Merge pull request from GHSA-9hg4-fpwv-gx78

glpi-project · Apr 20, 2022 · 1aa9fcc · 1aa9fcc
1 parent 3f1820a
commit 1aa9fcc
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/src/Document.php b/src/Document.php
@@ -1267,6 +1267,7 @@ public static function moveDocument(array &$input, $filename)
         $new_path = self::getUploadFileValidLocationName($dir, $sha1sum);
 
         if (!$sha1sum || !$dir || !$new_path) {
+            @unlink($fullpath);
             return false;
         }
 
@@ -1319,6 +1320,7 @@ public static function moveDocument(array &$input, $filename)
                 Session::addMessageAfterRedirect(__('Document copy succeeded.'));
             } else {
                 Session::addMessageAfterRedirect(__('File move failed'), false, ERROR);
+                @unlink($fullpath);
                 return false;
             }
         }

diff --git a/src/User.php b/src/User.php
@@ -829,7 +829,7 @@ public function prepareInputForUpdate($input)
             }
             if ($newPicture) {
                 $fullpath = GLPI_TMP_DIR . "/" . $input["_picture"];
-                if (Toolbox::getMime($fullpath, 'image')) {
+                if (Document::isImage($fullpath, 'image')) {
                    // Unlink old picture (clean on changing format)
                     self::dropPictureFiles($this->fields['picture']);
                    // Move uploaded file
@@ -846,10 +846,7 @@ public function prepareInputForUpdate($input)
                     $picture_path = GLPI_PICTURE_DIR  . "/$sub/${filename}.$extension";
                     self::dropPictureFiles("$sub/${filename}.$extension");
 
-                    if (
-                        Document::isImage($fullpath)
-                        && Document::renameForce($fullpath, $picture_path)
-                    ) {
+                    if (Document::renameForce($fullpath, $picture_path)) {
                         Session::addMessageAfterRedirect(__('The file is valid. Upload is successful.'));
                         // For display
                         $input['picture'] = "$sub/${filename}.$extension";
@@ -859,17 +856,19 @@ public function prepareInputForUpdate($input)
                         Toolbox::resizePicture($picture_path, $thumb_path);
                     } else {
                         Session::addMessageAfterRedirect(
-                            __('Potential upload attack or file too large. Moving temporary file failed.'),
+                            __('Moving temporary file failed.'),
                             false,
                             ERROR
                         );
+                        @unlink($fullpath);
                     }
                 } else {
                     Session::addMessageAfterRedirect(
                         __('The file is not an image file.'),
                         false,
                         ERROR
                     );
+                    @unlink($fullpath);
                 }
             } else {
                //ldap jpegphoto synchronisation.