shimmie2/ext/handle_svg/main.php

<?php

declare(strict_types=1);

namespace Shimmie2;

use enshrined\svgSanitize\Sanitizer;

class SVGFileHandler extends DataHandlerExtension
{
    protected array $SUPPORTED_MIME = [MimeType::SVG];

    /** @var SVGFileHandlerTheme */
    protected Themelet $theme;

    public function onPageRequest(PageRequestEvent $event): void
    {
        global $page;
        if ($event->page_matches("get_svg/{id}")) {
            $id = $event->get_iarg('id');
            $image = Image::by_id_ex($id);
            $hash = $image->hash;

            $page->set_mime(MimeType::SVG);
            $page->set_mode(PageMode::DATA);

            $sanitizer = new Sanitizer();
            $sanitizer->removeRemoteReferences(true);
            $dirtySVG = \Safe\file_get_contents(warehouse_path(Image::IMAGE_DIR, $hash));
            $cleanSVG = $sanitizer->sanitize($dirtySVG);
            $page->set_data($cleanSVG);
        }
    }

    public function onDataUpload(DataUploadEvent $event): void
    {
        global $config;

        if ($this->supported_mime($event->mime)) {
            // If the SVG handler intends to handle this file,
            // then sanitise it before touching it
            $sanitizer = new Sanitizer();
            $sanitizer->removeRemoteReferences(true);
            $dirtySVG = \Safe\file_get_contents($event->tmpname);
            $cleanSVG = false_throws($sanitizer->sanitize($dirtySVG));
            $event->hash = md5($cleanSVG);
            $new_tmpname = shm_tempnam("svg");
            file_put_contents($new_tmpname, $cleanSVG);
            $event->set_tmpname($new_tmpname);

            parent::onDataUpload($event);
        }
    }

    protected function media_check_properties(MediaCheckPropertiesEvent $event): void
    {
        $event->image->lossless = true;
        $event->image->video = false;
        $event->image->audio = false;
        $event->image->image = true;

        $msp = new MiniSVGParser($event->image->get_image_filename());
        $event->image->width = $msp->width;
        $event->image->height = $msp->height;
    }

    protected function create_thumb(Image $image): bool
    {
        try {
            // Normally we require imagemagick, but for unit tests we can use a no-op engine
            if (defined('UNITTEST')) {
                create_image_thumb($image);
            } else {
                create_image_thumb($image, MediaEngine::IMAGICK);
            }
            return true;
        } catch (MediaException $e) {
            log_warning("handle_svg", "Could not generate thumbnail. " . $e->getMessage());
            copy("ext/handle_svg/thumb.jpg", $image->get_thumb_filename());
            return false;
        }
    }

    protected function check_contents(string $tmpname): bool
    {
        if (MimeType::get_for_file($tmpname) !== MimeType::SVG) {
            return false;
        }

        $msp = new MiniSVGParser($tmpname);
        return bool_escape($msp->valid);
    }
}

class MiniSVGParser
{
    public bool $valid = false;
    public int $width = 0;
    public int $height = 0;
    private int $xml_depth = 0;

    public function __construct(string $file)
    {
        $xml_parser = xml_parser_create();
        xml_set_element_handler($xml_parser, [$this, "startElement"], [$this, "endElement"]);
        $this->valid = bool_escape(xml_parse($xml_parser, \Safe\file_get_contents($file), true));
        xml_parser_free($xml_parser);
    }

    /**
     * @param array<string, mixed> $attrs
     */
    public function startElement(mixed $parser, string $name, array $attrs): void
    {
        if ($name == "SVG" && $this->xml_depth == 0) {
            $this->width = int_escape($attrs["WIDTH"]);
            $this->height = int_escape($attrs["HEIGHT"]);
        }
        $this->xml_depth++;
    }

    public function endElement(mixed $parser, string $name): void
    {
        $this->xml_depth--;
    }
}
new php-cs-fixer 2021-12-14 18:32:47 +00:00			`<?php`

			`declare(strict_types=1);`
Namespaces are one honking great idea—let's do more of those! 2023-01-10 22:44:09 +00:00
			`namespace Shimmie2;`

use svg-sanitize to sanitize SVG files 2018-02-20 21:35:43 +00:00			`use enshrined\svgSanitize\Sanitizer;`

Added webp upload and thumbnailing support Bug fixes and consolidation of various thumbnail and resize functionality Changed resize/rotate extensions to use replace image event Added content-disposition header to image responses to provide a human-friendly filename when saving Added more bulk thumbnail regeneration tools Tweaks to bulk actions to correct totals when batching items 2019-06-09 18:22:48 +00:00			`class SVGFileHandler extends DataHandlerExtension`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`{`
drop php7.3 support, make use of 7.4 features 2021-03-14 23:43:50 +00:00			`protected array $SUPPORTED_MIME = [MimeType::SVG];`
dedupe more data handling 2020-02-23 18:37:22 +00:00
set theme classes 2020-02-04 00:46:36 +00:00			`/** @var SVGFileHandlerTheme */`
always have a Themelet, never null 2023-06-27 14:56:49 +00:00			`protected Themelet $theme;`
set theme classes 2020-02-04 00:46:36 +00:00
[everything] bulk set event handler return types to void 2024-01-15 11:52:35 +00:00			`public function onPageRequest(PageRequestEvent $event): void`
Added additional media properties to the images table, video, audio, length, and lossless. Added new event to handle fetching media properties like height, width, and the newly added fields, and admin controls to manually scan files for their properties. Added a search terms content:video and content:audio to search for images that do (or do not) have those flags. 2019-06-25 20:17:13 +00:00			`{`
dedupe more data handling 2020-02-23 18:37:22 +00:00			`global $page;`
[core] exact and named page args 2024-02-11 11:34:09 +00:00			`if ($event->page_matches("get_svg/{id}")) {`
			`$id = $event->get_iarg('id');`
[core] use Safe library, reduce StdLibEx 2024-02-20 00:22:25 +00:00			`$image = Image::by_id_ex($id);`
dedupe more data handling 2020-02-23 18:37:22 +00:00			`$hash = $image->hash;`
Added additional media properties to the images table, video, audio, length, and lossless. Added new event to handle fetching media properties like height, width, and the newly added fields, and admin controls to manually scan files for their properties. Added a search terms content:video and content:audio to search for images that do (or do not) have those flags. 2019-06-25 20:17:13 +00:00
The great MIMEing 2020-06-14 16:05:55 +00:00			`$page->set_mime(MimeType::SVG);`
dedupe more data handling 2020-02-23 18:37:22 +00:00			`$page->set_mode(PageMode::DATA);`
Added additional media properties to the images table, video, audio, length, and lossless. Added new event to handle fetching media properties like height, width, and the newly added fields, and admin controls to manually scan files for their properties. Added a search terms content:video and content:audio to search for images that do (or do not) have those flags. 2019-06-25 20:17:13 +00:00
dedupe more data handling 2020-02-23 18:37:22 +00:00			`$sanitizer = new Sanitizer();`
			`$sanitizer->removeRemoteReferences(true);`
[core] use Safe library, reduce StdLibEx 2024-02-20 00:22:25 +00:00			`$dirtySVG = \Safe\file_get_contents(warehouse_path(Image::IMAGE_DIR, $hash));`
dedupe more data handling 2020-02-23 18:37:22 +00:00			`$cleanSVG = $sanitizer->sanitize($dirtySVG);`
			`$page->set_data($cleanSVG);`
Added additional media properties to the images table, video, audio, length, and lossless. Added new event to handle fetching media properties like height, width, and the newly added fields, and admin controls to manually scan files for their properties. Added a search terms content:video and content:audio to search for images that do (or do not) have those flags. 2019-06-25 20:17:13 +00:00			`}`
			`}`

[everything] bulk set event handler return types to void 2024-01-15 11:52:35 +00:00			`public function onDataUpload(DataUploadEvent $event): void`
[core] inline some single-use functions 2024-01-09 04:22:59 +00:00			`{`
			`global $config;`

			`if ($this->supported_mime($event->mime)) {`
			`// If the SVG handler intends to handle this file,`
			`// then sanitise it before touching it`
			`$sanitizer = new Sanitizer();`
			`$sanitizer->removeRemoteReferences(true);`
[core] use Safe library, reduce StdLibEx 2024-02-20 00:22:25 +00:00			`$dirtySVG = \Safe\file_get_contents($event->tmpname);`
level 7 typing 2024-01-20 20:48:47 +00:00			`$cleanSVG = false_throws($sanitizer->sanitize($dirtySVG));`
[core] inline some single-use functions 2024-01-09 04:22:59 +00:00			`$event->hash = md5($cleanSVG);`
level 7 typing 2024-01-20 20:48:47 +00:00			`$new_tmpname = shm_tempnam("svg");`
[core] inline some single-use functions 2024-01-09 04:22:59 +00:00			`file_put_contents($new_tmpname, $cleanSVG);`
			`$event->set_tmpname($new_tmpname);`

			`parent::onDataUpload($event);`
			`}`
			`}`

dedupe more data handling 2020-02-23 18:37:22 +00:00			`protected function media_check_properties(MediaCheckPropertiesEvent $event): void`
			`{`
			`$event->image->lossless = true;`
			`$event->image->video = false;`
			`$event->image->audio = false;`
			`$event->image->image = true;`

use DataUploadEvent fields rather than required metadata 2023-02-22 23:37:37 +00:00			`$msp = new MiniSVGParser($event->image->get_image_filename());`
dedupe more data handling 2020-02-23 18:37:22 +00:00			`$event->image->width = $msp->width;`
			`$event->image->height = $msp->height;`
			`}`

[core] only move file to warehouse if all the rest of the upload is ok, fixes #1004 2024-01-09 04:49:19 +00:00			`protected function create_thumb(Image $image): bool`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`{`
New Graphics extension Added constants to several extensions 2019-06-18 18:45:59 +00:00			`try {`
faster svg thumbs 2020-02-01 18:51:57 +00:00			`// Normally we require imagemagick, but for unit tests we can use a no-op engine`
move stream_file to its own function 2020-02-01 21:20:32 +00:00			`if (defined('UNITTEST')) {`
[core] only move file to warehouse if all the rest of the upload is ok, fixes #1004 2024-01-09 04:49:19 +00:00			`create_image_thumb($image);`
move stream_file to its own function 2020-02-01 21:20:32 +00:00			`} else {`
[core] only move file to warehouse if all the rest of the upload is ok, fixes #1004 2024-01-09 04:49:19 +00:00			`create_image_thumb($image, MediaEngine::IMAGICK);`
move stream_file to its own function 2020-02-01 21:20:32 +00:00			`}`
New Graphics extension Added constants to several extensions 2019-06-18 18:45:59 +00:00			`return true;`
Renamed graphics extension to media extension 2019-06-24 15:05:16 +00:00			`} catch (MediaException $e) {`
New Graphics extension Added constants to several extensions 2019-06-18 18:45:59 +00:00			`log_warning("handle_svg", "Could not generate thumbnail. " . $e->getMessage());`
[core] only move file to warehouse if all the rest of the upload is ok, fixes #1004 2024-01-09 04:49:19 +00:00			`copy("ext/handle_svg/thumb.jpg", $image->get_thumb_filename());`
New Graphics extension Added constants to several extensions 2019-06-18 18:45:59 +00:00			`return false;`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`}`
			`}`

drop php7.3 support, make use of 7.4 features 2021-03-14 23:43:50 +00:00			`protected function check_contents(string $tmpname): bool`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`{`
bumps 2023-11-11 21:49:12 +00:00			`if (MimeType::get_for_file($tmpname) !== MimeType::SVG) {`
Added mime check to svg check so that it doesn't try to load every upload into memory 2020-02-24 14:29:27 +00:00			`return false;`
			`}`

drop php7.3 support, make use of 7.4 features 2021-03-14 23:43:50 +00:00			`$msp = new MiniSVGParser($tmpname);`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`return bool_escape($msp->valid);`
			`}`
SVG handler git-svn-id: file:///home/shish/svn/shimmie2/trunk@658 7f39781d-f577-437e-ae19-be835c7a54ca 2007-12-11 18:40:44 +00:00			`}`
get SVG size git-svn-id: file:///home/shish/svn/shimmie2/trunk@814 7f39781d-f577-437e-ae19-be835c7a54ca 2008-04-11 06:56:31 +00:00
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`class MiniSVGParser`
			`{`
drop php7.3 support, make use of 7.4 features 2021-03-14 23:43:50 +00:00			`public bool $valid = false;`
bumps 2023-11-11 21:49:12 +00:00			`public int $width = 0;`
			`public int $height = 0;`
			`private int $xml_depth = 0;`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00
			`public function __construct(string $file)`
			`{`
			`$xml_parser = xml_parser_create();`
			`xml_set_element_handler($xml_parser, [$this, "startElement"], [$this, "endElement"]);`
[core] use Safe library, reduce StdLibEx 2024-02-20 00:22:25 +00:00			`$this->valid = bool_escape(xml_parse($xml_parser, \Safe\file_get_contents($file), true));`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`xml_parser_free($xml_parser);`
			`}`

[core] a load more type hints, and fix bugs revealed by type hints 2024-01-20 14:10:59 +00:00			`/**`
			`* @param array<string, mixed> $attrs`
			`*/`
			`public function startElement(mixed $parser, string $name, array $attrs): void`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`{`
			`if ($name == "SVG" && $this->xml_depth == 0) {`
			`$this->width = int_escape($attrs["WIDTH"]);`
			`$this->height = int_escape($attrs["HEIGHT"]);`
			`}`
			`$this->xml_depth++;`
			`}`

[core] a load more type hints, and fix bugs revealed by type hints 2024-01-20 14:10:59 +00:00			`public function endElement(mixed $parser, string $name): void`
PSR-2. I'm not a huge fan, but ugly consistency beats no consistency... 2019-05-28 16:59:38 +00:00			`{`
			`$this->xml_depth--;`
			`}`
get SVG size git-svn-id: file:///home/shish/svn/shimmie2/trunk@814 7f39781d-f577-437e-ae19-be835c7a54ca 2008-04-11 06:56:31 +00:00			`}`