proxy_url: Fix extension extraction for URLs containing a . after a ?

This commit is contained in:
Hypolite Petovan 2016-12-19 20:19:26 -05:00
parent 29bc27fa6a
commit 403d1f987f

View file

@ -281,14 +281,14 @@ function proxy_url($url, $writemode = false, $size = '') {
$longpath .= '/' . strtr(base64_encode($url), '+/', '-_');
// Checking for valid extensions. Only add them if they are safe
$pos = strrpos($url, '.');
if ($pos) {
$extension = strtolower(substr($url, $pos + 1));
$pos = strpos($extension, '?');
if ($pos) {
$extension = substr($extension, 0, $pos);
// Extract the URL extension, disregarding GET parameters starting with ?
$question_mark_pos = strpos($url, '?');
if ($question_mark_pos === false) {
$question_mark_pos = strlen($url);
}
$dot_pos = strrpos($url, '.', $question_mark_pos - strlen($url));
if ($dot_pos !== false) {
$extension = strtolower(substr($url, $dot_pos + 1, $question_mark_pos - ($dot_pos + 1)));
}
$extensions = array('jpg', 'jpeg', 'gif', 'png');