From fe7618f1baf08fe8f579b2efdbb7e5200b60e6d4 Mon Sep 17 00:00:00 2001
From: till <till@php.net>
Date: Wed, 22 Oct 2008 10:18:47 -0400
Subject: [PATCH]  * checking if a user session is active in quotaimg.php   * this is an expensive operation   * but it fixes a possible DoS  * implement max-width and -height for the image (subject to change)

---
 bin/quotaimg.php |   21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)

diff --git a/bin/quotaimg.php b/bin/quotaimg.php
index ddd9b72..74a3d99 100644
--- a/bin/quotaimg.php
+++ b/bin/quotaimg.php
@@ -18,10 +18,29 @@
 
 */
 
+// define INSTALL_PATH since it's sort of custom from /bin/quotaimg.php
+define('INSTALL_PATH', str_replace('bin', '', dirname(__FILE__)));
+
+// include environment
+require_once INSTALL_PATH . 'program/include/iniset.php';
+
+// init application and start session with requested task
+$RCMAIL = rcmail::get_instance();
+if (empty($RCMAIL->user->ID)) {
+    die('You are not logged in, there is no need you are allowed to render the quota image.');
+}
+
 $used   = ((isset($_GET['u']) && !empty($_GET['u'])) || $_GET['u']=='0')?(int)$_GET['u']:'??';
 $quota  = ((isset($_GET['q']) && !empty($_GET['q'])) || $_GET['q']=='0')?(int)$_GET['q']:'??';
 $width  = empty($_GET['w']) ? 100 : (int)$_GET['w'];
 $height = empty($_GET['h']) ? 14 : (int)$_GET['h'];
+
+// let's apply some sanity
+// @todo Maybe a config option?
+if ($width > 200 || $height > 50) {
+    $width = 100;
+    $height = 14;
+}
 
 /**
  * Quota display
@@ -180,4 +199,4 @@
 
 genQuota($used, $quota, $width, $height);
 exit;
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1