From: Mikael Nordfeldth Date: Fri, 24 Jun 2016 13:47:02 +0000 (+0200) Subject: StoreRemoteMedia avoids too large files X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=f1e3314bb790de9f372b47f3bc5af0f2e85b3710;p=quix0rs-gnu-social.git StoreRemoteMedia avoids too large files --- diff --git a/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php b/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php index f38ca4713e..c9964869a4 100644 --- a/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php +++ b/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php @@ -77,22 +77,44 @@ class StoreRemoteMediaPlugin extends Plugin return true; } - if (!$this->checkWhiteList($file->getUrl()) || - !$this->checkBlackList($file->getUrl())) { + $remoteUrl = $file->getUrl(); + + if (!$this->checkWhiteList($remoteUrl) || + !$this->checkBlackList($remoteUrl)) { return true; } - // First we download the file to memory and test whether it's actually an image file - common_debug(sprintf('Downloading remote file id==%u with URL: %s', $file->getID(), _ve($file->getUrl()))); try { - $imgData = HTTPClient::quickGet($file->getUrl()); + $http = new HTTPClient(); + common_debug(sprintf('Performing HEAD request for remote file id==%u to avoid unnecessarily downloading too large files. URL: %s', $file->getID(), $remoteUrl)); + $head = $http->head($remoteUrl); + $headers = $head->getHeader(); + if (!isset($headers['content-length'])) { + // file size not specified on remote server + common_debug(sprintf('%s: Ignoring remote media because we did not get a content length for file id==%u', __CLASS__, $file->getID())); + return true; + } elseif (intval($headers['content-length']) > common_config('attachments', 'file_quota')) { + // file too big + common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than file_quota (%u) for file id==%u', __CLASS__, intval($headers['content-length']), common_config('attachments', 'file_quota'), $file->getID())); + return true; + } + + $remoteUrl = $head->effectiveUrl; // to avoid going through redirects again + if (!$this->checkBlackList($remoteUrl)) { + common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s', __CLASS__, $file->getUrl(), $remoteUrl)); + return true; + } + + // Then we download the file to memory and test whether it's actually an image file + common_debug(sprintf('Downloading remote file id==%u with effective URL: %s', $file->getID(), _ve($remoteUrl))); + $imgData = $http->get($remoteUrl); } catch (HTTP_Request2_ConnectionException $e) { common_log(LOG_ERR, __CLASS__.': quickGet on URL: '._ve($file->getUrl()).' threw exception: '.$e->getMessage()); return true; } $info = @getimagesizefromstring($imgData); if ($info === false) { - throw new UnsupportedMediaException(_('Remote file format was not identified as an image.'), $file->getUrl()); + throw new UnsupportedMediaException(_('Remote file format was not identified as an image.'), $remoteUrl); } elseif (!$info[0] || !$info[1]) { throw new UnsupportedMediaException(_('Image file had impossible geometry (0 width or height)')); }