WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: NextGEN Gallery] Patch to prevent overload of server (3 posts)

  1. onezero
    Member
    Posted 5 years ago #

    The current resizing of images in nggshow.php could be improved in two ways: (1) prevent resizing to giant proportions, and (2) prevent original hijacking. This first improvement could save you server load, and might prevent overload if an attacker requests many malicious requests. Please find the proposed patch below.

    21,22c21,30
    < if ( !empty($_GET['width']) || !empty($_GET['height']) )
    < 	$thumb->resize( intval($_GET['width']), intval($_GET['height']) );
    ---
    > if ( !empty($_GET['width']) || !empty($_GET['height']) ) {
    > 	// Sanitize
    > 	$w = ( !empty($_GET['width'])) ? intval($_GET['width']) : 0;
    > 	$h = ( !empty($_GET['height'])) ? intval($_GET['height']) : 0;
    > 	// Limit value. Do not set to 0 to prevent hijacking of originals.
    > 	// This value is now hard coded, but should be configurable in WP Admin.
    > 	if ($w > 1000) $w = 1000;
    > 	if ($h > 1000) $h = 1000;
    > 	$thumb->resize( $w, $h );
    > }
  2. Alex Rabe
    Member
    Posted 5 years ago #

    Looks good, i will limit it hard coded to 1280 for the moment, we will see if other people need a higher / lower limit

  3. luis1950
    Member
    Posted 5 years ago #

    how do I put this code ?
    I´m a rookie
    thanks for the info
    I would like to know hoy to use it

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.