From cc996f58dbfe7cdc89fc8e5406dd821abbdc5e06 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Tue, 27 Jan 2015 13:49:26 +0100 Subject: [PATCH] Test in Ostatus_profile if avatar is an image before writing to filesystem This clears one FIXME... We also fix HTTPClient::quickGet() (and a related call in OStatus testfeed.php). --- lib/httpclient.php | 6 ++++-- plugins/OStatus/classes/Ostatus_profile.php | 14 ++++++-------- plugins/OStatus/scripts/testfeed.php | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/httpclient.php b/lib/httpclient.php index 3e9f5d3ea7..6016f89314 100644 --- a/lib/httpclient.php +++ b/lib/httpclient.php @@ -177,10 +177,12 @@ class HTTPClient extends HTTP_Request2 /** * Quick static function to GET a URL */ - public static function quickGet($url, $accept='text/html,application/xhtml+xml') + public static function quickGet($url, $accept=null) { $client = new HTTPClient(); - $client->setHeader('Accept', $accept); + if (!is_null($accept)) { + $client->setHeader('Accept', $accept); + } $response = $client->get($url); if (!$response->isOk()) { // TRANS: Exception. %s is a profile URL. diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index f99852ef17..f5433ef159 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -1261,15 +1261,13 @@ class Ostatus_profile extends Managed_DataObject // ripped from oauthstore.php (for old OMB client) $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); try { - $client = new HTTPClient(); - $response = $client->get($url); - - if (!$response->isOk()) { - // TRANS: Server exception. %s is a URL. - throw new ServerException(sprintf(_m('Unable to fetch avatar from %s.'), $url)); + $imgData = HTTPClient::quickGet($url); + // Make sure it's at least an image file. ImageFile can do the rest. + if (false === getimagesizefromstring($imgData)) { + throw new UnsupportedMediaException(_('Downloaded group avatar was not an image.')); } - // FIXME: make sure it's an image here instead of _after_ writing to a file? - file_put_contents($temp_filename, $response->getBody()); + file_put_contents($temp_filename, $imgData); + unset($imgData); // No need to carry this in memory. if ($this->isGroup()) { $id = $this->group_id; diff --git a/plugins/OStatus/scripts/testfeed.php b/plugins/OStatus/scripts/testfeed.php index 4dd5dfa370..84b470c3b2 100644 --- a/plugins/OStatus/scripts/testfeed.php +++ b/plugins/OStatus/scripts/testfeed.php @@ -53,7 +53,7 @@ if (!$sub) { // Fetch the URL try { - $xml = HTTPClient::quickGet($feedurl); + $xml = HTTPClient::quickGet($feedurl, 'text/html,application/xhtml+xml'); } catch (Exception $e) { echo sprintf("Could not fetch feedurl %s (%d).\n", $e->getMessage(), $e->getCode()); exit(1);