james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/shish/shimmie2

Browse Source
This commit is contained in:
Shish 2018-02-20 22:23:58 +00:00
commit a6d84ad1d8
6 changed files with 141 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
composer.json
View File

@ -29,6 +29,7 @@
"ifixit/php-akismet" : "1.*",
"google/recaptcha" : "~1.1",
"dapphp/securimage" : "3.6.*",
"enshrined/svg-sanitize" : "0.8.2",
"bower-asset/jquery" : "1.12.3",
"bower-asset/jquery-timeago" : "1.5.2",

176
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"content-hash": "040335a85a560b3bdd3dcf55490c98a1",
"content-hash": "7f6f5b16df991e848ec468b49c856dea",
"packages": [
{
"name": "bower-asset/jquery",
@ -91,32 +91,32 @@
"source": {
"type": "git",
"url": "https://github.com/christianbach/tablesorter.git",
"reference": "774576308e8a25aa9d68b7fe3069b79543992d7a"
"reference": "07e0918254df3c2057d6d8e4653a0769f1881412"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/christianbach/tablesorter/zipball/774576308e8a25aa9d68b7fe3069b79543992d7a",
"reference": "774576308e8a25aa9d68b7fe3069b79543992d7a",
"url": "https://api.github.com/repos/christianbach/tablesorter/zipball/07e0918254df3c2057d6d8e4653a0769f1881412",
"reference": "07e0918254df3c2057d6d8e4653a0769f1881412",
"shasum": null
},
"type": "bower-asset",
"license": [
"MIT,GPL"
],
"time": "2015-12-03T01:22:52+00:00"
"time": "2017-12-20T18:16:21+00:00"
},
{
"name": "dapphp/securimage",
"version": "3.6.5",
"version": "3.6.6",
"source": {
"type": "git",
"url": "https://github.com/dapphp/securimage.git",
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802"
"reference": "6eea2798f56540fa88356c98f282d6391a72be15"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/3f5a84fd80b1a35d58332896c944142713a7e802",
"reference": "3f5a84fd80b1a35d58332896c944142713a7e802",
"url": "https://api.github.com/repos/dapphp/securimage/zipball/6eea2798f56540fa88356c98f282d6391a72be15",
"reference": "6eea2798f56540fa88356c98f282d6391a72be15",
"shasum": ""
},
"require": {
@ -150,7 +150,44 @@
"captcha",
"security"
],
"time": "2016-12-04T17:45:57+00:00"
"time": "2017-11-21T02:29:19+00:00"
},
{
"name": "enshrined/svg-sanitize",
"version": "0.8.2",
"source": {
"type": "git",
"url": "https://github.com/darylldoyle/svg-sanitizer.git",
"reference": "432fc4fc7e95b8a866790ba27e35076b9dd96ebe"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/darylldoyle/svg-sanitizer/zipball/432fc4fc7e95b8a866790ba27e35076b9dd96ebe",
"reference": "432fc4fc7e95b8a866790ba27e35076b9dd96ebe",
"shasum": ""
},
"require-dev": {
"codeclimate/php-test-reporter": "^0.1.2",
"phpunit/phpunit": "^4.7"
},
"type": "library",
"autoload": {
"psr-4": {
"enshrined\\svgSanitize\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"GPL-2.0+"
],
"authors": [
{
"name": "Daryll Doyle",
"email": "daryll@enshrined.co.uk"
}
],
"description": "An SVG sanitizer for PHP",
"time": "2017-12-06T15:31:26+00:00"
},
{
"name": "flexihash/flexihash",
@ -318,37 +355,40 @@
},
{
"name": "myclabs/deep-copy",
"version": "1.x-dev",
"version": "1.7.0",
"source": {
"type": "git",
"url": "https://github.com/myclabs/DeepCopy.git",
"reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102"
"reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/8e6e04167378abf1ddb4d3522d8755c5fd90d102",
"reference": "8e6e04167378abf1ddb4d3522d8755c5fd90d102",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
"reference": "3b8a3a99ba1f6a3952ac2747d989303cbd6b7a3e",
"shasum": ""
},
"require": {
"php": ">=5.4.0"
"php": "^5.6 || ^7.0"
},
"require-dev": {
"doctrine/collections": "1.*",
"phpunit/phpunit": "~4.1"
"doctrine/collections": "^1.0",
"doctrine/common": "^2.6",
"phpunit/phpunit": "^4.1"
},
"type": "library",
"autoload": {
"psr-4": {
"DeepCopy\\": "src/DeepCopy/"
}
},
"files": [
"src/DeepCopy/deep_copy.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "Create deep copies (clones) of your objects",
"homepage": "https://github.com/myclabs/DeepCopy",
"keywords": [
"clone",
"copy",
@ -356,11 +396,11 @@
"object",
"object graph"
],
"time": "2017-04-12T18:52:22+00:00"
"time": "2017-10-19T19:58:43+00:00"
},
{
"name": "phpdocumentor/reflection-common",
"version": "dev-master",
"version": "1.0.1",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionCommon.git",
@ -414,22 +454,22 @@
},
{
"name": "phpdocumentor/reflection-docblock",
"version": "3.2.2",
"version": "3.3.2",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
"reference": "4aada1f93c72c35e22fb1383b47fee43b8f1d157"
"reference": "bf329f6c1aadea3299f08ee804682b7c45b326a2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/4aada1f93c72c35e22fb1383b47fee43b8f1d157",
"reference": "4aada1f93c72c35e22fb1383b47fee43b8f1d157",
"url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/bf329f6c1aadea3299f08ee804682b7c45b326a2",
"reference": "bf329f6c1aadea3299f08ee804682b7c45b326a2",
"shasum": ""
},
"require": {
"php": ">=5.5",
"phpdocumentor/reflection-common": "^1.0@dev",
"phpdocumentor/type-resolver": "^0.3.0",
"php": "^5.6 || ^7.0",
"phpdocumentor/reflection-common": "^1.0.0",
"phpdocumentor/type-resolver": "^0.4.0",
"webmozart/assert": "^1.0"
},
"require-dev": {
@ -455,20 +495,20 @@
}
],
"description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
"time": "2017-08-08T06:39:58+00:00"
"time": "2017-11-10T14:09:06+00:00"
},
{
"name": "phpdocumentor/type-resolver",
"version": "0.3.0",
"version": "0.4.0",
"source": {
"type": "git",
"url": "https://github.com/phpDocumentor/TypeResolver.git",
"reference": "fb3933512008d8162b3cdf9e18dba9309b7c3773"
"reference": "9c977708995954784726e25d0cd1dddf4e65b0f7"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/fb3933512008d8162b3cdf9e18dba9309b7c3773",
"reference": "fb3933512008d8162b3cdf9e18dba9309b7c3773",
"url": "https://api.github.com/repos/phpDocumentor/TypeResolver/zipball/9c977708995954784726e25d0cd1dddf4e65b0f7",
"reference": "9c977708995954784726e25d0cd1dddf4e65b0f7",
"shasum": ""
},
"require": {
@ -502,7 +542,7 @@
"email": "me@mikevanriel.com"
}
],
"time": "2017-06-03T08:32:36+00:00"
"time": "2017-07-14T14:27:02+00:00"
},
{
"name": "phpspec/prophecy",
@ -510,12 +550,12 @@
"source": {
"type": "git",
"url": "https://github.com/phpspec/prophecy.git",
"reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6"
"reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpspec/prophecy/zipball/c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6",
"reference": "c9b8c6088acd19d769d4cc0ffa60a9fe34344bd6",
"url": "https://api.github.com/repos/phpspec/prophecy/zipball/dfd6be44111a7c41c2e884a336cc4f461b3b2401",
"reference": "dfd6be44111a7c41c2e884a336cc4f461b3b2401",
"shasum": ""
},
"require": {
@ -527,7 +567,7 @@
},
"require-dev": {
"phpspec/phpspec": "^2.5|^3.2",
"phpunit/phpunit": "^4.8 || ^5.6.5"
"phpunit/phpunit": "^4.8.35 || ^5.7 || ^6.5"
},
"type": "library",
"extra": {
@ -565,7 +605,7 @@
"spy",
"stub"
],
"time": "2017-09-04T11:05:03+00:00"
"time": "2018-02-19T10:16:54+00:00"
},
{
"name": "phpunit/php-code-coverage",
@ -632,16 +672,16 @@
},
{
"name": "phpunit/php-file-iterator",
"version": "dev-master",
"version": "1.4.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-file-iterator.git",
"reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5"
"reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/3cc8f69b3028d0f96a9078e6295d86e9bf019be5",
"reference": "3cc8f69b3028d0f96a9078e6295d86e9bf019be5",
"url": "https://api.github.com/repos/sebastianbergmann/php-file-iterator/zipball/730b01bc3e867237eaac355e06a36b85dd93a8b4",
"reference": "730b01bc3e867237eaac355e06a36b85dd93a8b4",
"shasum": ""
},
"require": {
@ -675,7 +715,7 @@
"filesystem",
"iterator"
],
"time": "2016-10-03T07:40:28+00:00"
"time": "2017-11-27T13:52:08+00:00"
},
{
"name": "phpunit/php-text-template",
@ -720,16 +760,16 @@
},
{
"name": "phpunit/php-timer",
"version": "dev-master",
"version": "1.0.x-dev",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-timer.git",
"reference": "d107f347d368dd8a384601398280c7c608390ab7"
"reference": "9513098641797ce5f459dbc1de5a54c29b0ec1fb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/d107f347d368dd8a384601398280c7c608390ab7",
"reference": "d107f347d368dd8a384601398280c7c608390ab7",
"url": "https://api.github.com/repos/sebastianbergmann/php-timer/zipball/9513098641797ce5f459dbc1de5a54c29b0ec1fb",
"reference": "9513098641797ce5f459dbc1de5a54c29b0ec1fb",
"shasum": ""
},
"require": {
@ -765,7 +805,7 @@
"keywords": [
"timer"
],
"time": "2017-03-07T15:42:04+00:00"
"time": "2018-01-06T05:27:16+00:00"
},
{
"name": "phpunit/php-token-stream",
@ -773,12 +813,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-token-stream.git",
"reference": "958103f327daef5dd0bb328dec53e0a9e43cfaf7"
"reference": "58bd196ce8bc49389307b3787934a5117db80fea"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/958103f327daef5dd0bb328dec53e0a9e43cfaf7",
"reference": "958103f327daef5dd0bb328dec53e0a9e43cfaf7",
"url": "https://api.github.com/repos/sebastianbergmann/php-token-stream/zipball/58bd196ce8bc49389307b3787934a5117db80fea",
"reference": "58bd196ce8bc49389307b3787934a5117db80fea",
"shasum": ""
},
"require": {
@ -814,7 +854,7 @@
"keywords": [
"tokenizer"
],
"time": "2017-03-07T08:21:50+00:00"
"time": "2017-12-04T15:11:28+00:00"
},
{
"name": "phpunit/phpunit",
@ -822,12 +862,12 @@
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/phpunit.git",
"reference": "4eba3374803c6c0903145e8940844e6f1d665c07"
"reference": "b7803aeca3ccb99ad0a506fa80b64cd6a56bbc0c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/4eba3374803c6c0903145e8940844e6f1d665c07",
"reference": "4eba3374803c6c0903145e8940844e6f1d665c07",
"url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/b7803aeca3ccb99ad0a506fa80b64cd6a56bbc0c",
"reference": "b7803aeca3ccb99ad0a506fa80b64cd6a56bbc0c",
"shasum": ""
},
"require": {
@ -851,8 +891,8 @@
"sebastian/global-state": "^1.1",
"sebastian/object-enumerator": "~2.0",
"sebastian/resource-operations": "~1.0",
"sebastian/version": "~1.0.3|~2.0",
"symfony/yaml": "~2.1|~3.0"
"sebastian/version": "^1.0.6|^2.0.1",
"symfony/yaml": "~2.1|~3.0|~4.0"
},
"conflict": {
"phpdocumentor/reflection-docblock": "3.0.2"
@ -896,7 +936,7 @@
"testing",
"xunit"
],
"time": "2017-09-01T08:38:37+00:00"
"time": "2018-02-01T05:50:59+00:00"
},
{
"name": "phpunit/phpunit-mock-objects",
@ -1429,7 +1469,7 @@
},
{
"name": "sebastian/version",
"version": "dev-master",
"version": "2.0.1",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/version.git",
@ -1476,12 +1516,12 @@
"source": {
"type": "git",
"url": "https://github.com/symfony/yaml.git",
"reference": "a0e15688972f012156cf1ffa076fe1203bce6bc9"
"reference": "6af42631dcf89e9c616242c900d6c52bd53bd1bb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/yaml/zipball/a0e15688972f012156cf1ffa076fe1203bce6bc9",
"reference": "a0e15688972f012156cf1ffa076fe1203bce6bc9",
"url": "https://api.github.com/repos/symfony/yaml/zipball/6af42631dcf89e9c616242c900d6c52bd53bd1bb",
"reference": "6af42631dcf89e9c616242c900d6c52bd53bd1bb",
"shasum": ""
},
"require": {
@ -1526,7 +1566,7 @@
],
"description": "Symfony Yaml Component",
"homepage": "https://symfony.com",
"time": "2017-09-17T10:10:45+00:00"
"time": "2018-02-16T09:50:28+00:00"
},
{
"name": "webmozart/assert",
@ -1534,12 +1574,12 @@
"source": {
"type": "git",
"url": "https://github.com/webmozart/assert.git",
"reference": "4a8bf11547e139e77b651365113fc12850c43d9a"
"reference": "0df1908962e7a3071564e857d86874dad1ef204a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/webmozart/assert/zipball/4a8bf11547e139e77b651365113fc12850c43d9a",
"reference": "4a8bf11547e139e77b651365113fc12850c43d9a",
"url": "https://api.github.com/repos/webmozart/assert/zipball/0df1908962e7a3071564e857d86874dad1ef204a",
"reference": "0df1908962e7a3071564e857d86874dad1ef204a",
"shasum": ""
},
"require": {
@ -1576,7 +1616,7 @@
"check",
"validate"
],
"time": "2016-11-23T20:04:41+00:00"
"time": "2018-01-29T19:49:41+00:00"
}
],
"aliases": [],

2
core/sys_config.inc.php
View File

@ -36,7 +36,7 @@ _d("COMPILE_ELS", false); // boolean pre-build the list of event listeners
_d("NICE_URLS", false); // boolean force niceurl mode
_d("SEARCH_ACCEL", false); // boolean use search accelerator
_d("WH_SPLITS", 1); // int how many levels of subfolders to put in the warehouse
_d("VERSION", '2.6.1'); // string shimmie version
_d("VERSION", '2.6.2'); // string shimmie version
_d("TIMEZONE", null); // string timezone
_d("CORE_EXTS", "bbcode,user,mail,upload,image,view,handle_pixel,ext_manager,setup,upgrade,handle_404,comment,tag_list,index,tag_edit,alias_editor"); // extensions to always enable
_d("EXTRA_EXTS", ""); // string optional extra extensions

17
ext/handle_svg/main.php
View File

@ -6,11 +6,19 @@
* Description: Handle static SVG files. (No thumbnail is generated for SVG files)
*/
use enshrined\svgSanitize\Sanitizer;
class SVGFileHandler extends Extension {
public function onDataUpload(DataUploadEvent $event) {
if($this->supported_ext($event->type) && $this->check_contents($event->tmpname)) {
$hash = $event->hash;
move_upload_to_archive($event);
$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$dirtySVG = file_get_contents($event->tmpname);
$cleanSVG = $sanitizer->sanitize($dirtySVG);
file_put_contents(warehouse_path("images", $hash), $cleanSVG);
send_event(new ThumbnailGenerationEvent($event->hash, $event->type));
$image = $this->create_image_from_data(warehouse_path("images", $hash), $event->metadata);
if(is_null($image)) {
@ -46,7 +54,12 @@ class SVGFileHandler extends Extension {
$page->set_type("image/svg+xml");
$page->set_mode("data");
$page->set_data(file_get_contents(warehouse_path("images", $hash)));
$sanitizer = new Sanitizer();
$sanitizer->removeRemoteReferences(true);
$dirtySVG = file_get_contents(warehouse_path("images", $hash));
$cleanSVG = $sanitizer->sanitize($dirtySVG);
$page->set_data($cleanSVG);
}
}

8
ext/handle_svg/test.php
View File

@ -10,5 +10,13 @@ class SVGHandlerTest extends ShimmiePHPUnitTestCase {
# FIXME: test that the thumb works
# FIXME: test that it gets displayed properly
}
public function testAbuiveSVG() {
$this->log_in_as_user();
$image_id = $this->post_image("tests/alert.svg", "something");
$this->get_page("post/view/$image_id");
$this->get_page("get_svg/$image_id");
$this->assert_no_content("script");
}
}

8
tests/alert.svg Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" width="100" height="100">
<polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
<script type="text/javascript">
alert(document.location);
</script>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 411 B