OpenMage · elidrissidev · Oct 5, 2022 · Sep 30, 2022 · Sep 30, 2022 · Oct 1, 2022
diff --git a/app/code/core/Mage/Core/Model/File/Validator/Image.php b/app/code/core/Mage/Core/Model/File/Validator/Image.php
@@ -74,7 +74,7 @@ public function setAllowedImageTypes(array $imageFileExtensions = [])
     }
 
     /**
-     * Validation callback for checking is file is image
+     * Validation callback for checking if file is image
      *
      * @param  string $filePath Path to temporary uploaded file
      * @return null
@@ -85,8 +85,13 @@ public function validate($filePath)
         list($imageWidth, $imageHeight, $fileType) = getimagesize($filePath);
         if ($fileType) {
             if ($this->isImageType($fileType)) {
-                /** if 'general/reprocess_images/active' false then skip image reprocessing. */
-                if (!Mage::getStoreConfigFlag('general/reprocess_images/active')) {
+                /** Check deprecated 'general/reprocess_images/active' for BC. If false then skip image reprocessing. */
+                if (Mage::getStoreConfig('general/reprocess_images/active') !== null) {
+                    $imageQuality = Mage::getStoreConfigFlag('general/reprocess_images/active') ? 100 : 0;
+                } else {
+                    $imageQuality = (int) Mage::getStoreConfig('admin/security/reprocess_image_quality');
+                }
+                if ($imageQuality === 0) {
                     return null;
                 }
                 //replace tmp image with re-sampled copy to exclude images with malicious data
@@ -116,7 +121,7 @@ public function validate($filePath)
                             imagegif($img, $filePath);
                             break;
                         case IMAGETYPE_JPEG:
-                            imagejpeg($img, $filePath, 100);
+                            imagejpeg($img, $filePath, $imageQuality);
                             break;
                         case IMAGETYPE_PNG:
                             imagepng($img, $filePath);

diff --git a/app/code/core/Mage/Core/etc/config.xml b/app/code/core/Mage/Core/etc/config.xml
@@ -440,6 +440,7 @@
                 <extensions_compatibility_mode>1</extensions_compatibility_mode>
                 <session_cookie_lifetime>10800</session_cookie_lifetime>
                 <secure_system_configuration_save_disabled>0</secure_system_configuration_save_disabled>
+                <reprocess_image_quality>85</reprocess_image_quality>
             </security>
         </admin>
         <general>
@@ -497,10 +498,6 @@
                     </protected>
                 </public_files_valid_paths>
             </file>
-            <!-- NOTE: If you turn off images reprocessing, then your upload images process may cause security risks. -->
-            <reprocess_images>
-                <active>1</active>
-            </reprocess_images>
             <!-- Additional email for notifications -->
             <additional_notification_emails>
                 <!-- On creating a new admin user. You can specify several emails separated by commas. -->

diff --git a/app/code/core/Mage/Core/etc/system.xml b/app/code/core/Mage/Core/etc/system.xml
@@ -1280,6 +1280,15 @@
                             <show_in_website>0</show_in_website>
                             <show_in_store>0</show_in_store>
                         </crate_admin_user_notification>
+                        <reprocess_image_quality translate="label comment">
+                            <label>Image Reprocess Quality</label>
+                            <comment>Optimum value is 85, higher value will increase file size. Set to 0 to turn off images reprocessing, which may cause security risks.</comment>
+                            <validate>required-entry validate-digits validate-digits-range digits-range-0-100</validate>
+                            <sort_order>180</sort_order>
+                            <show_in_default>1</show_in_default>
+                            <show_in_website>1</show_in_website>
+                            <show_in_store>1</show_in_store>
+                        </reprocess_image_quality>
                     </fields>
                 </security>
                 <dashboard translate="label">

diff --git a/app/locale/en_US/Mage_Core.csv b/app/locale/en_US/Mage_Core.csv
@@ -167,6 +167,7 @@
 "How many links to display at once.","How many links to display at once."
 "ID Path for Specified Store","ID Path for Specified Store"
 "If the current frame position does not cover utmost pages, will render link to current position plus/minus this value.","If the current frame position does not cover utmost pages, will render link to current position plus/minus this value."
+"Image Reprocess Quality","Image Reprocess Quality"
 "Incorrect credit card expiration date.","Incorrect credit card expiration date."
 "Input type ""%value%"" not found in the input types list.","Input type ""%value%"" not found in the input types list."
 "Invalid MIME type.","Invalid MIME type."
@@ -226,6 +227,7 @@
 "New Website","New Website"
 "No","No"
 "Offloader header","Offloader header"
+"Optimum value is 85, higher value will increase file size. Set to 0 to turn off images reprocessing, which may cause security risks.","Optimum value is 85, higher value will increase file size. Set to 0 to turn off images reprocessing, which may cause security risks."
 "PHP SOAP extension is required.","PHP SOAP extension is required."
 "Package","Package"
 "Pagination","Pagination"