From d467370efb70a57852f9ec3e0cadbb5ca04b1847 Mon Sep 17 00:00:00 2001
From: Alexei Sorokin <sor.alexei@meowr.ru>
Date: Tue, 7 Jan 2020 17:30:18 +0300
Subject: [PATCH] [Embed][CORE] Validate the hexadecimal for hex2bin properly

---
 lib/media/mediafile.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/media/mediafile.php b/lib/media/mediafile.php
index ffcf1ed866..11086775ca 100644
--- a/lib/media/mediafile.php
+++ b/lib/media/mediafile.php
@@ -279,10 +279,8 @@ class MediaFile
         $ret = preg_match('/^(.*-)?([^-]+)-[^-]+$/', $encoded_filename, $matches);
         if ($ret === false) {
             return false;
-        } elseif ($ret === 0) {
+        } elseif ($ret === 0 || !ctype_xdigit($matches[2])) {
             return null; // No match
-        } elseif (strlen($matches[2]) % 2 !== 0) {
-            return null; // An odd length won't do for hex2bin
         } else {
             $filename = hex2bin($matches[2]);