moparisthebest/wallabag
1
0
Fork 0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-27 11:22:17 -05:00
Code Issues Releases Wiki Activity

Merge pull request #1 from leblanc-simon/images_security

Browse Source 
Optimisation et gestion des erreurs
This commit is contained in:
tcitworld 2014-05-20 11:42:22 +02:00
commit 99408dfcf3
1 changed files with 45 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
inc/poche/pochePictures.php
View File

@ -14,6 +14,7 @@
function filtre_picture($content, $url, $id) function filtre_picture($content, $url, $id)
{ {
$matches = array(); $matches = array();
$processing_pictures = array(); // list of processing image to avoid processing the same pictures twice
preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER); preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
foreach($matches as $i => $link) { foreach($matches as $i => $link) {
$link[1] = trim($link[1]); $link[1] = trim($link[1]);
@ -22,10 +23,19 @@ function filtre_picture($content, $url, $id)
$filename = basename(parse_url($absolute_path, PHP_URL_PATH)); $filename = basename(parse_url($absolute_path, PHP_URL_PATH));
$directory = create_assets_directory($id); $directory = create_assets_directory($id);
$fullpath = $directory . '/' . $filename; $fullpath = $directory . '/' . $filename;
download_pictures($absolute_path, $fullpath);
if (in_array($absolute_path, $processing_pictures) === true) {
// replace picture's URL only if processing is OK : already processing -> go to next picture
continue;
}
if (download_pictures($absolute_path, $fullpath) === true) {
$content = str_replace($matches[$i][2], $fullpath, $content); $content = str_replace($matches[$i][2], $fullpath, $content);
} }
$processing_pictures[] = $absolute_path;
}
} }
return $content; return $content;
@ -64,6 +74,8 @@ function get_absolute_link($relative_link, $url) {
/** /**
* Téléchargement des images * Téléchargement des images
*
* @return bool true if the download and processing is OK, false else
*/ */
function download_pictures($absolute_path, $fullpath) function download_pictures($absolute_path, $fullpath)
{ {
@ -79,33 +91,38 @@ function download_pictures($absolute_path, $fullpath)
$whitelist = array(".jpg",".jpeg",".gif",".png"); $whitelist = array(".jpg",".jpeg",".gif",".png");
if (!(in_array($file_ext, $whitelist))) { if (!(in_array($file_ext, $whitelist))) {
Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath); Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath);
} else { return false;
}
// check headers // check headers
$imageinfo = getimagesize($absolute_path); $imageinfo = getimagesize($absolute_path);
if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') { if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') {
Tools::logm('processed image with bad header. Skipping ' . $fullpath); Tools::logm('processed image with bad header. Skipping ' . $fullpath);
} else { return false;
}
// regenerate image // regenerate image
$im = imagecreatefromstring($rawdata); $im = imagecreatefromstring($rawdata);
if ($im) { if ($im === false) {
Tools::logm('error while regenerating image ' . $fullpath);
return false;
}
switch ($imageinfo['mime']) { switch ($imageinfo['mime']) {
case 'image/gif': case 'image/gif':
imagegif($im, $fullpath); $result = imagegif($im, $fullpath);
break; break;
case 'image/jpeg': case 'image/jpeg':
case 'image/jpg': case 'image/jpg':
imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY); $result = imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY);
break; break;
case 'image/png': case 'image/png':
imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9)); $result = imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9));
break; break;
} }
imagedestroy($im); imagedestroy($im);
} else {
Tools::logm('error while regenerating image ' . $fullpath); return $result;
}
}
}
} }
/** /**