8000 [Asset] Pixel flood validation fix by brusch · Pull Request #10681 · pimcore/pimcore · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

[Asset] Pixel flood validation fix #10681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 25, 2021
Merged

[Asset] Pixel flood validation fix #10681

merged 3 commits into from
Oct 25, 2021

Conversation

brusch
Copy link
Member
@brusch brusch commented Oct 25, 2021

No description provided.

@brusch brusch added the Bug label Oct 25, 2021
@brusch brusch added this to the 10.2.3 milestone Oct 25, 2021
@brusch brusch merged commit bafdf32 into 10.2 Oct 25, 2021
@brusch brusch deleted the pixel_flood_attack branch October 25, 2021 11:59
NiklasBr
NiklasBr reviewed Oct 25, 2021
View reviewed changes
@NiklasBr
Copy link
Contributor

To expand on the error message, we solved it like this in an Event Listener:

    public function checkImageDimensions(Asset $asset)
    {
        $max = 15_000_000;
        $dimensions = getimagesizefromstring(stream_get_contents($asset->getStream()));
        $pixels = $dimensions[0] * $dimensions[1];
        if ($pixels > $max) {
            $diff = sqrt(1 + ($max / $pixels));
            $suggestion_0 = (int) round($dimensions[0] / $diff, -2, PHP_ROUND_HALF_DOWN);
            $suggestion_1 = (int) round($dimensions[1] / $diff, -2, PHP_ROUND_HALF_DOWN);
            $mp = $max/1_000_000;
            throw new UploadException("<p>Image dimensions of <em>{$asset->getFilename()}</em> are too large.</p>
<p>Max size: <code>{$mp}</code> <abbr title='Million pixels'>Megapixels</abbr></p>
<p>Suggestion: resize to <code>{$suggestion_0}&times;{$suggestion_1}</code> pixels or smaller</p>");
        }
    }

brusch added a commit that referenced this pull request Oct 25, 2021
@brusch
[Asset] Follow up to pixel flood validation fix - see #10681
74d2def
@brusch
Copy link
Member Author
brusch commented Oct 25, 2021

Totally makes sense! Thanks for sharing @NiklasBr - incorporated here #10688

brusch added a commit that referenced this pull request Oct 27, 2021
@brusch
[Asset] Follow up to pixel flood validation fix - see #10681
bf6ff94
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NiklasBr NiklasBr NiklasBr left review comments

Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
10.2.3
Development

Successfully merging this pull request may close these issues.
2 p 33B1 articipants
@brusch @NiklasBr
0