From 25af3be25d671e73c9418615bb778067613dba69 Mon Sep 17 00:00:00 2001 From: Colin Frick Date: Tue, 28 Feb 2023 15:42:44 +0100 Subject: [PATCH] fix(delete): sanity check filename when deleting file --- lib/classes/HandleDeleteFileHook.php | 35 +++++++++++++++++----------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/lib/classes/HandleDeleteFileHook.php b/lib/classes/HandleDeleteFileHook.php index 0c6c0ec..90e615f 100644 --- a/lib/classes/HandleDeleteFileHook.php +++ b/lib/classes/HandleDeleteFileHook.php @@ -3,6 +3,7 @@ namespace WebPExpress; use \WebPExpress\Convert; use \WebPExpress\Mime; +use \WebPExpress\SanityCheck; class HandleDeleteFileHook { @@ -12,22 +13,28 @@ class HandleDeleteFileHook */ public static function deleteAssociatedWebP($filename) { - $mimeTypes = [ - 'image/jpeg', - 'image/png', - ]; - if (!Mime::isOneOfTheseImageMimeTypes($filename, $mimeTypes)) { - return $filename; - } + try { + $filename = SanityCheck::absPathExistsAndIsFileInDocRoot($filename); + + $mimeTypes = [ + 'image/jpeg', + 'image/png', + ]; + if (!Mime::isOneOfTheseImageMimeTypes($filename, $mimeTypes)) { + return $filename; + } - $config = Config::loadConfigAndFix(); - $destination = Convert::getDestination($filename, $config); - if (@file_exists($destination)) { - if (@unlink($destination)) { - Convert::updateBiggerThanOriginalMark($filename, $destination, $config); - } else { - error_log('WebP Express failed deleting webp:' . $destination); + $config = Config::loadConfigAndFix(); + $destination = Convert::getDestination($filename, $config); + if (@file_exists($destination)) { + if (@unlink($destination)) { + Convert::updateBiggerThanOriginalMark($filename, $destination, $config); + } else { + error_log('WebP Express failed deleting webp:' . $destination); + } } + } catch (SanityException $e) { + // fail silently. (maybe we should write to debug log instead?) } return $filename;