Avoid passing null bytes in regular expression in Object\Image

- Remove capturing expression for A|B in favor of bracket syntax in regular expression since matches aren't used.
- Regular expressions have their own character escape notation including backslashes that need to be escaped in a PHP string.
- Actually address https://github.com/friendica/friendica/issues/13761#issuecomment-1949930922
This commit is contained in:
Hypolite Petovan 2024-02-17 22:27:37 -05:00
parent 08fa51d0bb
commit 1956c2ecfd

View File

@ -53,7 +53,7 @@ class Image
* *
* @param string $data Image data * @param string $data Image data
* @param string $type optional, default '' * @param string $type optional, default ''
* @param string $filename optional, default '' * @param string $filename optional, default ''
* @param string $imagick optional, default 'true' * @param string $imagick optional, default 'true'
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException * @throws \ImagickException
@ -100,7 +100,7 @@ class Image
} }
if ($this->imageType == IMAGETYPE_GIF) { if ($this->imageType == IMAGETYPE_GIF) {
$count = @preg_match_all("#\x00\x21\xF9\x04.{4}\x00(\x2C|\x21)#s", $data); $count = preg_match_all("#\\x00\\x21\\xF9\\x04.{4}\\x00[\\x2C\\x21]#s", $data);
return ($count > 0); return ($count > 0);
} }
@ -748,7 +748,7 @@ class Image
case IMAGETYPE_GIF: case IMAGETYPE_GIF:
imagegif($this->image, $stream); imagegif($this->image, $stream);
break; break;
case IMAGETYPE_WEBP: case IMAGETYPE_WEBP:
imagewebp($this->image, $stream, DI::config()->get('system', 'jpeg_quality')); imagewebp($this->image, $stream, DI::config()->get('system', 'jpeg_quality'));
break; break;