-version-update.js
diff --git a/vendor/blueimp/jquery-file-upload/bower.json b/vendor/blueimp/jquery-file-upload/bower.json
index 34594a32f..2a56262a1 100644
--- a/vendor/blueimp/jquery-file-upload/bower.json
+++ b/vendor/blueimp/jquery-file-upload/bower.json
@@ -1,6 +1,6 @@
{
"name": "blueimp-file-upload",
- "version": "9.25.1",
+ "version": "9.28.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&amp;drop support, progress bar, validation and preview images.",
"keywords": [
diff --git a/vendor/blueimp/jquery-file-upload/cors/postmessage.html b/vendor/blueimp/jquery-file-upload/cors/postmessage.html
index 6a56cf0b6..381a8e0cd 100644
--- a/vendor/blueimp/jquery-file-upload/cors/postmessage.html
+++ b/vendor/blueimp/jquery-file-upload/cors/postmessage.html
@@ -15,7 +15,7 @@
<head>
<meta charset="utf-8">
<title>jQuery File Upload Plugin postMessage API</title>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script>
</head>
<body>
<script>
diff --git a/vendor/blueimp/jquery-file-upload/index.html b/vendor/blueimp/jquery-file-upload/index.html
index c8c66ad8b..37e08a7cb 100644
--- a/vendor/blueimp/jquery-file-upload/index.html
+++ b/vendor/blueimp/jquery-file-upload/index.html
@@ -22,7 +22,7 @@
<meta name="description" content="File Upload widget with multiple file selection, drag&amp;drop support, progress bars, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads.">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- Bootstrap styles -->
-<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
+<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<!-- Generic page styles -->
<link rel="stylesheet" href="css/style.css">
<!-- blueimp Gallery styles -->
@@ -216,7 +216,7 @@
</tr>
{% } %}
</script>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script>
<!-- The jQuery UI widget factory, can be omitted if jQuery UI is already included -->
<script src="js/vendor/jquery.ui.widget.js"></script>
<!-- The Templates plugin is included to render the upload/download listings -->
@@ -226,7 +226,7 @@
<!-- The Canvas to Blob plugin is included for image resizing functionality -->
<script src="https://blueimp.github.io/JavaScript-Canvas-to-Blob/js/canvas-to-blob.min.js"></script>
<!-- Bootstrap JS is not required, but included for the responsive demo navigation -->
-<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
+<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
<!-- blueimp Gallery script -->
<script src="https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js"></script>
<!-- The Iframe Transport is required for browsers without support for XHR file uploads -->
diff --git a/vendor/blueimp/jquery-file-upload/jquery-ui.html b/vendor/blueimp/jquery-file-upload/jquery-ui.html
index 842dd4ca7..e44d41e89 100644
--- a/vendor/blueimp/jquery-file-upload/jquery-ui.html
+++ b/vendor/blueimp/jquery-file-upload/jquery-ui.html
@@ -22,7 +22,7 @@
<meta name="description" content="File Upload widget with multiple file selection, drag&amp;drop support, progress bars, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads and client-side image resizing. Works with any server-side platform (PHP, Python, Ruby on Rails, Java, Node.js, Go etc.) that supports standard HTML form file uploads.">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<!-- jQuery UI styles -->
-<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/dark-hive/jquery-ui.css" id="theme">
+<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/dark-hive/jquery-ui.css" integrity="sha384-ufZtQaOYGuy/CibAC5jmelOpBu3H78Js7HrXSLo4LGccHUrGGHXt+uaTcDbio3kI" crossorigin="anonymous">
<!-- Generic page styles -->
<link rel="stylesheet" href="css/style.css">
<!-- Demo styles -->
@@ -201,8 +201,8 @@
</tr>
{% } %}
</script>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
-<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha384-xBuQ/xzmlsLoJpyjoggmTEz8OWUFM0/RC5BsqQBDX2v5cMvDHcMakNTNrHIW2I5f" crossorigin="anonymous"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js" integrity="sha384-Dziy8F2VlJQLMShA6FHWNul/veM9bCkRUaLqr199K94ntO5QUrLJBEbYegdSkkqX" crossorigin="anonymous"></script>
<!-- The Templates plugin is included to render the upload/download listings -->
<script src="https://blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script>
<!-- The Load Image plugin is included for the preview images and image resizing functionality -->
diff --git a/vendor/blueimp/jquery-file-upload/package.json b/vendor/blueimp/jquery-file-upload/package.json
index 4b33a0362..0a635397c 100644
--- a/vendor/blueimp/jquery-file-upload/package.json
+++ b/vendor/blueimp/jquery-file-upload/package.json
@@ -1,6 +1,6 @@
{
"name": "blueimp-file-upload",
- "version": "9.25.1",
+ "version": "9.28.0",
"title": "jQuery File Upload",
"description": "File Upload widget with multiple file selection, drag&drop support, progress bar, validation and preview images, audio and video for jQuery. Supports cross-domain, chunked and resumable file uploads. Works with any server-side platform (Google App Engine, PHP, Python, Ruby on Rails, Java, etc.) that supports standard HTML form file uploads.",
"keywords": [
diff --git a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
index e44004395..5215e4c0f 100755..100644
--- a/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
+++ b/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php
@@ -38,9 +38,9 @@ class UploadHandler
'image_resize' => 'Failed to resize image'
);
- protected const IMAGETYPE_GIF = 1;
- protected const IMAGETYPE_JPEG = 2;
- protected const IMAGETYPE_PNG = 3;
+ const IMAGETYPE_GIF = 1;
+ const IMAGETYPE_JPEG = 2;
+ const IMAGETYPE_PNG = 3;
protected $image_objects = array();
@@ -1047,13 +1047,18 @@ class UploadHandler
}
protected function create_scaled_image($file_name, $version, $options) {
- if ($this->options['image_library'] === 2) {
- return $this->imagemagick_create_scaled_image($file_name, $version, $options);
- }
- if ($this->options['image_library'] && extension_loaded('imagick')) {
- return $this->imagick_create_scaled_image($file_name, $version, $options);
+ try {
+ if ($this->options['image_library'] === 2) {
+ return $this->imagemagick_create_scaled_image($file_name, $version, $options);
+ }
+ if ($this->options['image_library'] && extension_loaded('imagick')) {
+ return $this->imagick_create_scaled_image($file_name, $version, $options);
+ }
+ return $this->gd_create_scaled_image($file_name, $version, $options);
+ } catch (\Exception $e) {
+ error_log($e->getMessage());
+ return false;
}
- return $this->gd_create_scaled_image($file_name, $version, $options);
}
protected function destroy_image_object($file_path) {
@@ -1066,12 +1071,12 @@ class UploadHandler
$fp = fopen($file_path, 'r');
$data = fread($fp, 4);
fclose($fp);
- // GIF: 47 49 46
- if (substr($data, 0, 3) === 'GIF') {
+ // GIF: 47 49 46 38
+ if ($data === 'GIF8') {
return self::IMAGETYPE_GIF;
}
- // JPG: FF D8
- if (bin2hex(substr($data, 0, 2)) === 'ffd8') {
+ // JPG: FF D8 FF
+ if (bin2hex(substr($data, 0, 3)) === 'ffd8ff') {
return self::IMAGETYPE_JPEG;
}
// PNG: 89 50 4E 47
@@ -1082,6 +1087,9 @@ class UploadHandler
}
protected function is_valid_image_file($file_path) {
+ if (!preg_match('/\.(gif|jpe?g|png)$/i', $file_path)) {
+ return false;
+ }
return !!$this->imagetype($file_path);
}
diff --git a/vendor/blueimp/jquery-file-upload/server/php/index.php b/vendor/blueimp/jquery-file-upload/server/php/index.php
index 9c2cfb8eb..6caabb710 100644
--- a/vendor/blueimp/jquery-file-upload/server/php/index.php
+++ b/vendor/blueimp/jquery-file-upload/server/php/index.php
@@ -9,7 +9,7 @@
* Licensed under the MIT license:
* https://opensource.org/licenses/MIT
*/
-exit;
+
error_reporting(E_ALL | E_STRICT);
require('UploadHandler.php');
$upload_handler = new UploadHandler();
diff --git a/vendor/blueimp/jquery-file-upload/test/index.html b/vendor/blueimp/jquery-file-upload/test/index.html
index 0b5cf57b7..b8c585df5 100644
--- a/vendor/blueimp/jquery-file-upload/test/index.html
+++ b/vendor/blueimp/jquery-file-upload/test/index.html
@@ -20,7 +20,7 @@
<meta charset="utf-8">
<title>jQuery File Upload Plugin Test</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<link rel="stylesheet" href="https://code.jquery.com/qunit/qunit-1.23.1.css">
+<link rel="stylesheet" href="https://code.jquery.com/qunit/qunit-1.23.1.css" integrity="sha384-RW07PgMHO3eNYL7ddFK/okEi1rjvSeJ3Ck/TxGUHkmzSlGmw4R9/KGJYUD3OicMd" crossorigin="anonymous">
</head>
<body>
<h1 id="qunit-header">jQuery File Upload Plugin Test</h1>
@@ -145,7 +145,7 @@
</tr>
{% } %}
</script>
-<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js" integrity="sha384-nvAa0+6Qg9clwYCGGPpDQLVpLNn0fRaROjHqs13t4Ggj3Ez50XnGQqc/r8MhnRDZ" crossorigin="anonymous"></script>
<script src="../js/vendor/jquery.ui.widget.js"></script>
<script src="https://blueimp.github.io/JavaScript-Templates/js/tmpl.min.js"></script>
<script src="https://blueimp.github.io/JavaScript-Load-Image/js/load-image.all.min.js"></script>
@@ -166,7 +166,7 @@ window.testBasicWidget = $.blueimp.fileupload;
/* global window, $ */
window.testUIWidget = $.blueimp.fileupload;
</script>
-<script src="https://code.jquery.com/qunit/qunit-1.23.1.js"></script>
+<script src="https://code.jquery.com/qunit/qunit-1.23.1.js" integrity="sha384-FJbPWND3tHbuhP8PhCp3Kn0bEtCxaIq+sfkmiJ+Su0jchKFnVbPQTTyPiuwqbkXa" crossorigin="anonymous"></script>
<script src="test.js"></script>
</body>
</html>