diff options
author | Marc Alexander <admin@m-a-styles.de> | 2018-11-10 17:04:00 +0100 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2018-11-10 17:04:00 +0100 |
commit | 0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac (patch) | |
tree | 03a2df99a9f37139f5d530b68a7b125eacd281b6 /phpBB/includes | |
parent | 65226168ee2841dbe7f6934b16ff38f0a27ac09b (diff) | |
parent | c0a26e3d57e69fb1dc436379b4e3609bc10f9194 (diff) | |
download | forums-0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac.tar forums-0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac.tar.gz forums-0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac.tar.bz2 forums-0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac.tar.xz forums-0dfbb60bc322ccda7a6e670a5f5ec9ab2f536eac.zip |
Merge pull request #42 from phpbb/ticket/security/227
[ticket/security/227] Replace ImageMagick support with thumbnail event
Diffstat (limited to 'phpBB/includes')
-rw-r--r-- | phpBB/includes/acp/acp_attachments.php | 74 | ||||
-rw-r--r-- | phpBB/includes/functions_acp.php | 7 | ||||
-rw-r--r-- | phpBB/includes/functions_posting.php | 42 | ||||
-rw-r--r-- | phpBB/includes/questionnaire/questionnaire.php | 1 |
4 files changed, 26 insertions, 98 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 6c2df8d999..5b1db5c31b 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -164,7 +164,6 @@ class acp_attachments 'img_create_thumbnail' => array('lang' => 'CREATE_THUMBNAIL', 'validate' => 'bool', 'type' => 'radio:yes_no', 'explain' => true), 'img_max_thumb_width' => array('lang' => 'MAX_THUMB_WIDTH', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_min_thumb_filesize' => array('lang' => 'MIN_THUMB_FILESIZE', 'validate' => 'int:0:999999999999999', 'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']), - 'img_imagick' => array('lang' => 'IMAGICK_PATH', 'validate' => 'absolute_path', 'type' => 'text:20:200', 'explain' => true, 'append' => ' <span>[ <a href="' . $this->u_action . '&action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'), 'img_max' => array('lang' => 'MAX_IMAGE_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), 'img_link' => array('lang' => 'IMAGE_LINK_SIZE', 'validate' => 'int:0:9999', 'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']), ) @@ -234,38 +233,6 @@ class acp_attachments $template->assign_var('S_ATTACHMENT_SETTINGS', true); - if ($action == 'imgmagick') - { - $this->new_config['img_imagick'] = $this->search_imagemagick(); - } - - // We strip eventually manual added convert program, we only want the patch - if ($this->new_config['img_imagick']) - { - // Change path separator - $this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']); - $this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']); - - // Check for trailing slash - if (substr($this->new_config['img_imagick'], -1) !== '/') - { - $this->new_config['img_imagick'] .= '/'; - } - } - - $supported_types = get_supported_image_types(); - - // Check Thumbnail Support - if (!$this->new_config['img_imagick'] && (!isset($supported_types['format']) || !count($supported_types['format']))) - { - $this->new_config['img_create_thumbnail'] = 0; - } - - $template->assign_vars(array( - 'U_SEARCH_IMAGICK' => $this->u_action . '&action=imgmagick', - 'S_THUMBNAIL_SUPPORT' => (!$this->new_config['img_imagick'] && (!isset($supported_types['format']) || !count($supported_types['format']))) ? false : true) - ); - // Secure Download Options - Same procedure as with banning $allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED'; @@ -1496,47 +1463,6 @@ class acp_attachments } /** - * Search Imagick - */ - function search_imagemagick() - { - $imagick = ''; - - $exe = ((defined('PHP_OS')) && (preg_match('#^win#i', PHP_OS))) ? '.exe' : ''; - - $magic_home = getenv('MAGICK_HOME'); - - if (empty($magic_home)) - { - $locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/'); - $path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH')))); - - $locations = array_merge($path_locations, $locations); - - foreach ($locations as $location) - { - // The path might not end properly, fudge it - if (substr($location, -1) !== '/') - { - $location .= '/'; - } - - if (@file_exists($location) && @is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000) - { - $imagick = str_replace('\\', '/', $location); - continue; - } - } - } - else - { - $imagick = str_replace('\\', '/', $magic_home); - } - - return $imagick; - } - - /** * Test Settings */ function test_upload(&$error, $upload_dir, $create_directory = false) diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php index 8bf42aa36e..9b7491305c 100644 --- a/phpBB/includes/functions_acp.php +++ b/phpBB/includes/functions_acp.php @@ -564,9 +564,6 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) $cfg_array[$config_name] = trim($destination); - // Absolute file path - case 'absolute_path': - case 'absolute_path_writable': // Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir... case 'path': case 'wpath': @@ -585,7 +582,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) break; } - $path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name]; + $path = $phpbb_root_path . $cfg_array[$config_name]; if (!file_exists($path)) { @@ -598,7 +595,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error) } // Check if the path is writable - if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable') + if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath') { if (file_exists($path) && !$phpbb_filesystem->is_writable($path)) { diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 1e8f1ad00d..c7d691287c 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -519,7 +519,7 @@ function get_supported_image_types($type = false) */ function create_thumbnail($source, $destination, $mimetype) { - global $config, $phpbb_filesystem; + global $config, $phpbb_filesystem, $phpbb_dispatcher; $min_filesize = (int) $config['img_min_thumb_filesize']; $img_filesize = (file_exists($source)) ? @filesize($source) : false; @@ -551,25 +551,31 @@ function create_thumbnail($source, $destination, $mimetype) return false; } - $used_imagick = false; + $thumbnail_created = false; - // Only use ImageMagick if defined and the passthru function not disabled - if ($config['img_imagick'] && function_exists('passthru')) - { - if (substr($config['img_imagick'], -1) !== '/') - { - $config['img_imagick'] .= '/'; - } - - @passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -geometry ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" "' . str_replace('\\', '/', $destination) . '"'); - - if (file_exists($destination)) - { - $used_imagick = true; - } - } + /** + * Create thumbnail event to replace GD thumbnail creation with for example ImageMagick + * + * @event core.thumbnail_create_before + * @var string source Image source path + * @var string destination Thumbnail destination path + * @var string mimetype Image mime type + * @var float new_width Calculated thumbnail width + * @var float new_height Calculated thumbnail height + * @var bool thumbnail_created Set to true to skip default GD thumbnail creation + * @since 3.2.4 + */ + $vars = array( + 'source', + 'destination', + 'mimetype', + 'new_width', + 'new_height', + 'thumbnail_created', + ); + extract($phpbb_dispatcher->trigger_event('core.thumbnail_create_before', compact($vars))); - if (!$used_imagick) + if (!$thumbnail_created) { $type = get_supported_image_types($type); diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php index 5a27124bf9..2f80582918 100644 --- a/phpBB/includes/questionnaire/questionnaire.php +++ b/phpBB/includes/questionnaire/questionnaire.php @@ -369,7 +369,6 @@ class phpbb_questionnaire_phpbb_data_provider 'hot_threshold' => true, 'img_create_thumbnail' => true, 'img_display_inlined' => true, - 'img_imagick' => true, 'img_link_height' => true, 'img_link_width' => true, 'img_max_height' => true, |