WordPress.org

Support

Support » Requests and Feedback » [Plugin: NextGEN Gallery] Patch to prevent overload of server

[Plugin: NextGEN Gallery] Patch to prevent overload of server

  • The current resizing of images in nggshow.php could be improved in two ways: (1) prevent resizing to giant proportions, and (2) prevent original hijacking. This first improvement could save you server load, and might prevent overload if an attacker requests many malicious requests. Please find the proposed patch below.

    21,22c21,30
    < if ( !empty($_GET['width']) || !empty($_GET['height']) )
    < 	$thumb->resize( intval($_GET['width']), intval($_GET['height']) );
    ---
    > if ( !empty($_GET['width']) || !empty($_GET['height']) ) {
    > 	// Sanitize
    > 	$w = ( !empty($_GET['width'])) ? intval($_GET['width']) : 0;
    > 	$h = ( !empty($_GET['height'])) ? intval($_GET['height']) : 0;
    > 	// Limit value. Do not set to 0 to prevent hijacking of originals.
    > 	// This value is now hard coded, but should be configurable in WP Admin.
    > 	if ($w > 1000) $w = 1000;
    > 	if ($h > 1000) $h = 1000;
    > 	$thumb->resize( $w, $h );
    > }
Viewing 2 replies - 1 through 2 (of 2 total)
  • Looks good, i will limit it hard coded to 1280 for the moment, we will see if other people need a higher / lower limit

    how do I put this code ?
    I´m a rookie
    thanks for the info
    I would like to know hoy to use it

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘[Plugin: NextGEN Gallery] Patch to prevent overload of server’ is closed to new replies.
Skip to toolbar