4 files changed, 85 insertions, 31 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 4139c4f4..09a9f5ff 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -1083,11 +1083,10 @@ class Poche
        $config = $this->store->getConfigUser($user_id);
        if ($config == null) {
-            die(_('User with this id (' . $user_id . ') does not exist.'));
+            die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
        }
-        if (!in_array($type, $allowed_types) ||
+        if (!in_array($type, $allowed_types) || $token != $config['token']) {
-            $token != $config['token']) {
            die(_('Uh, there is a problem while generating feeds.'));
        }
        // Check the token
@@ -1145,16 +1144,18 @@ class Poche
      $config = HTMLPurifier_Config::createDefault();
      $config->set('Cache.SerializerPath', CACHE);
      $config->set('HTML.SafeIframe', true);
-      $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config);
+      //allow YouTube, Vimeo and dailymotion videos
+      $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|www\.dailymotion\.com/embed/video/)%');
      return new HTMLPurifier($config);
    }
-    
    /**
     * handle epub
     */
    public function createEpub() {
-       
        switch ($_GET['method']) {
            case 'id':
                $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
@@ -1190,7 +1191,7 @@ class Poche
                break;
            case 'default':
                die(_('Uh, there is a problem while generating epub.'));
-            
        }
        $content_start =
@@ -1203,10 +1204,9 @@ class Poche
        . "<body>\n";
        $bookEnd = "</body>\n</html>\n";
-        
        $log = new Logger("wallabag", TRUE);
        $fileDir = CACHE;
        
        $book = new EPub(EPub::BOOK_VERSION_EPUB3, DEBUG_POCHE);
        $log->logLine("new EPub()");
@@ -1215,7 +1215,7 @@ class Poche
        $log->logLine("Zip version: " . Zip::VERSION);
        $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL());
        $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL());
-        
        $book->setTitle(_('wallabag\'s articles'));
        $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID.
        //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc.
@@ -1225,39 +1225,39 @@ class Poche
        $book->setDate(time()); // Strictly not needed as the book date defaults to time().
        //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book.
        $book->setSourceURL("http://$_SERVER[HTTP_HOST]");
-        
        $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP");
        $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag");
-        
        $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n";
-        
        $log->logLine("Add Cover");
-        
        $fullTitle = "<h1> " . $bookTitle . "</h1>\n";
-        
        $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle);
-        
        $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd;
-        
        //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE);
        $book->addChapter("Notices", "Cover2.html", $cover);
-        
        $book->buildTOC();
-        
        foreach ($entries as $entry) { //set tags as subjects
            $tags = $this->store->retrieveTagsByEntry($entry['id']);
            foreach ($tags as $tag) {
                $book->setSubject($tag['value']);
            }
-            
            $log->logLine("Set up parameters");
-            
            $chapter = $content_start . $entry['content'] . $bookEnd;
            $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD);
            $log->logLine("Added chapter " . $entry['title']);
        }
-        if (DEBUG_POCHE) { 
+        if (DEBUG_POCHE) {
            $epuplog = $book->getLog();
            $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation
        }
diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php
index 7f064020..1ef875c9 100755
--- a/inc/poche/Tools.class.php
+++ b/inc/poche/Tools.class.php
@@ -18,8 +18,6 @@ class Tools
            die(_('Oops, it seems you don\'t have PHP 5.'));
        }
-        error_reporting(E_ALL);
        function stripslashesDeep($value) {
            return is_array($value)
                ? array_map('stripslashesDeep', $value)
@@ -60,7 +58,11 @@ class Tools
        }
        $host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']));
-        
+        if (strpos($host, ':') !== false) {
+            $serverport = '';
+        }
        return 'http' . ($https ? 's' : '') . '://'
            . $host . $serverport . $scriptname;
    }
diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php
index edc42fc9..95f727c6 100755
--- a/inc/poche/config.inc.default.php
+++ b/inc/poche/config.inc.default.php
@@ -30,7 +30,12 @@
 @define ('MODE_DEMO', FALSE);
 @define ('DEBUG_POCHE', FALSE);
-@define ('DOWNLOAD_PICTURES', FALSE);
+//default level of error reporting in application. Developers should override it in their config.inc.php: set to E_ALL.
+@define ('ERROR_REPORTING', E_ALL & ~E_NOTICE);
+@define ('DOWNLOAD_PICTURES', FALSE); # This can slow down the process of adding articles
+@define ('REGENERATE_PICTURES_QUALITY', 75);
 @define ('CONVERT_LINKS_FOOTNOTES', FALSE);
 @define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
 @define ('SHARE_TWITTER', TRUE);
diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php
index a11340f8..7c319a85 100644
--- a/inc/poche/pochePictures.php
+++ b/inc/poche/pochePictures.php
@@ -14,6 +14,7 @@
 function filtre_picture($content, $url, $id)
 {
    $matches = array();
+    $processing_pictures = array(); // list of processing image to avoid processing the same pictures twice
    preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
    foreach($matches as $i => $link) {
        $link[1] = trim($link[1]);
@@ -22,8 +23,17 @@ function filtre_picture($content, $url, $id)
            $filename = basename(parse_url($absolute_path, PHP_URL_PATH));
            $directory = create_assets_directory($id);
            $fullpath = $directory . '/' . $filename;
-            download_pictures($absolute_path, $fullpath);
+            
-            $content = str_replace($matches[$i][2], $fullpath, $content);
+            if (in_array($absolute_path, $processing_pictures) === true) {
+                // replace picture's URL only if processing is OK : already processing -> go to next picture
+                continue;
+            }
+            
+            if (download_pictures($absolute_path, $fullpath) === true) {
+                $content = str_replace($matches[$i][2], $fullpath, $content);
+            }
+            
+            $processing_pictures[] = $absolute_path;
        }
    }
@@ -64,6 +74,8 @@ function get_absolute_link($relative_link, $url) {
 /**
 * Téléchargement des images
+ * 
+ * @return bool true if the download and processing is OK, false else
 */
 function download_pictures($absolute_path, $fullpath)
 {
@@ -73,9 +85,44 @@ function download_pictures($absolute_path, $fullpath)
    if(file_exists($fullpath)) {
        unlink($fullpath);
    }
-    $fp = fopen($fullpath, 'x');
+    
-    fwrite($fp, $rawdata);
+    // check extension
-    fclose($fp);
+    $file_ext = strrchr($fullpath, '.');
+    $whitelist = array(".jpg",".jpeg",".gif",".png"); 
+    if (!(in_array($file_ext, $whitelist))) {
+        Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath);
+        return false;
+    }
+    
+    // check headers
+    $imageinfo = getimagesize($absolute_path);
+    if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') {
+        Tools::logm('processed image with bad header. Skipping ' . $fullpath);
+        return false;
+    }
+    
+    // regenerate image
+    $im = imagecreatefromstring($rawdata);
+    if ($im === false) {
+        Tools::logm('error while regenerating image ' . $fullpath);
+        return false;
+    }
+    
+    switch ($imageinfo['mime']) {
+        case 'image/gif':
+            $result = imagegif($im, $fullpath);
+            break;
+        case 'image/jpeg':
+        case 'image/jpg':
+            $result = imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY);
+            break;
+        case 'image/png':
+            $result = imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9));
+            break;
+    }
+    imagedestroy($im);
+    
+    return $result;
 }
 /**

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 4139c4f4..09a9f5ff 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php
@@ -1083,11 +1083,10 @@ class Poche
1083	$config = $this->store->getConfigUser($user_id);	1083	$config = $this->store->getConfigUser($user_id);
1084		1084
1085	if ($config == null) {	1085	if ($config == null) {
1086	die(_('User with this id (' . $user_id . ') does not exist.'));	1086	die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
1087	}	1087	}
1088		1088
1089	if (!in_array($type, $allowed_types) \|\|	1089	if (!in_array($type, $allowed_types) \|\| $token != $config['token']) {
1090	$token != $config['token']) {
1091	die(_('Uh, there is a problem while generating feeds.'));	1090	die(_('Uh, there is a problem while generating feeds.'));
1092	}	1091	}
1093	// Check the token	1092	// Check the token
@@ -1145,16 +1144,18 @@ class Poche
1145	$config = HTMLPurifier_Config::createDefault();	1144	$config = HTMLPurifier_Config::createDefault();
1146	$config->set('Cache.SerializerPath', CACHE);	1145	$config->set('Cache.SerializerPath', CACHE);
1147	$config->set('HTML.SafeIframe', true);	1146	$config->set('HTML.SafeIframe', true);
1148	$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/\|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config);	1147
		1148	//allow YouTube, Vimeo and dailymotion videos
		1149	$config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/\|player\.vimeo\.com/video/\|www\.dailymotion\.com/embed/video/)%');
1149		1150
1150	return new HTMLPurifier($config);	1151	return new HTMLPurifier($config);
1151	}	1152	}
1152		1153
1153	/**	1154	/**
1154	* handle epub	1155	* handle epub
1155	*/	1156	*/
1156	public function createEpub() {	1157	public function createEpub() {
1157		1158
1158	switch ($_GET['method']) {	1159	switch ($_GET['method']) {
1159	case 'id':	1160	case 'id':
1160	$entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);	1161	$entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
@@ -1190,7 +1191,7 @@ class Poche
1190	break;	1191	break;
1191	case 'default':	1192	case 'default':
1192	die(_('Uh, there is a problem while generating epub.'));	1193	die(_('Uh, there is a problem while generating epub.'));
1193		1194
1194	}	1195	}
1195		1196
1196	$content_start =	1197	$content_start =
@@ -1203,10 +1204,9 @@ class Poche
1203	. "<body>\n";	1204	. "<body>\n";
1204		1205
1205	$bookEnd = "</body>\n</html>\n";	1206	$bookEnd = "</body>\n</html>\n";
1206		1207
1207	$log = new Logger("wallabag", TRUE);	1208	$log = new Logger("wallabag", TRUE);
1208	$fileDir = CACHE;	1209	$fileDir = CACHE;
1209
1210		1210
1211	$book = new EPub(EPub::BOOK_VERSION_EPUB3, DEBUG_POCHE);	1211	$book = new EPub(EPub::BOOK_VERSION_EPUB3, DEBUG_POCHE);
1212	$log->logLine("new EPub()");	1212	$log->logLine("new EPub()");
@@ -1215,7 +1215,7 @@ class Poche
1215	$log->logLine("Zip version: " . Zip::VERSION);	1215	$log->logLine("Zip version: " . Zip::VERSION);
1216	$log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL());	1216	$log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL());
1217	$log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL());	1217	$log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL());
1218		1218
1219	$book->setTitle(_('wallabag\'s articles'));	1219	$book->setTitle(_('wallabag\'s articles'));
1220	$book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID.	1220	$book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID.
1221	//$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc.	1221	//$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc.
@@ -1225,39 +1225,39 @@ class Poche
1225	$book->setDate(time()); // Strictly not needed as the book date defaults to time().	1225	$book->setDate(time()); // Strictly not needed as the book date defaults to time().
1226	//$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book.	1226	//$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book.
1227	$book->setSourceURL("http://$_SERVER[HTTP_HOST]");	1227	$book->setSourceURL("http://$_SERVER[HTTP_HOST]");
1228		1228
1229	$book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP");	1229	$book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP");
1230	$book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag");	1230	$book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag");
1231		1231
1232	$cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n";	1232	$cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n";
1233		1233
1234	$log->logLine("Add Cover");	1234	$log->logLine("Add Cover");
1235		1235
1236	$fullTitle = "<h1> " . $bookTitle . "</h1>\n";	1236	$fullTitle = "<h1> " . $bookTitle . "</h1>\n";
1237		1237
1238	$book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle);	1238	$book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle);
1239		1239
1240	$cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd;	1240	$cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd;
1241		1241
1242	//$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE);	1242	//$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE);
1243	$book->addChapter("Notices", "Cover2.html", $cover);	1243	$book->addChapter("Notices", "Cover2.html", $cover);
1244		1244
1245	$book->buildTOC();	1245	$book->buildTOC();
1246		1246
1247	foreach ($entries as $entry) { //set tags as subjects	1247	foreach ($entries as $entry) { //set tags as subjects
1248	$tags = $this->store->retrieveTagsByEntry($entry['id']);	1248	$tags = $this->store->retrieveTagsByEntry($entry['id']);
1249	foreach ($tags as $tag) {	1249	foreach ($tags as $tag) {
1250	$book->setSubject($tag['value']);	1250	$book->setSubject($tag['value']);
1251	}	1251	}
1252		1252
1253	$log->logLine("Set up parameters");	1253	$log->logLine("Set up parameters");
1254		1254
1255	$chapter = $content_start . $entry['content'] . $bookEnd;	1255	$chapter = $content_start . $entry['content'] . $bookEnd;
1256	$book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD);	1256	$book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD);
1257	$log->logLine("Added chapter " . $entry['title']);	1257	$log->logLine("Added chapter " . $entry['title']);
1258	}	1258	}
1259		1259
1260	if (DEBUG_POCHE) {	1260	if (DEBUG_POCHE) {
1261	$epuplog = $book->getLog();	1261	$epuplog = $book->getLog();
1262	$book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation	1262	$book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation
1263	}	1263	}


diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php index 7f064020..1ef875c9 100755 --- a/inc/poche/Tools.class.php +++ b/inc/poche/Tools.class.php
@@ -18,8 +18,6 @@ class Tools
18	die(_('Oops, it seems you don\'t have PHP 5.'));	18	die(_('Oops, it seems you don\'t have PHP 5.'));
19	}	19	}
20		20
21	error_reporting(E_ALL);
22
23	function stripslashesDeep($value) {	21	function stripslashesDeep($value) {
24	return is_array($value)	22	return is_array($value)
25	? array_map('stripslashesDeep', $value)	23	? array_map('stripslashesDeep', $value)
@@ -60,7 +58,11 @@ class Tools
60	}	58	}
61		59
62	$host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']));	60	$host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']));
63		61
		62	if (strpos($host, ':') !== false) {
		63	$serverport = '';
		64	}
		65
64	return 'http' . ($https ? 's' : '') . '://'	66	return 'http' . ($https ? 's' : '') . '://'
65	. $host . $serverport . $scriptname;	67	. $host . $serverport . $scriptname;
66	}	68	}


diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php index edc42fc9..95f727c6 100755 --- a/inc/poche/config.inc.default.php +++ b/inc/poche/config.inc.default.php
@@ -30,7 +30,12 @@
30		30
31	@define ('MODE_DEMO', FALSE);	31	@define ('MODE_DEMO', FALSE);
32	@define ('DEBUG_POCHE', FALSE);	32	@define ('DEBUG_POCHE', FALSE);
33	@define ('DOWNLOAD_PICTURES', FALSE);	33
		34	//default level of error reporting in application. Developers should override it in their config.inc.php: set to E_ALL.
		35	@define ('ERROR_REPORTING', E_ALL & ~E_NOTICE);
		36
		37	@define ('DOWNLOAD_PICTURES', FALSE); # This can slow down the process of adding articles
		38	@define ('REGENERATE_PICTURES_QUALITY', 75);
34	@define ('CONVERT_LINKS_FOOTNOTES', FALSE);	39	@define ('CONVERT_LINKS_FOOTNOTES', FALSE);
35	@define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);	40	@define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
36	@define ('SHARE_TWITTER', TRUE);	41	@define ('SHARE_TWITTER', TRUE);


diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index a11340f8..7c319a85 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php
@@ -14,6 +14,7 @@
14	function filtre_picture($content, $url, $id)	14	function filtre_picture($content, $url, $id)
15	{	15	{
16	$matches = array();	16	$matches = array();
		17	$processing_pictures = array(); // list of processing image to avoid processing the same pictures twice
17	preg_match_all('#<\s(img)[^>]+src="([^"])"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);	18	preg_match_all('#<\s(img)[^>]+src="([^"])"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
18	foreach($matches as $i => $link) {	19	foreach($matches as $i => $link) {
19	$link[1] = trim($link[1]);	20	$link[1] = trim($link[1]);
@@ -22,8 +23,17 @@ function filtre_picture($content, $url, $id)
22	$filename = basename(parse_url($absolute_path, PHP_URL_PATH));	23	$filename = basename(parse_url($absolute_path, PHP_URL_PATH));
23	$directory = create_assets_directory($id);	24	$directory = create_assets_directory($id);
24	$fullpath = $directory . '/' . $filename;	25	$fullpath = $directory . '/' . $filename;
25	download_pictures($absolute_path, $fullpath);	26
26	$content = str_replace($matches[$i][2], $fullpath, $content);	27	if (in_array($absolute_path, $processing_pictures) === true) {
		28	// replace picture's URL only if processing is OK : already processing -> go to next picture
		29	continue;
		30	}
		31
		32	if (download_pictures($absolute_path, $fullpath) === true) {
		33	$content = str_replace($matches[$i][2], $fullpath, $content);
		34	}
		35
		36	$processing_pictures[] = $absolute_path;
27	}	37	}
28		38
29	}	39	}
@@ -64,6 +74,8 @@ function get_absolute_link($relative_link, $url) {
64		74
65	/**	75	/**
66	* Téléchargement des images	76	* Téléchargement des images
		77	*
		78	* @return bool true if the download and processing is OK, false else
67	*/	79	*/
68	function download_pictures($absolute_path, $fullpath)	80	function download_pictures($absolute_path, $fullpath)
69	{	81	{
@@ -73,9 +85,44 @@ function download_pictures($absolute_path, $fullpath)
73	if(file_exists($fullpath)) {	85	if(file_exists($fullpath)) {
74	unlink($fullpath);	86	unlink($fullpath);
75	}	87	}
76	$fp = fopen($fullpath, 'x');	88
77	fwrite($fp, $rawdata);	89	// check extension
78	fclose($fp);	90	$file_ext = strrchr($fullpath, '.');
		91	$whitelist = array(".jpg",".jpeg",".gif",".png");
		92	if (!(in_array($file_ext, $whitelist))) {
		93	Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath);
		94	return false;
		95	}
		96
		97	// check headers
		98	$imageinfo = getimagesize($absolute_path);
		99	if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') {
		100	Tools::logm('processed image with bad header. Skipping ' . $fullpath);
		101	return false;
		102	}
		103
		104	// regenerate image
		105	$im = imagecreatefromstring($rawdata);
		106	if ($im === false) {
		107	Tools::logm('error while regenerating image ' . $fullpath);
		108	return false;
		109	}
		110
		111	switch ($imageinfo['mime']) {
		112	case 'image/gif':
		113	$result = imagegif($im, $fullpath);
		114	break;
		115	case 'image/jpeg':
		116	case 'image/jpg':
		117	$result = imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY);
		118	break;
		119	case 'image/png':
		120	$result = imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9));
		121	break;
		122	}
		123	imagedestroy($im);
		124
		125	return $result;
79	}	126	}
80		127
81	/**	128	/**