From f0482c9ba9b47622cd95f62da8d12e9200738078 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kov=C3=A1ts=20Levente?= <tovask59@gmail.com>
Date: Mon, 18 Jan 2021 17:24:07 +0100
Subject: [PATCH] =?UTF-8?q?biztons=C3=A1gosabb=20f=C3=A1jl=20t=C3=ADpus=20?=
 =?UTF-8?q?ellen=C5=91rz=C3=A9s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

getimagesize állítólag nem a legjobb erre

https://www.php.net/manual/en/function.getimagesize.php
---
 interface.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/interface.php b/interface.php
index d3cac0f..fb5c5c9 100644
--- a/interface.php
+++ b/interface.php
@@ -45,16 +45,16 @@ function process_uploaded_file($file_info)
     $MINIMUM_SIZE_BY_DIM = 2000; // minimális oldalméret
 
     $tmp_filename = $file_info["tmp_name"];
-    $img_info = getimagesize($tmp_filename);
+    $img_sizes = getimagesize($tmp_filename);
 
     // MIME-ellenőrzés
-    $mime_type = $img_info["mime"];
+    $mime_type = mime_content_type($tmp_filename);
     if (!in_array($mime_type, $ACCEPTED_MIME_TYPES)) { // ha nem megfelelő a fájltípus, akkor visszatérünk -1-gyel
         return MIME_ERROR;
     }
 
     // méretellenőrzés
-    if ($img_info[0] < $MINIMUM_SIZE_BY_DIM && $img_info[1] < $MINIMUM_SIZE_BY_DIM) {
+    if ($img_sizes[0] < $MINIMUM_SIZE_BY_DIM && $img_sizes[1] < $MINIMUM_SIZE_BY_DIM) {
         return SIZE_ERROR;
     }
 
@@ -105,14 +105,14 @@ function publish_image($artwork_details)
 
     //echo mysqli_error($dbconn);
 
-    $img_info = getimagesize($thumb_filename);
+    $img_sizes = getimagesize($thumb_filename);
 
     // felhasználótól jött adatok, ellenőrizni kell
     $author = mysqli_real_escape_string($dbconn, $artwork_details["author"]);
     $title = mysqli_real_escape_string($dbconn, $artwork_details["title"]);
     $desc = mysqli_real_escape_string($dbconn, $artwork_details["desc"]);
     $uid = md5_file($thumb_filename); // valami random...
-    $aspect_ratio = $img_info[0] / $img_info[1];
+    $aspect_ratio = $img_sizes[0] / $img_sizes[1];
     $query = "INSERT INTO publish_table (Author,Title,Description,Image_FileName,AspectRatio,ColorMean,Approved,UID,TS) VALUES('$author', '$title', '$desc', '$final_filename', $aspect_ratio, '$color_mean', TRUE, '$uid', CURRENT_TIMESTAMP);";
 
     $res = mysqli_query($dbconn, $query);