[ticket/security/227] Replace ImageMagick support with thumbnail event

SECURITY-227
author: Derky <derky@phpbb.com> 2018-10-23 23:51:55 +0200
committer: Derky <derky@phpbb.com> 2018-10-23 23:57:24 +0200
commit: d753351edc04a45c61411ee09607fb932d314617 (patch)
tree: 786d721e1cfac4866705114494982a2e45bcd467 /phpBB/includes
parent: ae6c3b0d34c662f107fb7cb8d9e26e5bd252a3b3 (diff)
download: forums-d753351edc04a45c61411ee09607fb932d314617.tar
forums-d753351edc04a45c61411ee09607fb932d314617.tar.gz
forums-d753351edc04a45c61411ee09607fb932d314617.tar.bz2
forums-d753351edc04a45c61411ee09607fb932d314617.tar.xz
forums-d753351edc04a45c61411ee09607fb932d314617.zip
4 files changed, 28 insertions, 90 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 6c2df8d999..e8e0cd5cbb 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -164,7 +164,6 @@ class acp_attachments
 						'img_create_thumbnail'		=> array('lang' => 'CREATE_THUMBNAIL',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'img_max_thumb_width'		=> array('lang' => 'MAX_THUMB_WIDTH',		'validate' => 'int:0:999999999999999',	'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_min_thumb_filesize'	=> array('lang' => 'MIN_THUMB_FILESIZE',	'validate' => 'int:0:999999999999999',	'type' => 'number:0:999999999999999', 'explain' => true, 'append' => ' ' . $user->lang['BYTES']),
-						'img_imagick'				=> array('lang' => 'IMAGICK_PATH',			'validate' => 'absolute_path',	'type' => 'text:20:200', 'explain' => true, 'append' => '&nbsp;&nbsp;<span>[ <a href="' . $this->u_action . '&amp;action=imgmagick">' . $user->lang['SEARCH_IMAGICK'] . '</a> ]</span>'),
 						'img_max'					=> array('lang' => 'MAX_IMAGE_SIZE',		'validate' => 'int:0:9999',	'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 						'img_link'					=> array('lang' => 'IMAGE_LINK_SIZE',		'validate' => 'int:0:9999',	'type' => 'dimension:0:9999', 'explain' => true, 'append' => ' ' . $user->lang['PIXEL']),
 					)
@@ -234,37 +233,15 @@ class acp_attachments
 
 				$template->assign_var('S_ATTACHMENT_SETTINGS', true);
 
-				if ($action == 'imgmagick')
-				{
-					$this->new_config['img_imagick'] = $this->search_imagemagick();
-				}
-
-				// We strip eventually manual added convert program, we only want the patch
-				if ($this->new_config['img_imagick'])
-				{
-					// Change path separator
-					$this->new_config['img_imagick'] = str_replace('\\', '/', $this->new_config['img_imagick']);
-					$this->new_config['img_imagick'] = str_replace(array('convert', '.exe'), array('', ''), $this->new_config['img_imagick']);
-
-					// Check for trailing slash
-					if (substr($this->new_config['img_imagick'], -1) !== '/')
-					{
-						$this->new_config['img_imagick'] .= '/';
-					}
-				}
-
 				$supported_types = get_supported_image_types();
 
 				// Check Thumbnail Support
-				if (!$this->new_config['img_imagick'] && (!isset($supported_types['format']) || !count($supported_types['format'])))
+				if (!isset($supported_types['format']) || !count($supported_types['format']))
 				{
 					$this->new_config['img_create_thumbnail'] = 0;
 				}
 
-				$template->assign_vars(array(
-					'U_SEARCH_IMAGICK'		=> $this->u_action . '&amp;action=imgmagick',
-					'S_THUMBNAIL_SUPPORT'	=> (!$this->new_config['img_imagick'] && (!isset($supported_types['format']) || !count($supported_types['format']))) ? false : true)
-				);
+				$template->assign_var('S_THUMBNAIL_SUPPORT', (!isset($supported_types['format']) || !count($supported_types['format'])) ? false : true);
 
 				// Secure Download Options - Same procedure as with banning
 				$allow_deny = ($this->new_config['secure_allow_deny']) ? 'ALLOWED' : 'DISALLOWED';
@@ -1496,47 +1473,6 @@ class acp_attachments
 	}
 
 	/**
-	* Search Imagick
-	*/
-	function search_imagemagick()
-	{
-		$imagick = '';
-
-		$exe = ((defined('PHP_OS')) && (preg_match('#^win#i', PHP_OS))) ? '.exe' : '';
-
-		$magic_home = getenv('MAGICK_HOME');
-
-		if (empty($magic_home))
-		{
-			$locations = array('C:/WINDOWS/', 'C:/WINNT/', 'C:/WINDOWS/SYSTEM/', 'C:/WINNT/SYSTEM/', 'C:/WINDOWS/SYSTEM32/', 'C:/WINNT/SYSTEM32/', '/usr/bin/', '/usr/sbin/', '/usr/local/bin/', '/usr/local/sbin/', '/opt/', '/usr/imagemagick/', '/usr/bin/imagemagick/');
-			$path_locations = str_replace('\\', '/', (explode(($exe) ? ';' : ':', getenv('PATH'))));
-
-			$locations = array_merge($path_locations, $locations);
-
-			foreach ($locations as $location)
-			{
-				// The path might not end properly, fudge it
-				if (substr($location, -1) !== '/')
-				{
-					$location .= '/';
-				}
-
-				if (@file_exists($location) && @is_readable($location . 'mogrify' . $exe) && @filesize($location . 'mogrify' . $exe) > 3000)
-				{
-					$imagick = str_replace('\\', '/', $location);
-					continue;
-				}
-			}
-		}
-		else
-		{
-			$imagick = str_replace('\\', '/', $magic_home);
-		}
-
-		return $imagick;
-	}
-
-	/**
 	* Test Settings
 	*/
 	function test_upload(&$error, $upload_dir, $create_directory = false)
diff --git a/phpBB/includes/functions_acp.php b/phpBB/includes/functions_acp.php
index 8bf42aa36e..9b7491305c 100644
--- a/phpBB/includes/functions_acp.php
+++ b/phpBB/includes/functions_acp.php
@@ -564,9 +564,6 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 
 				$cfg_array[$config_name] = trim($destination);
 
-			// Absolute file path
-			case 'absolute_path':
-			case 'absolute_path_writable':
 			// Path being relative (still prefixed by phpbb_root_path), but with the ability to escape the root dir...
 			case 'path':
 			case 'wpath':
@@ -585,7 +582,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 					break;
 				}
 
-				$path = in_array($config_definition['validate'], array('wpath', 'path', 'rpath', 'rwpath')) ? $phpbb_root_path . $cfg_array[$config_name] : $cfg_array[$config_name];
+				$path = $phpbb_root_path . $cfg_array[$config_name];
 
 				if (!file_exists($path))
 				{
@@ -598,7 +595,7 @@ function validate_config_vars($config_vars, &$cfg_array, &$error)
 				}
 
 				// Check if the path is writable
-				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath' || $config_definition['validate'] === 'absolute_path_writable')
+				if ($config_definition['validate'] == 'wpath' || $config_definition['validate'] == 'rwpath')
 				{
 					if (file_exists($path) && !$phpbb_filesystem->is_writable($path))
 					{
diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php
index 1e8f1ad00d..2d713481a5 100644
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@@ -519,7 +519,7 @@ function get_supported_image_types($type = false)
 */
 function create_thumbnail($source, $destination, $mimetype)
 {
-	global $config, $phpbb_filesystem;
+	global $config, $phpbb_filesystem, $phpbb_dispatcher;
 
 	$min_filesize = (int) $config['img_min_thumb_filesize'];
 	$img_filesize = (file_exists($source)) ? @filesize($source) : false;
@@ -551,25 +551,31 @@ function create_thumbnail($source, $destination, $mimetype)
 		return false;
 	}
 
-	$used_imagick = false;
+	$thumbnail_created = false;
 
-	// Only use ImageMagick if defined and the passthru function not disabled
-	if ($config['img_imagick'] && function_exists('passthru'))
-	{
-		if (substr($config['img_imagick'], -1) !== '/')
-		{
-			$config['img_imagick'] .= '/';
-		}
-
-		@passthru(escapeshellcmd($config['img_imagick']) . 'convert' . ((defined('PHP_OS') && preg_match('#^win#i', PHP_OS)) ? '.exe' : '') . ' -quality 85 -geometry ' . $new_width . 'x' . $new_height . ' "' . str_replace('\\', '/', $source) . '" "' . str_replace('\\', '/', $destination) . '"');
-
-		if (file_exists($destination))
-		{
-			$used_imagick = true;
-		}
-	}
+	/**
+	 * Create thumbnail event to replace GD thumbnail creation with for example ImageMagick
+	 *
+	 * @event core.thumbnail_create_before
+	 * @var	string	source				Image source path
+	 * @var	string	destination			Thumbnail destination path
+	 * @var	string	mimetype			Image mime type
+	 * @var	float	new_width			Calculated thumbnail width
+	 * @var	float	new_height			Calculated thumbnail height
+	 * @var	bool	thumbnail_created	Set to true to skip default GD thumbnail creation
+	 * @since 3.2.4-RC1
+	 */
+	$vars = array(
+		'source',
+		'destination',
+		'mimetype',
+		'new_width',
+		'new_height',
+		'thumbnail_created',
+	);
+	extract($phpbb_dispatcher->trigger_event('core.thumbnail_create_before', compact($vars)));
 
-	if (!$used_imagick)
+	if (!$thumbnail_created)
 	{
 		$type = get_supported_image_types($type);
 
diff --git a/phpBB/includes/questionnaire/questionnaire.php b/phpBB/includes/questionnaire/questionnaire.php
index ee6d0ee2a6..5e7aca6a55 100644
--- a/phpBB/includes/questionnaire/questionnaire.php
+++ b/phpBB/includes/questionnaire/questionnaire.php
@@ -369,7 +369,6 @@ class phpbb_questionnaire_phpbb_data_provider
 			'hot_threshold' => true,
 			'img_create_thumbnail' => true,
 			'img_display_inlined' => true,
-			'img_imagick' => true,
 			'img_link_height' => true,
 			'img_link_width' => true,
 			'img_max_height' => true,
author	Derky <derky@phpbb.com>	2018-10-23 23:51:55 +0200
committer	Derky <derky@phpbb.com>	2018-10-23 23:57:24 +0200
commit	d753351edc04a45c61411ee09607fb932d314617 (patch)
tree	786d721e1cfac4866705114494982a2e45bcd467 /phpBB/includes
parent	ae6c3b0d34c662f107fb7cb8d9e26e5bd252a3b3 (diff)
download	forums-d753351edc04a45c61411ee09607fb932d314617.tar forums-d753351edc04a45c61411ee09607fb932d314617.tar.gz forums-d753351edc04a45c61411ee09607fb932d314617.tar.bz2 forums-d753351edc04a45c61411ee09607fb932d314617.tar.xz forums-d753351edc04a45c61411ee09607fb932d314617.zip