From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sun, 18 Feb 2024 03:27:37 +0000 (-0500)
Subject: Avoid passing null bytes in regular expression in Object\Image
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=1956c2ecfd9513892a1547a62976dc05bc2c2cc4;p=friendica.git

Avoid passing null bytes in regular expression in Object\Image

- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-1949930922
---

diff --git a/src/Object/Image.php b/src/Object/Image.php
index d024904c3d..d2a5c3ce77 100644
--- a/src/Object/Image.php
+++ b/src/Object/Image.php
@@ -53,7 +53,7 @@ class Image
 	 *
 	 * @param string $data     Image data
 	 * @param string $type     optional, default ''
-	 * @param string $filename optional, default '' 
+	 * @param string $filename optional, default ''
 	 * @param string $imagick  optional, default 'true'
 	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 * @throws \ImagickException
@@ -100,7 +100,7 @@ class Image
 		}
 
 		if ($this->imageType == IMAGETYPE_GIF) {
-			$count = @preg_match_all("#\x00\x21\xF9\x04.{4}\x00(\x2C|\x21)#s", $data);
+			$count = preg_match_all("#\\x00\\x21\\xF9\\x04.{4}\\x00[\\x2C\\x21]#s", $data);
 			return ($count > 0);
 		}
 
@@ -748,7 +748,7 @@ class Image
 			case IMAGETYPE_GIF:
 				imagegif($this->image, $stream);
 				break;
-				
+
 			case IMAGETYPE_WEBP:
 				imagewebp($this->image, $stream, DI::config()->get('system', 'jpeg_quality'));
 				break;