From: Brian Wolff Date: Sat, 16 Apr 2011 18:34:24 +0000 (+0000) Subject: follow-up r86195 (Sort of). Make sure the string there can really be exploded before... X-Git-Tag: 1.31.0-rc.0~30773 X-Git-Url: http://git.cyclocoop.org/url?a=commitdiff_plain;h=5c3a804b6ca1657fd0de746fc7dc4dc8ebd1e33f;p=lhc%2Fweb%2Fwiklou.git follow-up r86195 (Sort of). Make sure the string there can really be exploded before calling explode on it. I originally had the two variables that r86195 removed there to catch the case of a malformed png file that didn't have a null byte where it was supposed to. However, just declaring the default for those variables wouldn't have been enough to prevent the warning from list( blah, blah) = explode(.. So now explicitly check the null byte is there like it should be. --- diff --git a/includes/media/PNGMetadataExtractor.php b/includes/media/PNGMetadataExtractor.php index a8a576ac42..9ee5a4a5d8 100644 --- a/includes/media/PNGMetadataExtractor.php +++ b/includes/media/PNGMetadataExtractor.php @@ -203,6 +203,11 @@ class PNGMetadataExtractor { } elseif ( $chunk_type == 'tEXt' ) { $buf = self::read( $fh, $chunk_size ); + // In case there is no \x00 which will make explode fail. + if ( strpos( $buf, "\x00" ) === false ) { + throw new Exception( __METHOD__ . ": Read error on tEXt chunk" ); + } + list( $keyword, $content ) = explode( "\x00", $buf, 2 ); if ( $keyword === '' || $content === '' ) { throw new Exception( __METHOD__ . ": Read error on tEXt chunk" ); @@ -231,6 +236,11 @@ class PNGMetadataExtractor { if ( function_exists( 'gzuncompress' ) ) { $buf = self::read( $fh, $chunk_size ); + // In case there is no \x00 which will make explode fail. + if ( strpos( $buf, "\x00" ) === false ) { + throw new Exception( __METHOD__ . ": Read error on zTXt chunk" ); + } + list( $keyword, $postKeyword ) = explode( "\x00", $buf, 2 ); if ( $keyword === '' || $postKeyword === '' ) { throw new Exception( __METHOD__ . ": Read error on zTXt chunk" );