Permalink
Browse files

Fixing a security issue, putting in fix for BOM issue, fixing bug wit…

…h image resizing.
  • Loading branch information...
Cody Lundquist
Cody Lundquist committed Mar 20, 2013
1 parent e278983 commit 879d09d74d987f8712b85ec2a9fb3e25a48d74e4
View
@@ -4,12 +4,19 @@
// DIRECTORY_SEPARATOR alias
defined('DS') || define('DS' , DIRECTORY_SEPARATOR);
// Folder where Munee is located
defined('MUNEE_FOLDER') || define('MUNEE_FOLDER', dirname(__DIR__));
// Define Webroot if hasn't already been defined
defined('WEBROOT') || define('WEBROOT', str_replace($_SERVER['SCRIPT_NAME'], '', $_SERVER['SCRIPT_FILENAME']));
// Folder where Munee is located
defined('MUNEE_FOLDER') || define('MUNEE_FOLDER', dirname(__DIR__));
// Define the cache path
defined('MUNEE_CACHE') || define('MUNEE_CACHE', MUNEE_FOLDER . DS . 'cache');
// Define default character encoding
defined('MUNEE_CHARACTER_ENCODING') || define('MUNEE_CHARACTER_ENCODING', 'UTF-8');
// If mbstring is installed, set the encoding default
if (function_exists('mb_internal_encoding')) {
mb_internal_encoding(MUNEE_CHARACTER_ENCODING);
}
/**
* Register the CSS Asset Class with the extensions .css and .less
@@ -33,6 +33,7 @@ public function getAllowedParams()
*
* @param string $originalFile
* @param array $arguments
* @param array $typeOptions
*/
abstract public function doFilter($originalFile, $arguments);
abstract public function doFilter($originalFile, $arguments, $typeOptions);
}
@@ -35,10 +35,11 @@ class Minify extends Filter
*
* @param string $file
* @param array $arguments
* @param array $cssOptions
*
* @return void
*/
public function doFilter($file, $arguments)
public function doFilter($file, $arguments, $cssOptions)
{
if (! $arguments['minify']) {
return;
@@ -87,12 +87,13 @@ class Resize extends Filter
*
* @param string $originalImage
* @param array $arguments
* @param array $imageOptions
*
* @return string
* @return void
*
* @throws ErrorException
*/
public function doFilter($originalImage, $arguments)
public function doFilter($originalImage, $arguments, $imageOptions)
{
// Need at least a height or a width
if (empty($arguments['height']) && empty($arguments['width'])) {
@@ -107,23 +108,29 @@ public function doFilter($originalImage, $arguments)
$originalHeight = $size->getHeight();
$width = $originalWidth;
$height = $originalHeight;
if (! empty($arguments['height']) && ! empty($arguments['width'])) {
if ($originalWidth > $arguments['width'] || $arguments['stretch']) {
$width = $arguments['width'];
}
if ($originalHeight > $arguments['height'] || $arguments['stretch']) {
$height = $arguments['height'];
}
} elseif (! empty($arguments['height'])) {
if (! empty($arguments['height'])) {
if ($originalHeight > $arguments['height'] || $arguments['stretch']) {
$height = $arguments['height'];
}
} elseif (! empty($arguments['width'])) {
}
if (! empty($arguments['width'])) {
if ($originalWidth > $arguments['width'] || $arguments['stretch']) {
$width = $arguments['width'];
}
}
/**
* Prevent from someone from creating huge images
*/
if ($width > $imageOptions['maxAllowedResizeWidth']) {
$width = $imageOptions['maxAllowedResizeWidth'];
}
if ($height > $imageOptions['maxAllowedResizeHeight']) {
$height = $imageOptions['maxAllowedResizeHeight'];
}
$mode = $arguments['exact'] ?
ImageInterface::THUMBNAIL_OUTBOUND :
ImageInterface::THUMBNAIL_INSET;
@@ -135,6 +142,17 @@ public function doFilter($originalImage, $arguments)
$adjustedSize = $newImage->getSize();
$canvasWidth = isset($arguments['width']) ? $arguments['width'] : $adjustedSize->getWidth();
$canvasHeight = isset($arguments['height']) ? $arguments['height'] : $adjustedSize->getHeight();
/**
* Prevent from someone from creating huge images
*/
if ($canvasWidth > $imageOptions['maxAllowedResizeWidth']) {
$canvasWidth = $imageOptions['maxAllowedResizeWidth'];
}
if ($canvasHeight > $imageOptions['maxAllowedResizeHeight']) {
$canvasHeight = $imageOptions['maxAllowedResizeHeight'];
}
$canvas = $Imagine->create(
new Box($canvasWidth, $canvasHeight),
new Color($arguments['fillColour'])
@@ -34,10 +34,11 @@ class Minify extends Filter
*
* @param string $file
* @param array $arguments
* @param array $javaScriptOptions
*
* @return void
*/
public function doFilter($file, $arguments)
public function doFilter($file, $arguments, $javaScriptOptions)
{
if (! $arguments['minify']) {
return;
View
@@ -209,7 +209,7 @@ protected function _getFileContent($originalFile, $cacheFile)
if (! is_array($arguments)) {
$arguments = array($filterName => $arguments);
}
$Filter->doFilter($cacheFile, $arguments);
$Filter->doFilter($cacheFile, $arguments, $this->_options);
}
$this->_afterFilter($originalFile, $cacheFile);
@@ -260,10 +260,10 @@ protected function _generateCacheFile($file)
$fileHash = md5($file);
$optionsHash = md5($params . $requestOptions);
$cacheDir = $this->_cacheDir . DS . substr($fileHash, 0, 2) . DS . substr($optionsHash, 0, 2);
$cacheDir = $this->_cacheDir . DS . substr($fileHash, 0, 2);
Utils::createDir($cacheDir);
return $cacheDir . DS . substr($fileHash, 2) . '-' . substr($optionsHash, 2) . '.' . $ext;
return $cacheDir . DS . substr($fileHash, 2) . '-' . $optionsHash . '.' . $ext;
}
}
@@ -29,7 +29,10 @@ class Image extends Type
'allowedFiltersTimeLimit' => 300,
// Should the referrer be checked for security
'checkReferrer' => true,
'placeholders' => false
// Use a placeholder for missing images?
'placeholders' => false,
'maxAllowedResizeWidth' => 1920,
'maxAllowedResizeHeight' => 1080
);
protected $_placeholder = false;
@@ -165,13 +168,14 @@ protected function _parsePlaceholders($file)
{
$ret = false;
if (! empty($this->_options['placeholders'])) {
if (! is_array($this->_options['placeholders'])) {
throw new ErrorException('Placeholders option must be an array.');
// If it's a string, use the image for all missing images.
if (is_string($this->_options['placeholders'])) {
$this->_options['placeholders'] = array('*' => $this->_options['placeholders']);
}
foreach ($this->_options['placeholders'] as $path => $placeholder) {
// Setup path for regex
$regex = str_replace('*', '.*?', $path) . '$';
$regex = '^' . WEBROOT . str_replace(array('*', WEBROOT), array('.*?', ''), $path) . '$';
if (preg_match("%{$regex}%", $file)) {
if ('http' == substr($placeholder, 0, 4)) {
$ret = $this->_getImageByUrl($placeholder);

0 comments on commit 879d09d

Please sign in to comment.