From 007f26e582251895ea7d12b509c8aee24c4b1f47 Mon Sep 17 00:00:00 2001 From: tcit Date: Sun, 18 May 2014 22:11:56 +0200 Subject: Security fix for Download Images --- inc/poche/pochePictures.php | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index e4b0b160..3202f2cc 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php @@ -72,9 +72,39 @@ function download_pictures($absolute_path, $fullpath) if(file_exists($fullpath)) { unlink($fullpath); } - $fp = fopen($fullpath, 'x'); - fwrite($fp, $rawdata); - fclose($fp); + + // check extension + $file_ext = strrchr($fullpath, '.'); + $whitelist = array(".jpg",".jpeg",".gif",".png"); + if (!(in_array($file_ext, $whitelist))) { + Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath); + } else { + // check headers + $imageinfo = getimagesize($absolute_path); + if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { + Tools::logm('processed image with bad header. Skipping ' . $fullpath); + } else { + // regenerate image + $im = imagecreatefromstring($rawdata); + if ($im) { + switch ($imageinfo['mime']) { + case 'image/gif': + imagegif($im, $fullpath); + break; + case 'image/jpeg': + case 'image/jpg': + imagejpeg($im, $fullpath); // default quality is 75% + break; + case 'image/png': + imagepng($im, $fullpath); + break; + } + imagedestroy($im); + } else { + Tools::logm('error while regenerating image ' . $fullpath); + } + } + } } /** -- cgit v1.2.3 From 1d6a9ac25aa0ee1a51b3fcc70bc4247ff14c54e2 Mon Sep 17 00:00:00 2001 From: tcit Date: Mon, 19 May 2014 15:24:11 +0200 Subject: Option for setting quality --- inc/poche/config.inc.default.php | 1 + inc/poche/pochePictures.php | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php index edc42fc9..0e82f0cd 100755 --- a/inc/poche/config.inc.default.php +++ b/inc/poche/config.inc.default.php @@ -31,6 +31,7 @@ @define ('MODE_DEMO', FALSE); @define ('DEBUG_POCHE', FALSE); @define ('DOWNLOAD_PICTURES', FALSE); +@define ('REGENERATE_PICTURES_QUALITY'), 75); @define ('CONVERT_LINKS_FOOTNOTES', FALSE); @define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE); @define ('SHARE_TWITTER', TRUE); diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index f10cc25e..97eb56ac 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php @@ -94,10 +94,10 @@ function download_pictures($absolute_path, $fullpath) break; case 'image/jpeg': case 'image/jpg': - imagejpeg($im, $fullpath); // default quality is 75% + imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY); break; case 'image/png': - imagepng($im, $fullpath); + imagepng($im, $fullpath, REGENERATE_PICTURES_QUALITY); break; } imagedestroy($im); -- cgit v1.2.3 From 6caba976ec0c2333c33b64bc4de26c64b19f2f49 Mon Sep 17 00:00:00 2001 From: tcit Date: Mon, 19 May 2014 15:34:49 +0200 Subject: Bug with bracket --- inc/poche/config.inc.default.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/poche') diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php index 0e82f0cd..6e25b2f7 100755 --- a/inc/poche/config.inc.default.php +++ b/inc/poche/config.inc.default.php @@ -31,7 +31,7 @@ @define ('MODE_DEMO', FALSE); @define ('DEBUG_POCHE', FALSE); @define ('DOWNLOAD_PICTURES', FALSE); -@define ('REGENERATE_PICTURES_QUALITY'), 75); +@define ('REGENERATE_PICTURES_QUALITY', 75); @define ('CONVERT_LINKS_FOOTNOTES', FALSE); @define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE); @define ('SHARE_TWITTER', TRUE); -- cgit v1.2.3 From e3b00bcaf580177ecdbdb2ee90dfc263b1c2d79e Mon Sep 17 00:00:00 2001 From: tcit Date: Mon, 19 May 2014 15:59:18 +0200 Subject: Fixed bug for png images --- inc/poche/pochePictures.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/poche') diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index 97eb56ac..8f86d2f2 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php @@ -97,7 +97,7 @@ function download_pictures($absolute_path, $fullpath) imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY); break; case 'image/png': - imagepng($im, $fullpath, REGENERATE_PICTURES_QUALITY); + imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9)); break; } imagedestroy($im); -- cgit v1.2.3 From 0bf0dfe10d0dd4aaafcc7da7deb5be8ef76ad602 Mon Sep 17 00:00:00 2001 From: Simon Leblanc Date: Tue, 20 May 2014 00:42:51 +0200 Subject: Optimisation et gestion des erreurs --- inc/poche/pochePictures.php | 73 ++++++++++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 28 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php index 8f86d2f2..7c319a85 100644 --- a/inc/poche/pochePictures.php +++ b/inc/poche/pochePictures.php @@ -14,6 +14,7 @@ function filtre_picture($content, $url, $id) { $matches = array(); + $processing_pictures = array(); // list of processing image to avoid processing the same pictures twice preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER); foreach($matches as $i => $link) { $link[1] = trim($link[1]); @@ -22,8 +23,17 @@ function filtre_picture($content, $url, $id) $filename = basename(parse_url($absolute_path, PHP_URL_PATH)); $directory = create_assets_directory($id); $fullpath = $directory . '/' . $filename; - download_pictures($absolute_path, $fullpath); - $content = str_replace($matches[$i][2], $fullpath, $content); + + if (in_array($absolute_path, $processing_pictures) === true) { + // replace picture's URL only if processing is OK : already processing -> go to next picture + continue; + } + + if (download_pictures($absolute_path, $fullpath) === true) { + $content = str_replace($matches[$i][2], $fullpath, $content); + } + + $processing_pictures[] = $absolute_path; } } @@ -64,6 +74,8 @@ function get_absolute_link($relative_link, $url) { /** * Téléchargement des images + * + * @return bool true if the download and processing is OK, false else */ function download_pictures($absolute_path, $fullpath) { @@ -79,33 +91,38 @@ function download_pictures($absolute_path, $fullpath) $whitelist = array(".jpg",".jpeg",".gif",".png"); if (!(in_array($file_ext, $whitelist))) { Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath); - } else { - // check headers - $imageinfo = getimagesize($absolute_path); - if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { - Tools::logm('processed image with bad header. Skipping ' . $fullpath); - } else { - // regenerate image - $im = imagecreatefromstring($rawdata); - if ($im) { - switch ($imageinfo['mime']) { - case 'image/gif': - imagegif($im, $fullpath); - break; - case 'image/jpeg': - case 'image/jpg': - imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY); - break; - case 'image/png': - imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9)); - break; - } - imagedestroy($im); - } else { - Tools::logm('error while regenerating image ' . $fullpath); - } - } + return false; + } + + // check headers + $imageinfo = getimagesize($absolute_path); + if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { + Tools::logm('processed image with bad header. Skipping ' . $fullpath); + return false; } + + // regenerate image + $im = imagecreatefromstring($rawdata); + if ($im === false) { + Tools::logm('error while regenerating image ' . $fullpath); + return false; + } + + switch ($imageinfo['mime']) { + case 'image/gif': + $result = imagegif($im, $fullpath); + break; + case 'image/jpeg': + case 'image/jpg': + $result = imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY); + break; + case 'image/png': + $result = imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9)); + break; + } + imagedestroy($im); + + return $result; } /** -- cgit v1.2.3 From 38eecef26ba33a052475c52dead699e434b2362a Mon Sep 17 00:00:00 2001 From: tcitworld Date: Tue, 20 May 2014 11:46:05 +0200 Subject: Added info for DOWNLOAD_PICTURES We regenerate pictures, it might take some time --- inc/poche/config.inc.default.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/poche') diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php index 6e25b2f7..ffcd205d 100755 --- a/inc/poche/config.inc.default.php +++ b/inc/poche/config.inc.default.php @@ -30,7 +30,7 @@ @define ('MODE_DEMO', FALSE); @define ('DEBUG_POCHE', FALSE); -@define ('DOWNLOAD_PICTURES', FALSE); +@define ('DOWNLOAD_PICTURES', FALSE); # This can slow down the process of adding articles @define ('REGENERATE_PICTURES_QUALITY', 75); @define ('CONVERT_LINKS_FOOTNOTES', FALSE); @define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE); -- cgit v1.2.3 From 0b9bb8cb7868f24137c5d8b85c39cc88ea877411 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Mon, 26 May 2014 14:29:18 +0300 Subject: add dailymotion videos, issue #708 --- inc/poche/Poche.class.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 1b69cd61..37cf66a3 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -1142,11 +1142,12 @@ class Poche * return new purifier object with actual config */ protected function getPurifier() { - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.SerializerPath', CACHE); - $config->set('HTML.SafeIframe', true); - $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config); - + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.SerializerPath', CACHE); + $config->set('HTML.SafeIframe', true); + //allow YouTube, Vimeo and dailymotion videos + $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|www\.dailymotion\.com/embed/video/)%'); + return new HTMLPurifier($config); } -- cgit v1.2.3 From 79024eb004bfb9de77ec60d648315888e70033ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Thu, 29 May 2014 18:32:55 +0200 Subject: fix #344 FQDN with non-standard ports broken --- inc/poche/Tools.class.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'inc/poche') diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php index 7f064020..8073a3fe 100755 --- a/inc/poche/Tools.class.php +++ b/inc/poche/Tools.class.php @@ -60,6 +60,10 @@ class Tools } $host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME'])); + + if (strpos($host, ':') !== false) { + $serverport = ''; + } return 'http' . ($https ? 's' : '') . '://' . $host . $serverport . $scriptname; -- cgit v1.2.3 From cbc75befb5bdf368bec15f47413bd7669273a181 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Fri, 30 May 2014 17:14:53 +0300 Subject: small xss vulnerability and translation ability fix --- inc/poche/Poche.class.php | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 37cf66a3..b0c0adf8 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -1083,11 +1083,10 @@ class Poche $config = $this->store->getConfigUser($user_id); if ($config == null) { - die(_('User with this id (' . $user_id . ') does not exist.')); + die(_( sprintf('User with this id (%d) does not exist.', $user_id) )); } - if (!in_array($type, $allowed_types) || - $token != $config['token']) { + if (!in_array($type, $allowed_types) || $token != $config['token']) { die(_('Uh, there is a problem while generating feeds.')); } // Check the token @@ -1150,12 +1149,12 @@ class Poche return new HTMLPurifier($config); } - + /** * handle epub */ public function createEpub() { - + switch ($_GET['method']) { case 'id': $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); @@ -1191,7 +1190,7 @@ class Poche break; case 'default': die(_('Uh, there is a problem while generating epub.')); - + } $content_start = @@ -1204,11 +1203,11 @@ class Poche . "\n"; $bookEnd = "\n\n"; - + $log = new Logger("wallabag", TRUE); $fileDir = CACHE; - + $book = new EPub(EPub::BOOK_VERSION_EPUB3); $log->logLine("new EPub()"); $log->logLine("EPub class version: " . EPub::VERSION); @@ -1216,7 +1215,7 @@ class Poche $log->logLine("Zip version: " . Zip::VERSION); $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL()); $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL()); - + $book->setTitle(_('wallabag\'s articles')); $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID. //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc. @@ -1226,39 +1225,39 @@ class Poche $book->setDate(time()); // Strictly not needed as the book date defaults to time(). //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book. $book->setSourceURL("http://$_SERVER[HTTP_HOST]"); - + $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP"); $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag"); - + $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n"; - + $log->logLine("Add Cover"); - + $fullTitle = "

" . $bookTitle . "

\n"; - + $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle); - + $cover = $content_start . '

' . _('Produced by wallabag with PHPePub') . '

'. _('Please open an issue if you have trouble with the display of this E-Book on your device.') . '

' . $bookEnd; - + //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE); $book->addChapter("Notices", "Cover2.html", $cover); - + $book->buildTOC(); - + foreach ($entries as $entry) { //set tags as subjects $tags = $this->store->retrieveTagsByEntry($entry['id']); foreach ($tags as $tag) { $book->setSubject($tag['value']); } - + $log->logLine("Set up parameters"); - + $chapter = $content_start . $entry['content'] . $bookEnd; $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD); $log->logLine("Added chapter " . $entry['title']); } - if (DEBUG_POCHE) { + if (DEBUG_POCHE) { $epuplog = $book->getLog(); $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n" . $bookEnd); // log generation } -- cgit v1.2.3 From 30bd273580a326db1fcc7263e1f52948672f9848 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Fri, 30 May 2014 17:17:34 +0300 Subject: small xss vulnerability and translation ability fix --- inc/poche/Poche.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/poche') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index b0c0adf8..3d1337f3 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -1083,7 +1083,7 @@ class Poche $config = $this->store->getConfigUser($user_id); if ($config == null) { - die(_( sprintf('User with this id (%d) does not exist.', $user_id) )); + die(sprintf(_('User with this id (%d) does not exist.'), $user_id)); } if (!in_array($type, $allowed_types) || $token != $config['token']) { -- cgit v1.2.3 From 752cd4a8ef7bbc8ebd6c481ed890e0d8e46819a8 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Mon, 2 Jun 2014 18:00:09 +0300 Subject: error reporting level set in E_ALL & ~E_NOTICE by default, can be overriden in config --- inc/poche/Tools.class.php | 4 +--- inc/poche/config.inc.default.php | 4 ++++ 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'inc/poche') diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php index 8073a3fe..1ef875c9 100755 --- a/inc/poche/Tools.class.php +++ b/inc/poche/Tools.class.php @@ -18,8 +18,6 @@ class Tools die(_('Oops, it seems you don\'t have PHP 5.')); } - error_reporting(E_ALL); - function stripslashesDeep($value) { return is_array($value) ? array_map('stripslashesDeep', $value) @@ -64,7 +62,7 @@ class Tools if (strpos($host, ':') !== false) { $serverport = ''; } - + return 'http' . ($https ? 's' : '') . '://' . $host . $serverport . $scriptname; } diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php index ffcd205d..95f727c6 100755 --- a/inc/poche/config.inc.default.php +++ b/inc/poche/config.inc.default.php @@ -30,6 +30,10 @@ @define ('MODE_DEMO', FALSE); @define ('DEBUG_POCHE', FALSE); + +//default level of error reporting in application. Developers should override it in their config.inc.php: set to E_ALL. +@define ('ERROR_REPORTING', E_ALL & ~E_NOTICE); + @define ('DOWNLOAD_PICTURES', FALSE); # This can slow down the process of adding articles @define ('REGENERATE_PICTURES_QUALITY', 75); @define ('CONVERT_LINKS_FOOTNOTES', FALSE); -- cgit v1.2.3