Error with search_db_files() function

  • Hi there,

    I noticed a flaw in the search_db_files()-function (in class-bulkmediaregister.php):

    You are using PHP’s rtrim() in order to strip the ‘-scaled’-part of the file but this isn’t a safe operation and leads to missed files when checking for already registered ones in the DB.

    One of our files that was missed is:

    /srv/www/hackeundspitze.de/releases/20210715063114/web/app/uploads/rclone/HiddenBeautyOfSeedsFruit_p020a-scaled.jpg

    Once rtrim() is done processing we get:

    /srv/www/hackeundspitze.de/releases/20210715063114/web/app/uploads/rclone/HiddenBeautyOfSeedsFruit_p020.jpg

    Yields the same result if you append other characters that are part of the trimming-sequence, f.ex. HiddenBeautyOfSeedsFruit_p020asclddaa-scaled.jpg will also be stripped completely into HiddenBeautyOfSeedsFruit_p020.jpg.

    You should use a RegEx-based approach which is way more fail-proof:

    
$scaled = '/-scaled\.' . $filetype['ext'] . '/m';
$file2 = preg_replace( $scaled, '', $file1 ) . '.' . $filetype['ext'];

    Should be refactored for ‘-rotated’ as well obviously.

    Regards,
    Henning

  • The topic ‘Error with search_db_files() function’ is closed to new replies.