aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authortcitworld <tcit@tcit.fr>2014-05-20 11:42:22 +0200
committertcitworld <tcit@tcit.fr>2014-05-20 11:42:22 +0200
commit99408dfcf37303bc3550713b835c3e9c16966573 (patch)
treeeac0b73c54d4989d8e4f1edbcd25cefb6c18710b
parente3b00bcaf580177ecdbdb2ee90dfc263b1c2d79e (diff)
parent0bf0dfe10d0dd4aaafcc7da7deb5be8ef76ad602 (diff)
downloadwallabag-99408dfcf37303bc3550713b835c3e9c16966573.tar.gz
wallabag-99408dfcf37303bc3550713b835c3e9c16966573.tar.zst
wallabag-99408dfcf37303bc3550713b835c3e9c16966573.zip
Merge pull request #1 from leblanc-simon/images_security
Optimisation et gestion des erreurs
-rw-r--r--inc/poche/pochePictures.php73
1 files changed, 45 insertions, 28 deletions
diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php
index 8f86d2f2..7c319a85 100644
--- a/inc/poche/pochePictures.php
+++ b/inc/poche/pochePictures.php
@@ -14,6 +14,7 @@
14function filtre_picture($content, $url, $id) 14function filtre_picture($content, $url, $id)
15{ 15{
16 $matches = array(); 16 $matches = array();
17 $processing_pictures = array(); // list of processing image to avoid processing the same pictures twice
17 preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER); 18 preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
18 foreach($matches as $i => $link) { 19 foreach($matches as $i => $link) {
19 $link[1] = trim($link[1]); 20 $link[1] = trim($link[1]);
@@ -22,8 +23,17 @@ function filtre_picture($content, $url, $id)
22 $filename = basename(parse_url($absolute_path, PHP_URL_PATH)); 23 $filename = basename(parse_url($absolute_path, PHP_URL_PATH));
23 $directory = create_assets_directory($id); 24 $directory = create_assets_directory($id);
24 $fullpath = $directory . '/' . $filename; 25 $fullpath = $directory . '/' . $filename;
25 download_pictures($absolute_path, $fullpath); 26
26 $content = str_replace($matches[$i][2], $fullpath, $content); 27 if (in_array($absolute_path, $processing_pictures) === true) {
28 // replace picture's URL only if processing is OK : already processing -> go to next picture
29 continue;
30 }
31
32 if (download_pictures($absolute_path, $fullpath) === true) {
33 $content = str_replace($matches[$i][2], $fullpath, $content);
34 }
35
36 $processing_pictures[] = $absolute_path;
27 } 37 }
28 38
29 } 39 }
@@ -64,6 +74,8 @@ function get_absolute_link($relative_link, $url) {
64 74
65/** 75/**
66 * Téléchargement des images 76 * Téléchargement des images
77 *
78 * @return bool true if the download and processing is OK, false else
67 */ 79 */
68function download_pictures($absolute_path, $fullpath) 80function download_pictures($absolute_path, $fullpath)
69{ 81{
@@ -79,33 +91,38 @@ function download_pictures($absolute_path, $fullpath)
79 $whitelist = array(".jpg",".jpeg",".gif",".png"); 91 $whitelist = array(".jpg",".jpeg",".gif",".png");
80 if (!(in_array($file_ext, $whitelist))) { 92 if (!(in_array($file_ext, $whitelist))) {
81 Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath); 93 Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath);
82 } else { 94 return false;
83 // check headers 95 }
84 $imageinfo = getimagesize($absolute_path); 96
85 if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { 97 // check headers
86 Tools::logm('processed image with bad header. Skipping ' . $fullpath); 98 $imageinfo = getimagesize($absolute_path);
87 } else { 99 if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') {
88 // regenerate image 100 Tools::logm('processed image with bad header. Skipping ' . $fullpath);
89 $im = imagecreatefromstring($rawdata); 101 return false;
90 if ($im) {
91 switch ($imageinfo['mime']) {
92 case 'image/gif':
93 imagegif($im, $fullpath);
94 break;
95 case 'image/jpeg':
96 case 'image/jpg':
97 imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY);
98 break;
99 case 'image/png':
100 imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9));
101 break;
102 }
103 imagedestroy($im);
104 } else {
105 Tools::logm('error while regenerating image ' . $fullpath);
106 }
107 }
108 } 102 }
103
104 // regenerate image
105 $im = imagecreatefromstring($rawdata);
106 if ($im === false) {
107 Tools::logm('error while regenerating image ' . $fullpath);
108 return false;
109 }
110
111 switch ($imageinfo['mime']) {
112 case 'image/gif':
113 $result = imagegif($im, $fullpath);
114 break;
115 case 'image/jpeg':
116 case 'image/jpg':
117 $result = imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY);
118 break;
119 case 'image/png':
120 $result = imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9));
121 break;
122 }
123 imagedestroy($im);
124
125 return $result;
109} 126}
110 127
111/** 128/**