fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-02 01:52:10 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'security/rve-2026-6'

Browse source
This commit is contained in:
Kijin Sung 2026-03-31 20:51:14 +09:00
commit ae44685306
2 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/file/file.controller.php
View file

@ -1162,9 +1162,9 @@ class FileController extends File
public function adjustUploadedImage($file_info, $config)
{
// Get image information
if (in_array($file_info['extension'], ['avif', 'heic', 'heif']) && !empty($config->magick_command))
if (in_array($file_info['extension'], ['avif', 'heic', 'heif']) && !empty($config->magick_command) && Rhymix\Framework\Storage::isExecutable($config->magick_command))
{
$command = \RX_WINDOWS ? escapeshellarg($config->magick_command) : $config->magick_command;
$command = (preg_match('![^a-z0-9/._-]!', $config->magick_command) || \RX_WINDOWS) ? escapeshellarg($config->magick_command) : $config->magick_command;
$command .= ' identify ' . escapeshellarg($file_info['tmp_name']);
if (!\RX_WINDOWS && isset($config->magick_timeout) && $config->magick_timeout > 0)
{
@ -1364,7 +1364,7 @@ class FileController extends File
// Convert using magick
$command = vsprintf('%s %s -resize %dx%d -quality %d %s %s %s', [
\RX_WINDOWS ? escapeshellarg($config->magick_command) : $config->magick_command,
(preg_match('![^a-z0-9/._-]!', $config->magick_command) || \RX_WINDOWS) ? escapeshellarg($config->magick_command) : $config->magick_command,
escapeshellarg($file_info['tmp_name']),
$adjusted['width'],
$adjusted['height'],
@ -1386,10 +1386,10 @@ class FileController extends File
$result = FileHandler::createImageFile($file_info['tmp_name'], $output_name, $adjusted['width'], $adjusted['height'], $adjusted['type'], 'fill', $adjusted['quality'], $adjusted['rotate']);
// If the image cannot be resized using GD, try ImageMagick.
if (!$result && !empty($config->magick_command))
if (!$result && !empty($config->magick_command) && Rhymix\Framework\Storage::isExecutable($config->magick_command))
{
$command = vsprintf('%s %s -resize %dx%d -quality %d %s %s %s', [
\RX_WINDOWS ? escapeshellarg($config->magick_command) : $config->magick_command,
(preg_match('![^a-z0-9/._-]!', $config->magick_command) || \RX_WINDOWS) ? escapeshellarg($config->magick_command) : $config->magick_command,
escapeshellarg($file_info['tmp_name']),
$adjusted['width'],
$adjusted['height'],