diff included: exec/php-ext version detection and imagetragick bugs

  • Resolved az6667

    (@az6667)


    10 years ago

    Hi,

    Two bugs. Diff attached against 1.4.4 version. Minimal changes.

    1. This affects users who have both imagemagick (cli/exec) and imagick (php-extension) available, but the versions differ. This is the case in e.g. cloudlinux on Centos 6,
    Due to the way and order in which imagemagick (cli/exec) and imagick (php-extension) versions are detected and stored for later use, you can end up in a scenario where you have selected ‘exec’, but the options during generation are based upon a stored version detected from ‘imagick’.
    The opposite can also occur, since this plugin will use different methods (exec or php-extension) of version detection first during plugin activation, upload, and settings save.
    If you find that deactivating/reactivating the plugin without saving settings, followed by a regeneration solves issues for you, this may be a situation you are in.
    To resolve, this patch will redetect the version of imagemagick / imagick prior to generation, based upon the method you are using (exec / php-extension).

    2. Default ImageMagick policy settings have changed in many distributions, following the ‘ImageTragick’ vulnerability (CVE-2016–3714). This means that the newly added icc conversion options for CMYK pdfs will cause a policy failure, since they use the HTTP url to the icc/icm files, rather than a system path. This patch uses plugin_dir_path instead of plugins_url.

    --- a/pdf-image-generator.php	2016-05-16 16:08:35.000000000 +1000
+++ b/pdf-image-generator.php	2016-05-16 16:13:19.000000000 +1000
@@ -318,6 +318,8 @@
 		$file_basename = apply_filters( 'pigen_filter_convert_file_basename', $file_basename );
 		$file_url = str_replace( basename($file), $file_basename, $file );
 		if ( $verify_imagick == 'imagick' ) { // imagick API
+			$version = $this->pigen_imagick_ver();
+			$version = ( !empty($version) ? $version : '' );
 			try {
 				$imagick = new imagick();
 				if ( $property ) {
@@ -382,6 +384,9 @@
 				$file_url = false;
 			}
 		} else { // imageMagick
+			$version = $this->pigen_imageMagick_ver();
+			$version = ( !empty($version) ? $version : '' );
+
 			if ( version_compare($version,'6.7.5') < 0 ) $alphaoff = "-flatten"; else $alphaoff = "-alpha remove";
 			if ( version_compare($version,'6.7.7') < 0 ) $density = "-density 72"; else $density = "-density 300 -set units PixelsPerInch"; 

@@ -391,10 +396,10 @@
 				// if ( version_compare($version,'6.8.7.2' ) >= 0 {
 				// 	$get_icc = exec("identify -format %[profile:icc] {$file}[0]", $output, $return);
 				// }
-				$plugins_url = plugins_url( '', __FILE__ );
+				$plugin_dir_path = plugin_dir_path( __FILE__ );

 				if( strpos($get_color,'cmyk') !== false || strpos($get_color,'CMYK') !== false ){
-					$colorspace = "-strip -profile ".$plugins_url."/iccprofiles/GenericCMYK.icm -profile ".$plugins_url."/iccprofiles/sRGB_ICC_v4_appearance_beta_displayclass.icc -colorspace sRGB";
+					$colorspace = "-strip -profile ".$plugin_dir_path."/iccprofiles/GenericCMYK.icm -profile ".$plugin_dir_path."/iccprofiles/sRGB_ICC_v4_appearance_beta_displayclass.icc -colorspace sRGB";
 				}
 			}
 			if ( $property ) {

    https://wordpress.org/plugins/pdf-image-generator/

Viewing 1 replies (of 1 total)
  • Plugin Author Mizuho Ogino

    (@fishpie)

    10 years ago

    Hi,
    it’s really great advice and I learned a lot from it.

    I replaced plugins_url with plugin_dir_path and added a detection of the version of imagemagick / imagick when generating image.

    I think these fixes help to keep the plugin simple and safe.
    Thank you for everything. I appreciate your continuous support.

Viewing 1 replies (of 1 total)

The topic ‘diff included: exec/php-ext version detection and imagetragick bugs’ is closed to new replies.