X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=www%2Fplugins-dist%2Fmedias%2Flib%2Fgetid3%2Fmodule.audio.bonk.php;h=c6cf9ac7c9eb13bdc52f2ffd6dc61c95cfdd7aed;hb=fd181064435bb60f1664ba4d8836fefce6ab0e0a;hp=53983914ff9a9206bc963464a7aedf88f4331980;hpb=ca80d6d980f19d00653a96f5c25f524b3d7334ed;p=lhc%2Fweb%2Fwww.git diff --git a/www/plugins-dist/medias/lib/getid3/module.audio.bonk.php b/www/plugins-dist/medias/lib/getid3/module.audio.bonk.php index 53983914..c6cf9ac7 100644 --- a/www/plugins-dist/medias/lib/getid3/module.audio.bonk.php +++ b/www/plugins-dist/medias/lib/getid3/module.audio.bonk.php @@ -14,6 +14,9 @@ // /// ///////////////////////////////////////////////////////////////// +if (!defined('GETID3_INCLUDEPATH')) { // prevent path-exposing attacks that access modules directly on public webservers + exit; +} class getid3_bonk extends getid3_handler { @@ -44,7 +47,7 @@ class getid3_bonk extends getid3_handler $this->fseek(0 - $BonkTagSize, SEEK_CUR); $BonkTagOffset = $this->ftell(); $TagHeaderTest = $this->fread(5); - if (($TagHeaderTest{0} != "\x00") || (substr($PossibleBonkTag, 4, 4) != strtolower(substr($PossibleBonkTag, 4, 4)))) { + if (($TagHeaderTest[0] != "\x00") || (substr($PossibleBonkTag, 4, 4) != strtolower(substr($PossibleBonkTag, 4, 4)))) { $this->error('Expecting "'.getid3_lib::PrintHexBytes("\x00".strtoupper(substr($PossibleBonkTag, 4, 4))).'" at offset '.$BonkTagOffset.', found "'.getid3_lib::PrintHexBytes($TagHeaderTest).'"'); return false; } @@ -201,7 +204,7 @@ class getid3_bonk extends getid3_handler // ID3v2 checking is optional if (class_exists('getid3_id3v2')) { $getid3_temp = new getID3(); - $getid3_temp->openfile($this->getid3->filename); + $getid3_temp->openfile($this->getid3->filename, $this->getid3->info['filesize'], $this->getid3->fp); $getid3_id3v2 = new getid3_id3v2($getid3_temp); $getid3_id3v2->StartingOffset = $info['bonk'][' ID3']['offset'] + 2; $info['bonk'][' ID3']['valid'] = $getid3_id3v2->Analyze();