mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-08-14 06:58:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Return null instead of throwing an exception that could lead to a denial of service when trying to generate a thumbnail for a non-image picture

Browse source
This commit is contained in:
Jan Böhmer 2025-08-12 23:29:24 +02:00
parent 8b417d6441
commit d370f976a7
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/Services/Attachments/AttachmentURLGenerator.php
View file

@ -112,12 +112,12 @@ class AttachmentURLGenerator
/** /**
* Returns a URL to a thumbnail of the attachment file. * Returns a URL to a thumbnail of the attachment file.
* For external files the original URL is returned. * For external files the original URL is returned.
* @return string|null The URL or null if the attachment file is not existing * @return string|null The URL or null if the attachment file is not existing or is invalid
*/ */
public function getThumbnailURL(Attachment $attachment, string $filter_name = 'thumbnail_sm'): ?string public function getThumbnailURL(Attachment $attachment, string $filter_name = 'thumbnail_sm'): ?string
{ {
if (!$attachment->isPicture()) { if (!$attachment->isPicture()) {
throw new InvalidArgumentException('Thumbnail creation only works for picture attachments!'); return null;
} }
if (!$attachment->hasInternal()){ if (!$attachment->hasInternal()){