Support » Requests and Feedback » [Plugin: NextGEN Gallery] Patch to prevent overload of server

  • The current resizing of images in nggshow.php could be improved in two ways: (1) prevent resizing to giant proportions, and (2) prevent original hijacking. This first improvement could save you server load, and might prevent overload if an attacker requests many malicious requests. Please find the proposed patch below.

    21,22c21,30
    < if ( !empty($_GET['width']) || !empty($_GET['height']) )
    < 	$thumb->resize( intval($_GET['width']), intval($_GET['height']) );
    ---
    > if ( !empty($_GET['width']) || !empty($_GET['height']) ) {
    > 	// Sanitize
    > 	$w = ( !empty($_GET['width'])) ? intval($_GET['width']) : 0;
    > 	$h = ( !empty($_GET['height'])) ? intval($_GET['height']) : 0;
    > 	// Limit value. Do not set to 0 to prevent hijacking of originals.
    > 	// This value is now hard coded, but should be configurable in WP Admin.
    > 	if ($w > 1000) $w = 1000;
    > 	if ($h > 1000) $h = 1000;
    > 	$thumb->resize( $w, $h );
    > }
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: NextGEN Gallery] Patch to prevent overload of server’ is closed to new replies.