diff --git a/data/version.php b/data/version.php index 63021b2..b2fe466 100644 --- a/data/version.php +++ b/data/version.php @@ -10,5 +10,5 @@ if (!defined('OPENPNE_VERSION')) { - define('OPENPNE_VERSION', '3.6beta7'); + define('OPENPNE_VERSION', '3.6beta8'); } diff --git a/plugins/sfImageHandlerPlugin/lib/image/generator/sfImageGenerator.class.php b/plugins/sfImageHandlerPlugin/lib/image/generator/sfImageGenerator.class.php index b458372..d7a99b5 100644 --- a/plugins/sfImageHandlerPlugin/lib/image/generator/sfImageGenerator.class.php +++ b/plugins/sfImageHandlerPlugin/lib/image/generator/sfImageGenerator.class.php @@ -17,6 +17,8 @@ */ abstract class sfImageGenerator { + const ERROR_NOT_ALLOWED_SIZE = 101; + protected $quality = 75, $width = 0, @@ -33,6 +35,8 @@ abstract class sfImageGenerator public function initialize($options) { + $this->allowedSize = sfImageHandler::getAllowedSize(); + $options = array_merge(array('width' => $this->width, 'height' => $this->height), $options); $this->setImageSize($options['width'], $options['height']); @@ -45,8 +49,6 @@ abstract class sfImageGenerator { $this->format = $options['format']; } - - $this->allowedSize = sfImageHandler::getAllowedSize(); } public function configure() @@ -55,6 +57,11 @@ abstract class sfImageGenerator public function setImageSize($width, $height) { + if (!$this->checkSizeAllowed($width, $height)) + { + throw new RuntimeException('Requested image size is not allowed', sfImageGenerator::ERROR_NOT_ALLOWED_SIZE); + } + if (is_numeric($width)) { $this->width = $width; @@ -84,6 +91,12 @@ abstract class sfImageGenerator protected function checkSizeAllowed($w, $h) { + // an empty string of width and height are allowed + if ('' === $w && '' === $h) + { + return true; + } + return in_array($w.'x'.$h, $this->allowedSize); } diff --git a/plugins/sfImageHandlerPlugin/lib/image/sfImageHandler.class.php b/plugins/sfImageHandlerPlugin/lib/image/sfImageHandler.class.php index 5567a65..6bf43ce 100644 --- a/plugins/sfImageHandlerPlugin/lib/image/sfImageHandler.class.php +++ b/plugins/sfImageHandlerPlugin/lib/image/sfImageHandler.class.php @@ -58,12 +58,6 @@ class sfImageHandler public function initialize($options) { - if (isset($options['filename'])) - { - $class = self::getStorageClassName(); - $this->storage = call_user_func(array($class, 'find'), $options['filename'], $class); - } - if (!sfConfig::has('op_image_generator_name')) { $isMagick = sfConfig::get('op_use_imagemagick', 0); @@ -86,6 +80,12 @@ class sfImageHandler $this->generator = new $className($options); $this->options = $options; + + if (isset($options['filename'])) + { + $class = self::getStorageClassName(); + $this->storage = call_user_func(array($class, 'find'), $options['filename'], $class); + } } public function createImage() diff --git a/plugins/sfImageHandlerPlugin/lib/sfImageHandlerRouting.class.php b/plugins/sfImageHandlerPlugin/lib/sfImageHandlerRouting.class.php index 9cd1c54..db6724c 100644 --- a/plugins/sfImageHandlerPlugin/lib/sfImageHandlerRouting.class.php +++ b/plugins/sfImageHandlerPlugin/lib/sfImageHandlerRouting.class.php @@ -4,6 +4,14 @@ class sfImageHandlerRouting static public function listenToRoutingLoadConfigurationEvent(sfEvent $event) { $routing = $event->getSubject(); + + $routing->prependRoute('image_nodefaults', + new sfRoute( + '/image/*', + array('module' => 'default', 'action' => 'error') + ) + ); + $routing->prependRoute('image', new sfRoute( '/cache/img/:format/:width_:height/:filename.:noice', diff --git a/plugins/sfImageHandlerPlugin/modules/image/actions/actions.class.php b/plugins/sfImageHandlerPlugin/modules/image/actions/actions.class.php index fe8a4b8..74b1989 100644 --- a/plugins/sfImageHandlerPlugin/modules/image/actions/actions.class.php +++ b/plugins/sfImageHandlerPlugin/modules/image/actions/actions.class.php @@ -28,7 +28,21 @@ class imageActions extends sfActions 'width' => str_replace('w', '', $request->getParameter('width', null)), 'height' => str_replace('h', '', $request->getParameter('height', null)), ); - $image = new sfImageHandler($params); + + try + { + $image = new sfImageHandler($params); + } + catch (RuntimeException $e) + { + if (sfImageGenerator::ERROR_NOT_ALLOWED_SIZE !== $e->getCode()) + { + throw $e; + } + + $this->forward404($e->getMessage()); + } + $this->forward404Unless($image->isValidSource(), 'Invalid URL.'); $binary = $image->createImage();