Title: diff included: exec/php-ext version detection and imagetragick bugs Last modified: August 31, 2016 --- # diff included: exec/php-ext version detection and imagetragick bugs * Resolved [az6667](https://wordpress.org/support/users/az6667/) * (@az6667) * [10 years ago](https://wordpress.org/support/topic/diff-included-execphp-ext-version-detection-and-imagetragick-bugs/) * Hi, * Two bugs. Diff attached against 1.4.4 version. Minimal changes. * 1. This affects users who have both imagemagick (cli/exec) and imagick (php-extension) available, but the versions differ. This is the case in e.g. cloudlinux on Centos 6, Due to the way and order in which imagemagick (cli/exec) and imagick (php- extension) versions are detected and stored for later use, you can end up in a scenario where you have selected ‘exec’, but the options during generation are based upon a stored version detected from ‘imagick’. The opposite can also occur, since this plugin will use different methods (exec or php-extension) of version detection first during plugin activation, upload, and settings save. If you find that deactivating/reactivating the plugin without saving settings, followed by a regeneration solves issues for you, this may be a situation you are in. To resolve, this patch will redetect the version of imagemagick / imagick prior to generation, based upon the method you are using (exec / php-extension). * 2. Default ImageMagick policy settings have changed in many distributions, following the ‘ImageTragick’ vulnerability (CVE-2016–3714). This means that the newly added icc conversion options for CMYK pdfs will cause a policy failure, since they use the HTTP url to the icc/icm files, rather than a system path. This patch uses plugin_dir_path instead of plugins_url. * ``` --- a/pdf-image-generator.php 2016-05-16 16:08:35.000000000 +1000 +++ b/pdf-image-generator.php 2016-05-16 16:13:19.000000000 +1000 @@ -318,6 +318,8 @@ $file_basename = apply_filters( 'pigen_filter_convert_file_basename', $file_basename ); $file_url = str_replace( basename($file), $file_basename, $file ); if ( $verify_imagick == 'imagick' ) { // imagick API + $version = $this->pigen_imagick_ver(); + $version = ( !empty($version) ? $version : '' ); try { $imagick = new imagick(); if ( $property ) { @@ -382,6 +384,9 @@ $file_url = false; } } else { // imageMagick + $version = $this->pigen_imageMagick_ver(); + $version = ( !empty($version) ? $version : '' ); + if ( version_compare($version,'6.7.5') < 0 ) $alphaoff = "-flatten"; else $alphaoff = "-alpha remove"; if ( version_compare($version,'6.7.7') < 0 ) $density = "-density 72"; else $density = "-density 300 -set units PixelsPerInch"; @@ -391,10 +396,10 @@ // if ( version_compare($version,'6.8.7.2' ) >= 0 { // $get_icc = exec("identify -format %[profile:icc] {$file}[0]", $output, $return); // } - $plugins_url = plugins_url( '', __FILE__ ); + $plugin_dir_path = plugin_dir_path( __FILE__ ); if( strpos($get_color,'cmyk') !== false || strpos($get_color,'CMYK') !== false ){ - $colorspace = "-strip -profile ".$plugins_url."/iccprofiles/GenericCMYK.icm -profile ".$plugins_url."/iccprofiles/sRGB_ICC_v4_appearance_beta_displayclass.icc -colorspace sRGB"; + $colorspace = "-strip -profile ".$plugin_dir_path."/iccprofiles/GenericCMYK.icm -profile ".$plugin_dir_path."/iccprofiles/sRGB_ICC_v4_appearance_beta_displayclass.icc -colorspace sRGB"; } } if ( $property ) { ``` * [https://wordpress.org/plugins/pdf-image-generator/](https://wordpress.org/plugins/pdf-image-generator/) Viewing 1 replies (of 1 total) * Plugin Author [Mizuho Ogino](https://wordpress.org/support/users/fishpie/) * (@fishpie) * [10 years ago](https://wordpress.org/support/topic/diff-included-execphp-ext-version-detection-and-imagetragick-bugs/#post-7383549) * Hi, it’s really great advice and I learned a lot from it. * I replaced plugins_url with plugin_dir_path and added a detection of the version of imagemagick / imagick when generating image. * I think these fixes help to keep the plugin simple and safe. Thank you for everything. I appreciate your continuous support. Viewing 1 replies (of 1 total) The topic ‘diff included: exec/php-ext version detection and imagetragick bugs’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/pdf-image-generator_c3bea9.svg) * [PDF Image Generator](https://wordpress.org/plugins/pdf-image-generator/) * [Frequently Asked Questions](https://wordpress.org/plugins/pdf-image-generator/#faq) * [Support Threads](https://wordpress.org/support/plugin/pdf-image-generator/) * [Active Topics](https://wordpress.org/support/plugin/pdf-image-generator/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pdf-image-generator/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pdf-image-generator/reviews/) * 1 reply * 2 participants * Last reply from: [Mizuho Ogino](https://wordpress.org/support/users/fishpie/) * Last activity: [10 years ago](https://wordpress.org/support/topic/diff-included-execphp-ext-version-detection-and-imagetragick-bugs/#post-7383549) * Status: resolved