Added a return false if an image doesn't pass XSS cleaning to prevent file_get_contents from returning a NULL and passing through unscathed.

commit: e463c4d71c2fdcc224e70f7576582220ae64e3d7 [log] [tgz]
author: Wes Baker <wes@wesbaker.com> Fri May 04 18:44:24 2012 -0400
committer: Phil Sturgeon <email@philsturgeon.co.uk> Mon May 07 16:13:30 2012 -0500
tree: 75f353a61582d4779a97b78ab0bb920c7ac94596
parent: 55ac2138482154c3aed7d6a6a2b6f196d0a04d9e [diff] [blame]
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index b0490de..0e5d73b 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php

@@ -868,6 +868,10 @@
 			{
 				return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
 			}
+			else
+			{
+				return FALSE;
+			}
 		}
 
 		if (($data = @file_get_contents($file)) === FALSE)
commit	e463c4d71c2fdcc224e70f7576582220ae64e3d7	[log] [tgz]
author	Wes Baker <wes@wesbaker.com>	Fri May 04 18:44:24 2012 -0400
committer	Phil Sturgeon <email@philsturgeon.co.uk>	Mon May 07 16:13:30 2012 -0500
tree	75f353a61582d4779a97b78ab0bb920c7ac94596
parent	55ac2138482154c3aed7d6a6a2b6f196d0a04d9e [diff] [blame]