diff --git a/REVISION.md b/REVISION.md index 4d28438..4025c1b 100644 --- a/REVISION.md +++ b/REVISION.md @@ -5,9 +5,10 @@ Revision history [![Build Status](https://scrutinizer-ci.com/g/mosbth/cimage/badges/build.png?b=master)](https://scrutinizer-ci.com/g/mosbth/cimage/build-status/master) -v0.7.9* (2015-12-07) +v0.7.10 (2016-04-01) ------------------------------------- +* Add backup option for images `src-alt`, #141. * Add require of ext-gd in composer.json, #133. * Fix strict mode only reporting 404 when failure, #127. diff --git a/webroot/img.php b/webroot/img.php index 6d06284..dc2faed 100644 --- a/webroot/img.php +++ b/webroot/img.php @@ -409,18 +409,28 @@ if (isset($shortcut) $srcImage = urldecode(get('src')) or errorPage('Must set src-attribute.', 404); +// Get settings for src-alt as backup image +$srcAltImage = urldecode(get('src-alt', null)); +$srcAltConfig = getConfig('src_alt', null); +if (empty($srcAltImage)) { + $srcAltImage = $srcAltConfig; +} + // Check for valid/invalid characters $imagePath = getConfig('image_path', __DIR__ . '/img/'); $imagePathConstraint = getConfig('image_path_constraint', true); $validFilename = getConfig('valid_filename', '#^[a-z0-9A-Z-/_ \.:]+$#'); +// Source is remote +$remoteSource = false; + // Dummy image feature $dummyEnabled = getConfig('dummy_enabled', true); $dummyFilename = getConfig('dummy_filename', 'dummy'); $dummyImage = false; preg_match($validFilename, $srcImage) - or errorPage('Filename contains invalid characters.', 404); + or errorPage('Source filename contains invalid characters.', 404); if ($dummyEnabled && $srcImage === $dummyFilename) { @@ -430,19 +440,40 @@ if ($dummyEnabled && $srcImage === $dummyFilename) { } elseif ($allowRemote && $img->isRemoteSource($srcImage)) { // If source is a remote file, ignore local file checks. + $remoteSource = true; -} elseif ($imagePathConstraint) { +} else { - // Check that the image is a file below the directory 'image_path'. + // Check if file exists on disk or try using src-alt $pathToImage = realpath($imagePath . $srcImage); - $imageDir = realpath($imagePath); - is_file($pathToImage) - or errorPage( - 'Source image is not a valid file, check the filename and that a - matching file exists on the filesystem.', - 404 - ); + if (!is_file($pathToImage) && !empty($srcAltImage)) { + // Try using the src-alt instead + $srcImage = $srcAltImage; + $pathToImage = realpath($imagePath . $srcImage); + + preg_match($validFilename, $srcImage) + or errorPage('Source (alt) filename contains invalid characters.', 404); + + if ($dummyEnabled && $srcImage === $dummyFilename) { + // Check if src-alt is the dummy image + $dummyImage = true; + } + } + + if (!$dummyImage) { + is_file($pathToImage) + or errorPage( + 'Source image is not a valid file, check the filename and that a + matching file exists on the filesystem.', + 404 + ); + } +} + +if ($imagePathConstraint && !$dummyImage && !$remoteSource) { + // Check that the image is a file below the directory 'image_path'. + $imageDir = realpath($imagePath); substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0 or errorPage( diff --git a/webroot/img_config.php b/webroot/img_config.php index b91b7e9..4ca4e69 100644 --- a/webroot/img_config.php +++ b/webroot/img_config.php @@ -98,6 +98,20 @@ return array( + /** + * Use backup image if src-image is not found on disk. The backup image + * is only available for local images and based on wether the original + * image is found on disk or not. The backup image must be a local image + * or the dummy image. + * + * Default value: + * src_alt: null //disabled by default + */ + //'src_alt' => 'car.png', + //'src_alt' => 'dummy', + + + /** * A regexp for validating characters in the image or alias filename. * @@ -188,7 +202,8 @@ return array( /** * Check that the imagefile is a file below 'image_path' using realpath(). * Security constraint to avoid reaching images outside image_path. - * This means that symbolic links to images outside the image_path will fail. + * This means that symbolic links to images outside the image_path will + * fail. * * Default value: * image_path_constraint: true