prepare to merge master

Add GD extension to the composer requiremets

REVISION.md

@@ -5,6 +5,14 @@ Revision history
 [![Build Status](https://scrutinizer-ci.com/g/mosbth/cimage/badges/build.png?b=master)](https://scrutinizer-ci.com/g/mosbth/cimage/build-status/master)
 
 
+v0.7.10 (2016-04-01)
+-------------------------------------
+
+* Add backup option for images `src-alt`, #141.
+* Add require of ext-gd in composer.json, #133.
+* Fix strict mode only reporting 404 when failure, #127.
+
+
 v0.7.9 (2015-12-07)
 -------------------------------------
 

composer.json

@@ -18,7 +18,11 @@
         "docs": "http://dbwebb.se/opensource/cimage"
     },
     "require": {
-        "php": ">=5.3"
+        "php": ">=5.3",
+        "ext-gd": "*"
+    },
+    "suggest": {
+        "ext-exif": "*"
     },
     "autoload": {
         "classmap": [

webroot/img.php

@@ -8,7 +8,7 @@
  *
  */
 
-$version = "v0.7.9 (2015-12-07)";
+$version = "v0.7.9* (2015-12-07)";
 
 // For CRemoteImage
 define("CIMAGE_USER_AGENT", "CImage/$version");
@@ -38,16 +38,16 @@ function errorPage($msg, $type = 500)
             $header = "500 Internal Server Error";
     }
 
+    if ($mode == "strict") {
+        $header = "404 Not Found";
+    }
+
     header("HTTP/1.0 $header");
 
     if ($mode == "development") {
         die("[img.php] $msg");
     }
 
-    if ($mode == "strict") {
-        $header = "404 Not Found";
-    }
-
     error_log("[img.php] $msg");
     die("HTTP/1.0 $header");
 }
@@ -409,18 +409,28 @@ if (isset($shortcut)
 $srcImage = urldecode(get('src'))
     or errorPage('Must set src-attribute.', 404);
 
+// Get settings for src-alt as backup image
+$srcAltImage = urldecode(get('src-alt', null));
+$srcAltConfig = getConfig('src_alt', null);
+if (empty($srcAltImage)) {
+    $srcAltImage = $srcAltConfig;
+}
+
 // Check for valid/invalid characters
 $imagePath           = getConfig('image_path', __DIR__ . '/img/');
 $imagePathConstraint = getConfig('image_path_constraint', true);
 $validFilename       = getConfig('valid_filename', '#^[a-z0-9A-Z-/_ \.:]+$#');
 
+// Source is remote
+$remoteSource = false;
+
 // Dummy image feature
 $dummyEnabled  = getConfig('dummy_enabled', true);
 $dummyFilename = getConfig('dummy_filename', 'dummy');
 $dummyImage = false;
 
 preg_match($validFilename, $srcImage)
-    or errorPage('Filename contains invalid characters.', 404);
+    or errorPage('Source filename contains invalid characters.', 404);
 
 if ($dummyEnabled && $srcImage === $dummyFilename) {
 
@@ -430,19 +440,40 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
 } elseif ($allowRemote && $img->isRemoteSource($srcImage)) {
 
     // If source is a remote file, ignore local file checks.
+    $remoteSource = true;
 
-} elseif ($imagePathConstraint) {
+} else {
 
-    // Check that the image is a file below the directory 'image_path'.
+    // Check if file exists on disk or try using src-alt
     $pathToImage = realpath($imagePath . $srcImage);
-    $imageDir    = realpath($imagePath);
 
-    is_file($pathToImage)
+    if (!is_file($pathToImage) && !empty($srcAltImage)) {
-        or errorPage(
+        // Try using the src-alt instead
-            'Source image is not a valid file, check the filename and that a
+        $srcImage = $srcAltImage;
-            matching file exists on the filesystem.',
+        $pathToImage = realpath($imagePath . $srcImage);
-            404
+
-        );
+        preg_match($validFilename, $srcImage)
+            or errorPage('Source (alt) filename contains invalid characters.', 404);
+
+        if ($dummyEnabled && $srcImage === $dummyFilename) {
+            // Check if src-alt is the dummy image
+            $dummyImage = true;
+        }
+    }
+
+    if (!$dummyImage) {
+        is_file($pathToImage)
+            or errorPage(
+                'Source image is not a valid file, check the filename and that a
+                matching file exists on the filesystem.',
+                404
+            );
+    } 
+}
+
+if ($imagePathConstraint && !$dummyImage && !$remoteSource) {
+    // Check that the image is a file below the directory 'image_path'.
+    $imageDir = realpath($imagePath);
 
     substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
         or errorPage(

webroot/img_config.php

@@ -98,6 +98,20 @@ return array(
 
 
 
+    /**
+     * Use backup image if src-image is not found on disk. The backup image
+     * is only available for local images and based on wether the original
+     * image is found on disk or not. The backup image must be a local image
+     * or the dummy image.
+     *
+     * Default value:
+     *  src_alt:  null //disabled by default
+     */
+     //'src_alt' => 'car.png',
+     //'src_alt' => 'dummy',
+
+
+
     /**
      * A regexp for validating characters in the image or alias filename.
      *
@@ -188,7 +202,8 @@ return array(
      /**
      * Check that the imagefile is a file below 'image_path' using realpath().
      * Security constraint to avoid reaching images outside image_path.
-     * This means that symbolic links to images outside the image_path will fail.
+     * This means that symbolic links to images outside the image_path will
+     * fail.
      *
      * Default value:
      *  image_path_constraint: true

webroot/imgd.php

@@ -3817,7 +3817,7 @@ class CCache
  *
  */
 
-$version = "v0.7.9 (2015-12-07)";
+$version = "v0.7.9* (2015-12-07)";
 
 // For CRemoteImage
 define("CIMAGE_USER_AGENT", "CImage/$version");
@@ -3847,16 +3847,16 @@ function errorPage($msg, $type = 500)
             $header = "500 Internal Server Error";
     }
 
+    if ($mode == "strict") {
+        $header = "404 Not Found";
+    }
+
     header("HTTP/1.0 $header");
 
     if ($mode == "development") {
         die("[img.php] $msg");
     }
 
-    if ($mode == "strict") {
-        $header = "404 Not Found";
-    }
-
     error_log("[img.php] $msg");
     die("HTTP/1.0 $header");
 }
@@ -4218,18 +4218,28 @@ if (isset($shortcut)
 $srcImage = urldecode(get('src'))
     or errorPage('Must set src-attribute.', 404);
 
+// Get settings for src-alt as backup image
+$srcAltImage = urldecode(get('src-alt', null));
+$srcAltConfig = getConfig('src_alt', null);
+if (empty($srcAltImage)) {
+    $srcAltImage = $srcAltConfig;
+}
+
 // Check for valid/invalid characters
 $imagePath           = getConfig('image_path', __DIR__ . '/img/');
 $imagePathConstraint = getConfig('image_path_constraint', true);
 $validFilename       = getConfig('valid_filename', '#^[a-z0-9A-Z-/_ \.:]+$#');
 
+// Source is remote
+$remoteSource = false;
+
 // Dummy image feature
 $dummyEnabled  = getConfig('dummy_enabled', true);
 $dummyFilename = getConfig('dummy_filename', 'dummy');
 $dummyImage = false;
 
 preg_match($validFilename, $srcImage)
-    or errorPage('Filename contains invalid characters.', 404);
+    or errorPage('Source filename contains invalid characters.', 404);
 
 if ($dummyEnabled && $srcImage === $dummyFilename) {
 
@@ -4239,19 +4249,40 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
 } elseif ($allowRemote && $img->isRemoteSource($srcImage)) {
 
     // If source is a remote file, ignore local file checks.
+    $remoteSource = true;
 
-} elseif ($imagePathConstraint) {
+} else {
 
-    // Check that the image is a file below the directory 'image_path'.
+    // Check if file exists on disk or try using src-alt
     $pathToImage = realpath($imagePath . $srcImage);
-    $imageDir    = realpath($imagePath);
 
-    is_file($pathToImage)
+    if (!is_file($pathToImage) && !empty($srcAltImage)) {
-        or errorPage(
+        // Try using the src-alt instead
-            'Source image is not a valid file, check the filename and that a
+        $srcImage = $srcAltImage;
-            matching file exists on the filesystem.',
+        $pathToImage = realpath($imagePath . $srcImage);
-            404
+
-        );
+        preg_match($validFilename, $srcImage)
+            or errorPage('Source (alt) filename contains invalid characters.', 404);
+
+        if ($dummyEnabled && $srcImage === $dummyFilename) {
+            // Check if src-alt is the dummy image
+            $dummyImage = true;
+        }
+    }
+
+    if (!$dummyImage) {
+        is_file($pathToImage)
+            or errorPage(
+                'Source image is not a valid file, check the filename and that a
+                matching file exists on the filesystem.',
+                404
+            );
+    } 
+}
+
+if ($imagePathConstraint && !$dummyImage && !$remoteSource) {
+    // Check that the image is a file below the directory 'image_path'.
+    $imageDir = realpath($imagePath);
 
     substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
         or errorPage(

webroot/imgp.php

@@ -3817,7 +3817,7 @@ class CCache
  *
  */
 
-$version = "v0.7.9 (2015-12-07)";
+$version = "v0.7.9* (2015-12-07)";
 
 // For CRemoteImage
 define("CIMAGE_USER_AGENT", "CImage/$version");
@@ -3847,16 +3847,16 @@ function errorPage($msg, $type = 500)
             $header = "500 Internal Server Error";
     }
 
+    if ($mode == "strict") {
+        $header = "404 Not Found";
+    }
+
     header("HTTP/1.0 $header");
 
     if ($mode == "development") {
         die("[img.php] $msg");
     }
 
-    if ($mode == "strict") {
-        $header = "404 Not Found";
-    }
-
     error_log("[img.php] $msg");
     die("HTTP/1.0 $header");
 }
@@ -4218,18 +4218,28 @@ if (isset($shortcut)
 $srcImage = urldecode(get('src'))
     or errorPage('Must set src-attribute.', 404);
 
+// Get settings for src-alt as backup image
+$srcAltImage = urldecode(get('src-alt', null));
+$srcAltConfig = getConfig('src_alt', null);
+if (empty($srcAltImage)) {
+    $srcAltImage = $srcAltConfig;
+}
+
 // Check for valid/invalid characters
 $imagePath           = getConfig('image_path', __DIR__ . '/img/');
 $imagePathConstraint = getConfig('image_path_constraint', true);
 $validFilename       = getConfig('valid_filename', '#^[a-z0-9A-Z-/_ \.:]+$#');
 
+// Source is remote
+$remoteSource = false;
+
 // Dummy image feature
 $dummyEnabled  = getConfig('dummy_enabled', true);
 $dummyFilename = getConfig('dummy_filename', 'dummy');
 $dummyImage = false;
 
 preg_match($validFilename, $srcImage)
-    or errorPage('Filename contains invalid characters.', 404);
+    or errorPage('Source filename contains invalid characters.', 404);
 
 if ($dummyEnabled && $srcImage === $dummyFilename) {
 
@@ -4239,19 +4249,40 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
 } elseif ($allowRemote && $img->isRemoteSource($srcImage)) {
 
     // If source is a remote file, ignore local file checks.
+    $remoteSource = true;
 
-} elseif ($imagePathConstraint) {
+} else {
 
-    // Check that the image is a file below the directory 'image_path'.
+    // Check if file exists on disk or try using src-alt
     $pathToImage = realpath($imagePath . $srcImage);
-    $imageDir    = realpath($imagePath);
 
-    is_file($pathToImage)
+    if (!is_file($pathToImage) && !empty($srcAltImage)) {
-        or errorPage(
+        // Try using the src-alt instead
-            'Source image is not a valid file, check the filename and that a
+        $srcImage = $srcAltImage;
-            matching file exists on the filesystem.',
+        $pathToImage = realpath($imagePath . $srcImage);
-            404
+
-        );
+        preg_match($validFilename, $srcImage)
+            or errorPage('Source (alt) filename contains invalid characters.', 404);
+
+        if ($dummyEnabled && $srcImage === $dummyFilename) {
+            // Check if src-alt is the dummy image
+            $dummyImage = true;
+        }
+    }
+
+    if (!$dummyImage) {
+        is_file($pathToImage)
+            or errorPage(
+                'Source image is not a valid file, check the filename and that a
+                matching file exists on the filesystem.',
+                404
+            );
+    } 
+}
+
+if ($imagePathConstraint && !$dummyImage && !$remoteSource) {
+    // Check that the image is a file below the directory 'image_path'.
+    $imageDir = realpath($imagePath);
 
     substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
         or errorPage(