From 9ab335626cdaad433c8f5b6d7fd4d980c1b37742 Mon Sep 17 00:00:00 2001
From: redmatrix <redmatrix@redmatrix.me>
Date: Sat, 26 Sep 2015 13:25:34 -0700
Subject: import_xchan_photo: check the return headers to ensure it's an image
 content-type of some form as imagick chucks a wobbly if you try to initialise
 an image with an html error page.

---
 include/photo/photo_driver.php | 108 ++++++++++++++++++++++++-----------------
 include/zot.php                |   2 +-
 2 files changed, 64 insertions(+), 46 deletions(-)

(limited to 'include')

diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php
index 2a7d1ae01..32b9bd302 100644
--- a/include/photo/photo_driver.php
+++ b/include/photo/photo_driver.php
@@ -591,67 +591,85 @@ function import_xchan_photo($photo,$xchan,$thing = false) {
 		if(! $type)
 			$type = 'image/jpeg';
 
+
 		$result = z_fetch_url($photo,true);
 
-		if($result['success'])
+		if($result['success']) {
 			$img_str = $result['body'];
-	}
-
-	$img = photo_factory($img_str, $type);
-	if($img->is_valid()) {
-		$width = $img->getWidth();
-		$height = $img->getHeight();
-	
-		if($width && $height) {
-			if(($width / $height) > 1.2) {
-				// crop out the sides
-				$margin = $width - $height;
-				$img->cropImage(300,($margin / 2),0,$height,$height);
-			}
-			elseif(($height / $width) > 1.2) {
-				// crop out the bottom
-				$margin = $height - $width;
-				$img->cropImage(300,0,0,$width,$width);
 
+			$h = explode("\n",$result['header']);
+			if($h) {
+				foreach($h as $hl) {
+					if(stristr($hl,'content-type:')) {
+						if(! stristr($hl,'image/')) {
+							$photo_failure = true;
+						}
+					}
+				}
 			}
-			else {
-				$img->scaleImageSquare(300);
-			}
-
 		}
-		else 
-			$photo_failure = true;
+	}
+	else {
+		$photo_failure = true;
+	}
 
-		$p = array('xchan' => $xchan,'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'scale' => 4);
+	if(! $photo_failure) {
+		$img = photo_factory($img_str, $type);
+		if($img->is_valid()) {
+			$width = $img->getWidth();
+			$height = $img->getHeight();
+	
+			if($width && $height) {
+				if(($width / $height) > 1.2) {
+					// crop out the sides
+					$margin = $width - $height;
+					$img->cropImage(300,($margin / 2),0,$height,$height);
+				}
+				elseif(($height / $width) > 1.2) {
+					// crop out the bottom
+					$margin = $height - $width;
+					$img->cropImage(300,0,0,$width,$width);
 
-		$r = $img->save($p);
+				}
+				else {
+					$img->scaleImageSquare(300);
+				}
 
-		if($r === false)
-			$photo_failure = true;
+			}
+			else 
+				$photo_failure = true;
 
-		$img->scaleImage(80);
-		$p['scale'] = 5;
+			$p = array('xchan' => $xchan,'resource_id' => $hash, 'filename' => basename($photo), 'album' => $album, 'photo_usage' => $flags, 'scale' => 4);
 
-		$r = $img->save($p);
+			$r = $img->save($p);
 
-		if($r === false)
-			$photo_failure = true;
+			if($r === false)
+				$photo_failure = true;
 
-		$img->scaleImage(48);
-		$p['scale'] = 6;
+			$img->scaleImage(80);
+			$p['scale'] = 5;
+	
+			$r = $img->save($p);
 
-		$r = $img->save($p);
+			if($r === false)
+				$photo_failure = true;
+	
+			$img->scaleImage(48);
+			$p['scale'] = 6;
+	
+			$r = $img->save($p);
 
-		if($r === false)
-			$photo_failure = true;
+			if($r === false)
+				$photo_failure = true;
 
-		$photo = $a->get_baseurl() . '/photo/' . $hash . '-4';
-		$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5';
-		$micro = $a->get_baseurl() . '/photo/' . $hash . '-6';
-	}
-	else {
-		logger('import_xchan_photo: invalid image from ' . $photo);	
-		$photo_failure = true;
+			$photo = $a->get_baseurl() . '/photo/' . $hash . '-4';
+			$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5';
+			$micro = $a->get_baseurl() . '/photo/' . $hash . '-6';
+		}
+		else {
+			logger('import_xchan_photo: invalid image from ' . $photo);	
+			$photo_failure = true;
+		}
 	}
 	if($photo_failure) {
 		$photo = $a->get_baseurl() . '/' . get_default_profile_photo();
diff --git a/include/zot.php b/include/zot.php
index 9bddb520d..ee3f603cd 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -2866,7 +2866,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
 
 			// don't pass these elements, they should not be synchronised
 
-			$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address');
+			$disallowed = array('channel_id','channel_account_id','channel_primary','channel_prvkey','channel_address','channel_deleted','channel_removed','channel_system');
 
 			if(in_array($k,$disallowed))
 				continue;
-- 
cgit v1.2.3