http://www.mediawiki.org/wiki/Special:Code/MediaWiki/65467
Revision: 65467
Author: tstarling
Date: 2010-04-23 16:24:54 +0000 (Fri, 23 Apr 2010)
Log Message:
-----------
More rigorous fix for ImageMagick parameter interpretation (bug 23148 etc.)
based on examination of the source code, updating r64932. The source was large
and complex and I might have missed some bits, but this is my best guess for
now.
Tested bug 23148 and wildcards in filenames (was broken) using a patched
convert. With a manual unit test (no convert), tested all branches of the new
functions except wfIsWindows() == true.
Modified Paths:
--------------
trunk/phase3/includes/media/Bitmap.php
Modified: trunk/phase3/includes/media/Bitmap.php
===================================================================
--- trunk/phase3/includes/media/Bitmap.php 2010-04-23 16:03:12 UTC (rev
65466)
+++ trunk/phase3/includes/media/Bitmap.php 2010-04-23 16:24:54 UTC (rev
65467)
@@ -62,7 +62,7 @@
$physicalHeight = $params['physicalHeight'];
$clientWidth = $params['width'];
$clientHeight = $params['height'];
- $descriptionUrl = isset( $params['descriptionUrl'] ) ? "File
source: ". $params['descriptionUrl'] : '';
+ $comment = isset( $params['descriptionUrl'] ) ? "File source:
". $params['descriptionUrl'] : '';
$srcWidth = $image->getWidth();
$srcHeight = $image->getHeight();
$mimeType = $image->getMimeType();
@@ -113,7 +113,7 @@
$quality = '';
$sharpen = '';
- $frame = '';
+ $scene = false;
$animation = '';
if ( $mimeType == 'image/jpeg' ) {
$quality = "-quality 80"; // 80%
@@ -127,7 +127,7 @@
if( $this->getImageArea( $image, $srcWidth,
$srcHeight ) > $wgMaxAnimatedGifArea ) {
// Extract initial frame only; we're so
big it'll
// be a total drag. :P
- $frame = '[0]';
+ $scene = 0;
} else {
// Coalesce is needed to scale animated
GIFs properly (bug 1017).
$animation = ' -coalesce ';
@@ -151,18 +151,16 @@
$tempEnv .
wfEscapeShellArg( $wgImageMagickConvertCommand
) .
" {$quality} -background white -size
{$physicalWidth} ".
- wfEscapeShellArg( $srcPath . $frame ) .
+ wfEscapeShellArg( $this->escapeMagickInput(
$srcPath, $scene ) ) .
$animation .
// For the -resize option a "!" is needed to
force exact size,
// or ImageMagick may decide your ratio is
wrong and slice off
// a pixel.
" -thumbnail " . wfEscapeShellArg(
"{$physicalWidth}x{$physicalHeight}!" ) .
- // Add the source url as a comment to the
thumb. A % is an
- // escape character in ImageMagick, so needs
escaping (bug 23148)
- //
http://www.imagemagick.org/script/escape.php?ImageMagick=i766ho1om315scce8eh75efjc6
- " -set comment " . wfEscapeShellArg(
str_replace( '%', '%%', $descriptionUrl ) ) .
+ // Add the source url as a comment to the
thumb.
+ " -set comment " . wfEscapeShellArg(
$this->escapeMagickProperty( $comment ) ) .
" -depth 8 $sharpen " .
- wfEscapeShellArg( $dstPath ) . " 2>&1";
+ wfEscapeShellArg( $this->escapeMagickOutput(
$dstPath ) ) . " 2>&1";
wfDebug( __METHOD__.": running ImageMagick: $cmd\n" );
wfProfileIn( 'convert' );
$err = wfShellExec( $cmd, $retval );
@@ -254,6 +252,90 @@
}
}
+ /**
+ * Escape a string for ImageMagick's property input (e.g. -set -comment)
+ * See InterpretImageProperties() in magick/property.c
+ */
+ function escapeMagickProperty( $s ) {
+ // Double the backslashes
+ $s = str_replace( '\\', '\\\\', $s );
+ // Double the percents
+ $s = str_replace( '%', '%%', $s );
+ // Escape initial - or @
+ if ( strlen( $s ) > 0 && ( $s[0] === '-' || $s[0] === '@' ) ) {
+ $s = '\\' . $s;
+ }
+ return $s;
+ }
+
+ /**
+ * Escape a string for ImageMagick's input filenames. See
ExpandFilenames()
+ * and GetPathComponent() in magick/utility.c.
+ *
+ * This won't work with an initial ~ or @, so input files should be
prefixed
+ * with the directory name.
+ *
+ * Glob character unescaping is broken in ImageMagick before 6.6.1-5,
but
+ * it's broken in a way that doesn't involve trying to convert every
file
+ * in a directory, so we're better off escaping and waiting for the
bugfix
+ * to filter down to users.
+ *
+ * @param $path string The file path
+ * @param $scene string The scene specification, or false if there is
none
+ */
+ function escapeMagickInput( $path, $scene = false ) {
+ # Die on initial metacharacters (caller should prepend path)
+ $firstChar = substr( $path, 0, 1 );
+ if ( $firstChar === '~' || $firstChar === '@' ) {
+ throw new MWException( __METHOD__.': cannot escape this
path name' );
+ }
+
+ # Escape glob chars
+ $path = preg_replace( '/[*?\[\]{}]/', '\\\\\0', $path );
+
+ return $this->escapeMagickPath( $path, $scene );
+ }
+
+ /**
+ * Escape a string for ImageMagick's output filename. See
+ * InterpretImageFilename() in magick/image.c.
+ */
+ function escapeMagickOutput( $path, $scene = false ) {
+ $path = str_replace( '%', '%%', $path );
+ return $this->escapeMagickPath( $path, $scene );
+ }
+
+ /**
+ * Armour a string against ImageMagick's GetPathComponent(). This is a
+ * helper function for escapeMagickInput() and escapeMagickOutput().
+ *
+ * @param $path string The file path
+ * @param $scene string The scene specification, or false if there is
none
+ */
+ protected function escapeMagickPath( $path, $scene = false ) {
+ # Die on format specifiers (other than drive letters). The
regex is
+ # meant to match all the formats you get from "convert -list
format"
+ if ( preg_match( '/^([a-zA-Z0-9-]+):/', $path, $m ) ) {
+ if ( wfIsWindows() && is_dir( $m[0] ) ) {
+ // OK, it's a drive letter
+ // ImageMagick has a similar exception, see
IsMagickConflict()
+ } else {
+ throw new MWException( __METHOD__.': unexpected
colon character in path name' );
+ }
+ }
+
+ # If there are square brackets, add a do-nothing scene
specification
+ # to force a literal interpretation
+ if ( $scene === false ) {
+ if ( strpos( $path, '[' ) !== false ) {
+ $path .= '[0--1]';
+ }
+ } else {
+ $path .= "[$scene]";
+ }
+ return $path;
+ }
+
static function imageJpegWrapper( $dst_image, $thumbPath ) {
imageinterlace( $dst_image );
imagejpeg( $dst_image, $thumbPath, 95 );
_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs
