@@ -312,6 +312,35 @@ } /** + * Private + * Checks for HTML tags that can be exploited via IE + * + * @param string filename + * + * @return bool + */ + function verify_image_file($filename) + { + // Verify that file is playing nice + $fp = fopen($filename, 'rb'); + if ($fp) + { + $header = fread($fp, 200); + fclose($fp); + if (preg_match('#verify_image_file($filename)) + { + return false; + } + $this->identifyformat = '%w###%h###%m###%n###%r###%z'; $this->imageinfo = $this->fetch_identify_info($filename); return $this->imageinfo; @@ -1100,7 +1134,7 @@ * Image class for GD Image Library * * @package vBulletin -* @version $Revision: 1.222 $ +* @version $Revision: 1.222 + patch $ * @date $Date: 2006/09/27 22:36:33 $ * */ @@ -1942,6 +1976,11 @@ 16=> 'XBM', ); + if (!$this->verify_image_file($filename)) + { + return false; + } + // use PHP's getimagesize if it works if ($imageinfo = getimagesize($filename)) {