Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Imagick PHP extension
C PHP Other

Added max version to pecl package.xml. Corrected wrong types document…

…ed for getcolorvaluequantum. Fixed typos.
latest commit dd6e80c70a
@Danack Danack authored
Failed to load latest commit information.
examples Added checking if font is set in Imagick::annotateImage and ImagickDr…
rpm Keep flexibility
tests Added get/setAntiAlias imagick functions.
.travis.yml Moved setting CFLAGS out of travis script, to allow it to be more fle…
CREDITS Missing a newline from the last line.
ChangeLog Added get/setAntiAlias to ChangeLog. Added this releases notes to the…
LICENSE Added LICENSE file
README.md Moved myself to lead as apparently this is required to keep the abili…
check-loaded.phpt Added test that Imagick is actually loaded.
config.m4 Added ImagickKernel class and morphology function, as well as all the…
config.w32 Added ImagickKernel class and morphology function, as well as all the…
configure-cflags.sh Moved setting CFLAGS out of travis script, to allow it to be more fle…
imagemagick.m4 Debian 8 no longer distributes the *-config scripts. Everything
imagemagick_dependency.sh Just dev for now, adding trunk later
imagick.c Added max version to pecl package.xml. Corrected wrong types document…
imagick_class.c Added max version to pecl package.xml. Corrected wrong types document…
imagick_file.c Fixed const correctness changed in 5.6
imagick_helpers.c Added max version to pecl package.xml. Corrected wrong types document…
imagickdraw_class.c Removed check of whether font is available as the font family name is…
imagickkernel_class.c Correct descriptions in function prototypes. Updated readme to have m…
imagickpixel_class.c Normalised the methods for testing pixel similarity
imagickpixeliterator_class.c Corrected parameters to be size_t where ImageMagick requires them.
package.xml Added max version to pecl package.xml. Corrected wrong types document…
php_imagick.h Put correct version numbers for release.
php_imagick_defs.h Removed erroring on version mismatch. It now just gives a warning. Ad…
php_imagick_file.h Improve error message for situations where user accidentally reads dir
php_imagick_helpers.h Corrected function names to module standard. Free callback structures…
php_imagick_macros.h Rewrite PixelIterator related classes. Add getPixelIterator and getPi…
php_imagick_shared.h Windows <3
validate.sh Update changelog, package.xml and add simple script for validating re…

README.md

Build Status

Imagick

Imagick is a PHP extension to create and modify images using the ImageMagick library. There is also a version of Imagick available for HHVM. Although the two extensions are mostly compatible in their API, and they both call the ImageMagick library, the two extensions are completely separate code-bases.

PHP Imagick Source code + issues - https://github.com/mkoppanen/imagick Releases - http://pecl.php.net/package/imagick Documentation - http://php.net/manual/en/book.imagick.php

Bugs can also be reported at https://bugs.php.net but may have a slower response time.

HHVM Imagick - https://github.com/facebook/hhvm/tree/master/hphp/runtime/ext/imagick

Examples

Almost all of the functions in the library have an example at www.phpimagick.com, where you can see the example code to call the function, as well as the generated image or output.

ImageMagick

ImageMagick, the library that the Imagick extension exposes to PHP has had many bug fixes, that have fixed many image corruption issues. We strongly recommend upgrading to the latest version (currently 6.9.1) if at all possible.

Security

The PHP extension Imagick works by calling the ImageMagick library. Although the ImageMagick developers take good care in avoiding bugs it is inevitable that some bugs will be present in the code. ImageMagick also uses a lot of third party libraries to open, read and manipulate files. The writers of these libraries also take care when writing their code. However everyone makes mistakes and there will inevitably be some bugs present.

Because ImageMagick is used to process images it is feasibly possible for hackers to create images that contain invalid data to attempt to exploit these bugs. Because of this we recommend the following:

1) Do not run Imagick in a server that is directly accessible from outside your network. It is better to either use it as a background task using something like SupervisorD or to run it in a separate server that is not directly access on the internet.

Doing this will make it difficult for hackers to exploit a bug, even if one should exist in the libraries that ImageMagick is using.

2) Run it as a very low privileged process. As much as possible the files and system resources accessible to the PHP script that Imagick is being called from should be locked down.

3) Check the result of the image processing is a valid image file before displaying it to the user. In the extremely unlikely event that a hacker is able to pipe arbitrary files to the output of Imagick, checking that it is an image file, and not the source code of your application that is being sent, is a sensible precaution. This can be accomplished by the following code:

<?php
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $filename);

$allowedMimeTypes = [
    'image/gif',
    'image/jpg',
    'image/png'
];

if (in_array($mimeType, $allowedMimeTypes) == false) {
    throw new \SecurityException("Was going to send file '$filename' to the user, but it is not an image file.");
}

These recommendations do not guarantee any security, but they should limit your exposure to any Imagick/ImageMagick related security issue.

OpenMP

ImageMagick has the ability to use the Open Multi-Processing API to be able to use multiple threads to process an image at once. Some implementations of OpenMP are known to have stability issues when they are used in certain environments.

We recommend doing one of the following:

  • Disabling OpenMP support in ImageMagick by compiling it with the compile flag "--disable-openmp" set.

  • Disable the use of threads in ImageMagick by calling: Imagick::setResourceLimit(\Imagick::RESOURCETYPE_THREAD, 1); or Imagick::setResourceLimit(6, 1); if your version of Imagick does not contain the RESOURCETYPE_THREAD constant.

  • If you do want to use OpenMP in ImageMagick when it's called through Imagick, you should test thoroughly that it behaves correctly on your server.

TODO

Documentation needs a lot of work. There is an online editor here: https://edit.php.net/ Contributions are more than welcome.

Something went wrong with that request. Please try again.