sbrl-github/Pepperminty-Wiki
sbrl-github/Pepperminty-Wiki
1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 16:33:00 +00:00
Code Activity

Rework uploading pipeline to support svgs

Browse source
This commit is contained in:
Starbeamrainbowlabs 2016-06-04 13:33:02 +01:00
parent c953667996
commit 1d4daef507
3 changed files with 109 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
build/index.php
View file

@ -2733,7 +2733,9 @@ register_module([
{
case "image":
$extra_data = [];
$imagesize = getimagesize($temp_filename, $extra_data);
// Check SVG uploads with a special function
$imagesize = $mime_type !== "image/svg+xml" ? getimagesize($temp_filename, $extra_data) : upload_check_svg($temp_filename);
// Make sure that the image size is defined
if(!is_int($imagesize[0]) or !is_int($imagesize[1]))
{
@ -2741,7 +2743,6 @@ register_module([
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>Although the file that you uploaded appears to be an image, $settings->sitename has been unable to determine it's dimensions. The uploaded file has been discarded. <a href='?action=upload'>Go back to try again</a>.</p>
<p>You may wish to consider <a href='https://github.com/sbrl/Pepperminty-Wiki'>opening an issue</a> against Pepperminty Wiki (the software that powers $settings->sitename) if this isn't the first time that you have seen this message.</p>"));
}
break;
}
@ -2839,7 +2840,10 @@ register_module([
$filepath = $env->storage_prefix . $pageindex->{$env->page}->uploadedfilepath;
$mime_type = $pageindex->{$env->page}->uploadedfilemime;
if(isset($_GET["size"]) and $_GET["size"] == "original")
// If the size is set or original, then send (or redirect to) the original image
// Also do the same for SVGs if svg rendering is disabled.
if(isset($_GET["size"]) and $_GET["size"] == "original" or
(empty($settings->render_svg_previews) && $mime_type == "image/svg+xml"))
{
// Get the file size
$filesize = filesize($filepath);
@ -2989,7 +2993,7 @@ register_module([
// We are looking at a page that is paired with an uploaded file
$filepath = $pageindex->{$env->page}->uploadedfilepath;
$mime_type = $pageindex->{$env->page}->uploadedfilemime;
$dimensions = getimagesize($env->storage_prefix . $filepath);
$dimensions = $mime_type !== "image/svg+xml" ? getimagesize($env->storage_prefix . $filepath) : getsvgsize($env->storage_prefix . $filepath);
$fileTypeDisplay = substr($mime_type, 0, strpos($mime_type, "/"));
$previewUrl = "?action=preview&size=$settings->default_preview_size&page=" . rawurlencode($env->page);
@ -3000,14 +3004,17 @@ register_module([
case "image":
$preview_sizes = [ 256, 512, 768, 1024, 1440 ];
$preview_html .= "\t\t\t<figure class='preview'>
<img src='$previewUrl' />
<nav class='image-controls'>
<ul><li><a href='" . ($env->storage_prefix == "./" ? $filepath : "?action=preview&size=original&page=" . rawurlencode($env->page)) . "'>&#x01f304; Original image</a></li>
<li>Other Sizes: ";
foreach($preview_sizes as $size)
$preview_html .= "<a href='?action=preview&page=" . rawurlencode($env->page) . "&size=$size'>$size" . "px</a> ";
$preview_html .= "</li></ul></nav>
</figure>";
<img src='$previewUrl' />
<nav class='image-controls'>
<ul><li><a href='" . ($env->storage_prefix == "./" ? $filepath : "?action=preview&size=original&page=" . rawurlencode($env->page)) . "'>&#x01f304; Original image</a></li>";
if($mime_type !== "image/svg+xml")
{
$preview_html .= "<li>Other Sizes: ";
foreach($preview_sizes as $size)
$preview_html .= "<a href='?action=preview&page=" . rawurlencode($env->page) . "&size=$size'>$size" . "px</a> ";
$preview_html .= "</li>";
}
$preview_html .= "</ul></nav>\n\t\t\t</figure>";
break;
case "video":
@ -3029,7 +3036,8 @@ register_module([
switch($fileTypeDisplay)
{
case "image":
$fileInfo["Original dimensions"] = "$dimensions[0] x $dimensions[1]";
$dimensionsKey = $mime_type !== "image/svg+xml" ? "Original demensions" : "Native size";
$fileInfo[$dimensionsKey] = "$dimensions[0] x $dimensions[1]";
break;
}
$fileInfo["Uploaded by"] = $pageindex->{$env->page}->lasteditor;
@ -3086,6 +3094,39 @@ function parse_size($size) {
}
}
function upload_check_svg($temp_filename)
{
global $settings;
// Check for script tags
if(strpos(file_get_contents($temp_filename), "<script") !== false)
{
http_response_code(415);
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>$settings->sitename detected that you uploaded an SVG image and performed some extra security checks on your file. Whilst performing these checks it was discovered that the file you uploaded contains some Javascript, which could be dangerous. The uploaded file has been discarded. <a href='?action=upload'>Go back to try again</a>.</p>
<p>You may wish to consider <a href='https://github.com/sbrl/Pepperminty-Wiki'>opening an issue</a> against Pepperminty Wiki (the software that powers $settings->sitename) if this isn't the first time that you have seen this message.</p>"));
}
// Find and return the size of the SVG image
return getsvgsize($temp_filename);
}
function getsvgsize($svgFilename)
{
$svg = simplexml_load_file($svgFilename); // Load it as XML
if($svg === false)
{
http_response_code(415);
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>When $settings->sitename tried to open your SVG file for checking, it found some invalid syntax. The uploaded file has been discarded. <a href='?action=upload'>Go back to try again</a>.</p>"));
}
$rootAttrs = $svg->attributes();
$imageSize = false;
if(isset($rootAttrs->width) and isset($rootAttrs->height))
$imageSize = [ intval($rootAttrs->width), intval($rootAttrs->height) ];
else if(isset($rootAttrs->viewBox))
$imageSize = array_map("intval", array_slice(explode(" ", $rootAttrs->viewBox), -2, 2));
return $imageSize;
}
function errorimage($text, $target_size)
{
$width = 640;

2
module_index.json
View file

@ -77,7 +77,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
"id": "feature-upload",
"lastupdate": 1465038166,
"lastupdate": 1465043339,
"optional": false
},
{

67
modules/feature-upload.php
View file

@ -87,7 +87,9 @@ register_module([
{
case "image":
$extra_data = [];
$imagesize = getimagesize($temp_filename, $extra_data);
// Check SVG uploads with a special function
$imagesize = $mime_type !== "image/svg+xml" ? getimagesize($temp_filename, $extra_data) : upload_check_svg($temp_filename);
// Make sure that the image size is defined
if(!is_int($imagesize[0]) or !is_int($imagesize[1]))
{
@ -95,7 +97,6 @@ register_module([
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>Although the file that you uploaded appears to be an image, $settings->sitename has been unable to determine it's dimensions. The uploaded file has been discarded. <a href='?action=upload'>Go back to try again</a>.</p>
<p>You may wish to consider <a href='https://github.com/sbrl/Pepperminty-Wiki'>opening an issue</a> against Pepperminty Wiki (the software that powers $settings->sitename) if this isn't the first time that you have seen this message.</p>"));
}
break;
}
@ -193,7 +194,10 @@ register_module([
$filepath = $env->storage_prefix . $pageindex->{$env->page}->uploadedfilepath;
$mime_type = $pageindex->{$env->page}->uploadedfilemime;
if(isset($_GET["size"]) and $_GET["size"] == "original")
// If the size is set or original, then send (or redirect to) the original image
// Also do the same for SVGs if svg rendering is disabled.
if(isset($_GET["size"]) and $_GET["size"] == "original" or
(empty($settings->render_svg_previews) && $mime_type == "image/svg+xml"))
{
// Get the file size
$filesize = filesize($filepath);
@ -343,7 +347,7 @@ register_module([
// We are looking at a page that is paired with an uploaded file
$filepath = $pageindex->{$env->page}->uploadedfilepath;
$mime_type = $pageindex->{$env->page}->uploadedfilemime;
$dimensions = getimagesize($env->storage_prefix . $filepath);
$dimensions = $mime_type !== "image/svg+xml" ? getimagesize($env->storage_prefix . $filepath) : getsvgsize($env->storage_prefix . $filepath);
$fileTypeDisplay = substr($mime_type, 0, strpos($mime_type, "/"));
$previewUrl = "?action=preview&size=$settings->default_preview_size&page=" . rawurlencode($env->page);
@ -354,14 +358,17 @@ register_module([
case "image":
$preview_sizes = [ 256, 512, 768, 1024, 1440 ];
$preview_html .= "\t\t\t<figure class='preview'>
<img src='$previewUrl' />
<nav class='image-controls'>
<ul><li><a href='" . ($env->storage_prefix == "./" ? $filepath : "?action=preview&size=original&page=" . rawurlencode($env->page)) . "'>&#x01f304; Original image</a></li>
<li>Other Sizes: ";
foreach($preview_sizes as $size)
$preview_html .= "<a href='?action=preview&page=" . rawurlencode($env->page) . "&size=$size'>$size" . "px</a> ";
$preview_html .= "</li></ul></nav>
</figure>";
<img src='$previewUrl' />
<nav class='image-controls'>
<ul><li><a href='" . ($env->storage_prefix == "./" ? $filepath : "?action=preview&size=original&page=" . rawurlencode($env->page)) . "'>&#x01f304; Original image</a></li>";
if($mime_type !== "image/svg+xml")
{
$preview_html .= "<li>Other Sizes: ";
foreach($preview_sizes as $size)
$preview_html .= "<a href='?action=preview&page=" . rawurlencode($env->page) . "&size=$size'>$size" . "px</a> ";
$preview_html .= "</li>";
}
$preview_html .= "</ul></nav>\n\t\t\t</figure>";
break;
case "video":
@ -383,7 +390,8 @@ register_module([
switch($fileTypeDisplay)
{
case "image":
$fileInfo["Original dimensions"] = "$dimensions[0] x $dimensions[1]";
$dimensionsKey = $mime_type !== "image/svg+xml" ? "Original demensions" : "Native size";
$fileInfo[$dimensionsKey] = "$dimensions[0] x $dimensions[1]";
break;
}
$fileInfo["Uploaded by"] = $pageindex->{$env->page}->lasteditor;
@ -440,6 +448,39 @@ function parse_size($size) {
}
}
function upload_check_svg($temp_filename)
{
global $settings;
// Check for script tags
if(strpos(file_get_contents($temp_filename), "<script") !== false)
{
http_response_code(415);
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>$settings->sitename detected that you uploaded an SVG image and performed some extra security checks on your file. Whilst performing these checks it was discovered that the file you uploaded contains some Javascript, which could be dangerous. The uploaded file has been discarded. <a href='?action=upload'>Go back to try again</a>.</p>
<p>You may wish to consider <a href='https://github.com/sbrl/Pepperminty-Wiki'>opening an issue</a> against Pepperminty Wiki (the software that powers $settings->sitename) if this isn't the first time that you have seen this message.</p>"));
}
// Find and return the size of the SVG image
return getsvgsize($temp_filename);
}
function getsvgsize($svgFilename)
{
$svg = simplexml_load_file($svgFilename); // Load it as XML
if($svg === false)
{
http_response_code(415);
exit(page_renderer::render("Upload Error - $settings->sitename", "<p>When $settings->sitename tried to open your SVG file for checking, it found some invalid syntax. The uploaded file has been discarded. <a href='?action=upload'>Go back to try again</a>.</p>"));
}
$rootAttrs = $svg->attributes();
$imageSize = false;
if(isset($rootAttrs->width) and isset($rootAttrs->height))
$imageSize = [ intval($rootAttrs->width), intval($rootAttrs->height) ];
else if(isset($rootAttrs->viewBox))
$imageSize = array_map("intval", array_slice(explode(" ", $rootAttrs->viewBox), -2, 2));
return $imageSize;
}
function errorimage($text, $target_size)
{
$width = 640;