Upgrade 1-11.38

2026-03-30 14:10:30 +02:00
parent f2a7e6d1fc
commit ac648ef29d
24665 changed files with 69682 additions and 2205004 deletions
@@ -6,6 +6,7 @@
 */

 use Chamilo\CoreBundle\Component\Editor\Driver\Driver;
+use Chamilo\CoreBundle\Component\Editor\Driver\PersonalDriver;

 require_once __DIR__.'/../global.inc.php';

@@ -217,6 +218,20 @@ switch ($action) {

        $data = [];
        $fileUpload = $_FILES['upload'];
+
+        try {
+            new Image($fileUpload['tmp_name']);
+        } catch (Exception $e) {
+            echo json_encode([
+                'uploaded' => 0,
+                'error' => [
+                    'message' => get_lang('MissingImagesDetected'),
+                ],
+            ]);
+
+            exit;
+        }
+
        $mimeType = mime_content_type($fileUpload['tmp_name']);

        $isMimeAccepted = (new Driver())->mimeAccepted($mimeType, ['image']);
@@ -225,6 +240,22 @@ switch ($action) {
            exit;
        }

+        try {
+            $fileUpload['size'] = DocumentManager::autoResizeImageIfNeeded(
+                $fileUpload['size'],
+                $fileUpload['tmp_name']
+            );
+        } catch (Exception $e) {
+            echo json_encode([
+                'uploaded' => 0,
+                'error' => [
+                    'message' => $e->getMessage(),
+                ],
+            ]);
+
+            exit;
+        }
+
        $isAllowedToEdit = api_is_allowed_to_edit(null, true);
        if ($isAllowedToEdit) {
            $globalFile = ['files' => $fileUpload];
@@ -257,7 +288,7 @@ switch ($action) {
                mkdir($syspath, api_get_permissions_for_new_directories(), true);
            }
            $webpath = UserManager::getUserPathById($userId, 'web').'my_files';
-            $fileUploadName = $fileUpload['name'];
+            $fileUploadName = disable_dangerous_file(api_replace_dangerous_char($fileUpload['name']));
            if (file_exists($syspath.$fileUploadName)) {
                $extension = pathinfo($fileUploadName, PATHINFO_EXTENSION);
                $fileName = pathinfo($fileUploadName, PATHINFO_FILENAME);