From af23c9f7cd4530c70fcbcceffba278648ec95ab0 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Fri, 24 Jun 2016 15:56:14 +0200 Subject: [PATCH] StoreRemoteMedia now checks remote filesize before downloading --- .../StoreRemoteMediaPlugin.php | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php b/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php index c9964869a4..36e3544efa 100644 --- a/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php +++ b/plugins/StoreRemoteMedia/StoreRemoteMediaPlugin.php @@ -85,28 +85,33 @@ class StoreRemoteMediaPlugin extends Plugin } try { + /* $http = new HTTPClient(); common_debug(sprintf('Performing HEAD request for remote file id==%u to avoid unnecessarily downloading too large files. URL: %s', $file->getID(), $remoteUrl)); $head = $http->head($remoteUrl); + $remoteUrl = $head->effectiveUrl; // to avoid going through redirects again + if (!$this->checkBlackList($remoteUrl)) { + common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s', __CLASS__, $file->getUrl(), $remoteUrl)); + return true; + } + $headers = $head->getHeader(); - if (!isset($headers['content-length'])) { + $filesize = isset($headers['content-length']) ? $headers['content-length'] : null; + */ + $filesize = $file->getSize(); + if (empty($filesize)) { // file size not specified on remote server common_debug(sprintf('%s: Ignoring remote media because we did not get a content length for file id==%u', __CLASS__, $file->getID())); return true; - } elseif (intval($headers['content-length']) > common_config('attachments', 'file_quota')) { + } elseif ($filesize > common_config('attachments', 'file_quota')) { // file too big - common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than file_quota (%u) for file id==%u', __CLASS__, intval($headers['content-length']), common_config('attachments', 'file_quota'), $file->getID())); - return true; - } - - $remoteUrl = $head->effectiveUrl; // to avoid going through redirects again - if (!$this->checkBlackList($remoteUrl)) { - common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s', __CLASS__, $file->getUrl(), $remoteUrl)); + common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than file_quota (%u) for file id==%u', __CLASS__, intval($filesize), common_config('attachments', 'file_quota'), $file->getID())); return true; } + $http = new HTTPClient(); // Then we download the file to memory and test whether it's actually an image file - common_debug(sprintf('Downloading remote file id==%u with effective URL: %s', $file->getID(), _ve($remoteUrl))); + common_debug(sprintf('Downloading remote file id==%u (should be size %u) with effective URL: %s', $file->getID(), $filesize, _ve($remoteUrl))); $imgData = $http->get($remoteUrl); } catch (HTTP_Request2_ConnectionException $e) { common_log(LOG_ERR, __CLASS__.': quickGet on URL: '._ve($file->getUrl()).' threw exception: '.$e->getMessage()); -- 2.39.5