OrangeD wrote: >> it is in no way security problem. Please, prove me >> > > wrong :) > > Maybe you're right, I actually didn't look that intensive on your code > (I only saw "exec" and become afraid...). Nevertheless, it's easy to > limit the maximum upload filesize. But what happens if I enter an URL > that points to a 1GB png? I can also enter any URL I want - not only > images. Your machine would request it. So anyone could use your > machine to start attacks against others without leaving traces on the > attacked machine. However, that's maybe another problem - you should > never let the user enter an URL that your machine requests. I don't > know if this was your intention, but I'm sure that some others would > do that. Anyway, this discussion does not belong here ;) > > >> About the why one thing is supported by the sfImageMagick adapter and >> not by the GD one - this did not stop from implementing toString() for >> the GD adapter and not for the ImageMagick, right? >> > > Ok, ok. You convinced me. > > > > > >
I am sorry but you do not make sense to me. Just talking by heart here
about remote attacks and such makes no sense at all. First the examples
I gave for a usage of a URL as a source was Amazon items API and
Flickr. There you should not worry about any problems with the URL and
unless the file is valid you will get an exception from the
sfThumbnailPlugin. You are most likely talking about people entering the
URL through a form and then your script to download the image and create
a thumbnail. Also no problem there.
I agree with the guy who suggested the use of sfWebBrowser and that
makes perfect sense, I just did not put 2 and 2 together :)
So here is the new plugin which uses sfWebBrowser to fetch the file and
if not available, throws an exception.
Also I implemented the toString() method for sfImageMagickAdapter. Btw,
the sfImageMagickAdapter was ignoring the mime type passed to it. So if
I call $thumbnail->save('hello.jpg', 'image/png'), it will still save it
in jpg format. Maybe minor but was required for implementing the
toString() method.
[php]
public function executeIndex()
{
$thumbnail = new sfThumbnail(150, 150, false, true, 75,
'sfImageMagickAdapter', array('convert' => '/usr/local/bin/convert',
'method' => 'shave_bottom'));
$thumbnail->loadFile('http://www.walkerbooks.co.uk/assets_walker/dynamic/1172005677146.png');
$this->getResponse()->clearHttpHeaders();
$this->getResponse()->setHttpHeader('Content-Type', 'image/jpeg');
return $this->renderText($thumbnail->toString('image/jpeg'));
}
[/php]
Best,
Kupo
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
sfThumbnailPlugin-1.5.0.tgz
Description: GNU Zip compressed data
