added sanity check for images in is_allowed_filetype() using getimagesize()

commit: afa282f0ad2a7155766a69b605e27347d6c5f6fb [log] [tgz]
author: Derek Jones <derek.jones@ellislab.com> Tue Feb 10 17:11:52 2009 +0000
committer: Derek Jones <derek.jones@ellislab.com> Tue Feb 10 17:11:52 2009 +0000
tree: 5d557bbf0d4533ba1751d09f79b82da67666453c
parent: 254c0e4e3e4d4024d8fb9b79a5e891731bfb34d5 [diff] [blame]
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 54124bc..e40ef2b 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php

@@ -556,11 +556,22 @@
 			$this->set_error('upload_no_file_types');
 			return FALSE;
 		}
-			 	
+
+		$image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
+
 		foreach ($this->allowed_types as $val)
 		{
 			$mime = $this->mimes_types(strtolower($val));
-		
+
+			// Images get some additional checks
+			if (in_array($val, $image_types))
+			{
+				if (getimagesize($this->file_temp) === FALSE)
+				{
+					return FALSE;
+				}
+			}
+
 			if (is_array($mime))
 			{
 				if (in_array($this->file_type, $mime, TRUE))
commit	afa282f0ad2a7155766a69b605e27347d6c5f6fb	[log] [tgz]
author	Derek Jones <derek.jones@ellislab.com>	Tue Feb 10 17:11:52 2009 +0000
committer	Derek Jones <derek.jones@ellislab.com>	Tue Feb 10 17:11:52 2009 +0000
tree	5d557bbf0d4533ba1751d09f79b82da67666453c
parent	254c0e4e3e4d4024d8fb9b79a5e891731bfb34d5 [diff] [blame]