Bug Report: Image Upload Validation Issue in user_manage_addProcess.php

Hello,

I encountered an issue in the Gibbon codebase related to image uploads in the user_manage_addProcess.php file. When an invalid or corrupt image file is uploaded, the following errors are triggered:

Warning: Trying to access array offset on value of type bool in \modules\User Admin\user_manage_addProcess.php
Fatal error: Uncaught DivisionByZeroError: Division by zero in \modules\User Admin\user_manage_addProcess.php

The issue stems from attempting to process invalid or corrupt image files without proper validation. Specifically:

  • The getimagesize() function returns false for invalid image files.
  • This causes a DivisionByZeroError because the dimensions are not properly set.

Steps to Reproduce:

  1. Attempt to upload a corrupt or invalid image file (e.g., a non-JPEG file that starts with invalid bytes).
  2. Observe the warnings and fatal errors in the application.

I think enhancing the error handling to prevent these errors by validating the file early in the process. Maybe by cheking it getimage() returns false before checking file dimensions, validating the MIME type (that would be also a security improvement and then informing the user.

I use Gibbon v27.0.01
PHP 8.0.26
MySQL 8.0.31
Teste on Wamp