diff options
| author | Michal Čihař <michal@cihar.com> | 2016-07-13 10:37:24 +0300 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2016-07-13 10:39:30 +0300 |
| commit | ff88cdbed224273b65e3df3a584c16e8b893cbbf (patch) | |
| tree | ddd1d551a0f866712049ef2ec02016b664868d6f /transformation_wrapper.php | |
| parent | 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d (diff) | |
Validate image scaling dimensions
Ensure we pass only integers and they are not too big.
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'transformation_wrapper.php')
| -rw-r--r-- | transformation_wrapper.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/transformation_wrapper.php b/transformation_wrapper.php index bd3d9f987c..b879a7206f 100644 --- a/transformation_wrapper.php +++ b/transformation_wrapper.php @@ -36,9 +36,20 @@ $request_params = array( 'transform_key', 'where_clause' ); +$size_params = array( + 'newHeight', + 'newWidth', +); foreach ($request_params as $one_request_param) { if (isset($_REQUEST[$one_request_param])) { - $GLOBALS[$one_request_param] = $_REQUEST[$one_request_param]; + if (in_array($one_request_param, $size_params)) { + $GLOBALS[$one_request_param] = intval($_REQUEST[$one_request_param]); + if ($GLOBALS[$one_request_param] > 2000) { + $GLOBALS[$one_request_param] = 2000; + } + } else { + $GLOBALS[$one_request_param] = $_REQUEST[$one_request_param]; + } } } |