1 diff -r 33200fc645f6 magick/render.c
\r
2 --- a/magick/render.c Sat Nov 07 14:49:16 2015 -0600
\r
3 +++ b/magick/render.c Sun May 08 18:21:47 2016 -0500
\r
4 @@ -4096,6 +4096,24 @@
\r
9 + Sanity check URL/path before passing it to ReadImage()
\r
11 + This is a temporary fix until suitable flags can be passed
\r
12 + to keep SetImageInfo() from doing potentially dangerous
\r
15 +#define VALID_PREFIX(str,url) (LocaleNCompare(str,url,sizeof(str)-1) == 0)
\r
16 + if (!VALID_PREFIX("http://", primitive_info->text) &&
\r
17 + !VALID_PREFIX("https://", primitive_info->text) &&
\r
18 + !VALID_PREFIX("ftp://", primitive_info->text) &&
\r
19 + !(IsAccessibleNoLogging(primitive_info->text))
\r
22 + ThrowException(&image->exception,FileOpenError,UnableToOpenFile,primitive_info->text);
\r
23 + status=MagickFail;
\r
26 (void) strlcpy(clone_info->filename,primitive_info->text,
\r
28 composite_image=ReadImage(clone_info,&image->exception);
\r