Hello,
I encountered an issue in the Gibbon codebase related to image uploads in the user_manage_addProcess.php
file. When an invalid or corrupt image file is uploaded, the following errors are triggered:
Warning: Trying to access array offset on value of type bool in \modules\User Admin\user_manage_addProcess.php
Fatal error: Uncaught DivisionByZeroError: Division by zero in \modules\User Admin\user_manage_addProcess.php
The issue stems from attempting to process invalid or corrupt image files without proper validation. Specifically:
- The
getimagesize()
function returnsfalse
for invalid image files. - This causes a
DivisionByZeroError
because the dimensions are not properly set.
Steps to Reproduce:
- Attempt to upload a corrupt or invalid image file (e.g., a non-JPEG file that starts with invalid bytes).
- Observe the warnings and fatal errors in the application.
I think enhancing the error handling to prevent these errors by validating the file early in the process. Maybe by cheking it getimage() returns false before checking file dimensions, validating the MIME type (that would be also a security improvement and then informing the user.
I use Gibbon v27.0.01
PHP 8.0.26
MySQL 8.0.31
Teste on Wamp