From e78d92c53560b7fda22322c30665bb95273d0912 Mon Sep 17 00:00:00 2001
From: Arcturus <github@drk.st>
Date: Sat, 5 Oct 2024 05:55:29 +0900
Subject: [PATCH] patch secure:
 https://github.com/gnuboard/gnuboard5/commit/3becc03d23deea0b1856905724d05808b6f142b5

---
 .../editor/cheditor5/imageUpload/upload.php   | 154 +++++++++---------
 1 file changed, 77 insertions(+), 77 deletions(-)

diff --git a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php
index cbabc56..c4ceda7 100644
--- a/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php
+++ b/AvocadoEdition_Light/plugin/editor/cheditor5/imageUpload/upload.php
@@ -2,60 +2,60 @@
 require_once("config.php");
 
 if (!function_exists('ft_nonce_is_valid')) {
-    include_once "../editor.lib.php";
+  include_once('../editor.lib.php');
 }
 
 if (!function_exists('che_reprocessImage')) {
-    function che_reprocessImage($file_path, $callback)
-    {
-        $MIME_TYPES_PROCESSORS = array(
-            "image/gif" => array("imagecreatefromgif", "imagegif"),
-            "image/jpg" => array("imagecreatefromjpeg", "imagejpeg"),
-            "image/jpeg" => array("imagecreatefromjpeg", "imagejpeg"),
-            "image/png" => array("imagecreatefrompng", "imagepng"),
-            "image/webp" => array("imagecreatefromwebp", "imagewebp"),
-            "image/bmp" => array("imagecreatefromwbmp", "imagewbmp")
-        );
+  function che_reprocessImage($file_path, $callback)
+  {
+    $MIME_TYPES_PROCESSORS = array(
+      "image/gif" => ["imagecreatefromgif", "imagegif"],
+      "image/jpg" => ["imagecreatefromjpeg", "imagejpeg"],
+      "image/jpeg" =>["imagecreatefromjpeg", "imagejpeg"],
+      "image/png" => ["imagecreatefrompng", "imagepng"],
+      "image/webp" =>["imagecreatefromwebp", "imagewebp"],
+      "image/bmp" => ["imagecreatefromwbmp", "imagewbmp"],
+    );
 
-        // Extracting mime type using getimagesize
-        try {
-            $image_info = getimagesize($file_path);
-            if ($image_info === null) {
-                //throw new Exception("Invalid image type");
-                return false;
-            }
+    // Extracting mime type using getimagesize
+    try {
+      $image_info = getimagesize($file_path);
+      if ($image_info === null) {
+        //throw new Exception("Invalid image type");
+        return false;
+      }
 
-            $mime_type = $image_info["mime"];
+      $mime_type = $image_info["mime"];
 
-            if (!array_key_exists($mime_type, $MIME_TYPES_PROCESSORS)) {
-                //throw new Exception("Invalid image MIME type");
-                return false;
-            }
+      if (!array_key_exists($mime_type, $MIME_TYPES_PROCESSORS)) {
+        //throw new Exception("Invalid image MIME type");
+        return false;
+      }
 
-            $image_from_file = $MIME_TYPES_PROCESSORS[$mime_type][0];
-            $image_to_file = $MIME_TYPES_PROCESSORS[$mime_type][1];
+      $image_from_file = $MIME_TYPES_PROCESSORS[$mime_type][0];
+      $image_to_file = $MIME_TYPES_PROCESSORS[$mime_type][1];
 
-            $reprocessed_image = @$image_from_file($file_path);
+      $reprocessed_image = @$image_from_file($file_path);
 
-            if (!$reprocessed_image) {
-                //throw new Exception("Unable to create reprocessed image from file");
-                return false;
-            }
+      if (!$reprocessed_image) {
+        //throw new Exception("Unable to create reprocessed image from file");
+        return false;
+      }
 
-            // Calling callback(if set) with path of image as a parameter
-            if ($callback !== null) {
-                $callback($reprocessed_image);
-            }
+      // Calling callback(if set) with path of image as a parameter
+      if ($callback !== null) {
+        $callback($reprocessed_image);
+      }
 
-            // Freeing up memory
-            imagedestroy($reprocessed_image);
-        } catch (Exception $e) {
-            unlink($file_path);
-            return false;
-        }
-
-        return true;
+      // Freeing up memory
+      imagedestroy($reprocessed_image);
+    } catch (Exception $e) {
+      unlink($file_path);
+      return false;
     }
+
+    return true;
+  }
 }
 
 $is_editor_upload = false;
@@ -63,11 +63,11 @@ $is_editor_upload = false;
 $get_nonce = get_session('nonce_' . FT_NONCE_SESSION_KEY);
 
 if ($get_nonce && ft_nonce_is_valid($get_nonce, 'cheditor')) {
-    $is_editor_upload = true;
+  $is_editor_upload = true;
 }
 
 if (!$is_editor_upload) {
-    exit;
+  exit;
 }
 
 run_event('cheditor_photo_upload', $data_dir, $data_url);
@@ -81,16 +81,16 @@ $filename_len = strrpos($filename, ".");
 $type = substr($filename, strrpos($filename, ".") + 1);
 $found = false;
 switch ($type) {
-    case "jpg":
-    case "jpeg":
-    case "gif":
-    case "png":
-    case "webp":
-        $found = true;
+  case "jpg":
+  case "jpeg":
+  case "gif":
+  case "png":
+  case "webp":
+    $found = true;
 }
 
 if ($found != true || $filename_len != 23) {
-    exit;
+  exit;
 }
 
 // 저장 파일 이름: 년월일시분초_렌덤문자8자
@@ -105,50 +105,50 @@ $imgsize = getimagesize($savefile);
 $filesize = filesize($savefile);
 
 if (!$imgsize) {
-    $filesize = 0;
-    $random_name = '-ERR';
-    unlink($savefile);
+  $filesize = 0;
+  $random_name = '-ERR';
+  unlink($savefile);
 }
 
 if (CHE_UPLOAD_IMG_CHECK && !che_reprocessImage($savefile, null)) {
-    $filesize = 0;
-    $random_name = '-ERR';
-    unlink($savefile);
+  $filesize = 0;
+  $random_name = '-ERR';
+  unlink($savefile);
 }
 
 try {
-    if (defined('G5_FILE_PERMISSION')) {
-        chmod($savefile, G5_FILE_PERMISSION);
-    }
+  if (defined('G5_FILE_PERMISSION')) {
+    chmod($savefile, G5_FILE_PERMISSION);
+  }
 } catch (Exception $e) {
 }
 
 $file_url = SAVE_URL . '/' . $filename;
 
 if (function_exists('run_replace')) {
-    $fileInfo = new \stdClass();
-    $fileInfo->name = (string) $filename;
-    $fileInfo->size = (int) $filesize;
-    $fileInfo->url = (string) $file_url;
+  $fileInfo = new \stdClass();
+  $fileInfo->name = (string) $filename;
+  $fileInfo->size = (int) $filesize;
+  $fileInfo->url = (string) $file_url;
 
-    if (isset($_POST['origname'])) {
-        $fileInfo->oriname = (string) $_POST['origname'];
-    }
+  if (isset($_POST['origname'])) {
+    $fileInfo->oriname = (string) $_POST['origname'];
+  }
 
-    if ($imgsize) {
-        $fileInfo->width = (int) $imgsize[0];
-        $fileInfo->height = (int) $imgsize[1];
-        $fileInfo->type = (string) $imgsize['mime'];
-    }
+  if ($imgsize) {
+    $fileInfo->width = (int) $imgsize[0];
+    $fileInfo->height = (int) $imgsize[1];
+    $fileInfo->type = (string) $imgsize['mime'];
+  }
 
-    $file_url = run_replace('get_editor_upload_url', $file_url, $savefile, $fileInfo);
+  $file_url = run_replace('get_editor_upload_url', $file_url, $savefile, $fileInfo);
 }
 
 $rdata = sprintf(
-    '{"fileUrl": "%s", "fileName": "%s", "fileSize": "%d" }',
-    $file_url,
-    $filename,
-    $filesize
+  '{"fileUrl": "%s", "fileName": "%s", "fileSize": "%d" }',
+  $file_url,
+  $filename,
+  $filesize
 );
 
 echo $rdata;