Commit Graph

69 Commits (545a7bbbf07dd2375a96eae09f9abd6329a919e5)

Author SHA1 Message Date
Simon McVittie 545a7bbbf0 img: restrict to JPEG, PNG and GIF images by default
This mitigates CVE-2016-3714. Wiki administrators who know that they
have prevented arbitrary code execution via other formats can re-enable
the other formats if desired.
2016-05-05 23:43:50 +01:00
Simon McVittie 54a9f8d07d img: force common Web formats to be interpreted according to extension
A site administrator might unwisely set allowed_attachments to
something like '*.jpg or *.png'; if they do, an attacker could attach,
for example, a SVG file named attachment.jpg.

This mitigates CVE-2016-3714.
2016-05-05 23:43:50 +01:00
Simon McVittie 7a2117bf8c img: stop ImageMagick trying to be clever if filenames contain a colon
$im->Read() takes a filename-like argument with several sets of special
syntax. Most of the possible metacharacters are escaped by the
default `wiki_file_chars` (and in any case not particularly disruptive),
but the colon ":" is not.

It seems the way to force ImageMagick to treat colons within the
filename as literal is to prepend a colon, so do that.
2015-06-13 20:00:08 +01:00
Simon McVittie eb4945a3bc img: raise an error if we cannot find the image's size
This happens for PDFs without ghostscript installed, for instance.
2014-09-16 10:00:40 +01:00
chrysn fa2a4d0db4 show resized img in preview using data: urls
in analogy to sparklines, this renders scaled imgs to
data:img/...;base64,... urls in preview mode.

if the image is already present on the server (eg because it was not
just inserted), the already rendered image is referenced instead.
2014-07-15 13:47:37 +02:00
chrysn a308b212ad img plugin: split resizing calculations and actual resizing
there is now a size calculating part (which chooses a final size) and a
scaling part (which triggers if the sizes calculated by the former
indicate a downscaling).

this solves the issue of unproportional upscalings
(bugs/image_rescaling_distorts_with_small_pictures).

also, "small" pdf files (or pdf files without explicit size settings),
which would not be converted under the old mechanism, now get rendered
to pngs.

this commit affects a unit test: while svgs were previously
unconditionally rendered to pngs, this now only happens on downscaling.
this is intentional -- while a small version of an svg graphic is
likely to be more compact when rendered (eg as a preview), a large
version would not have that benefit, and why convert something that
browsers basically can show and be inconsistend with how other images
are handled. the new unit test simply makes the original svg larger to
check for the same behaviros as before.
2014-07-15 13:44:22 +02:00
chrysn bcc209eb5a add pagenumber parameter
this allows picking a page from a pdf. also, this enhances performance
greatly when rendering pdfs, as only the first page is rasterized.
(otherwise, imagemagick would treat the pdf as a list of images, work
with all of them, until finally only the first page gets saved). the
default parameter of 0 will select the single image contained in typical
image files anyway, so no specialcasing between single- and multifile
containers is needed.
2014-04-07 11:32:25 +02:00
chrysn 6cc43773e7 add pdf support to the img directive
this is trivial as pdf is supported by imagemagick, and just needs an
explicit mention to enable conversion.
2014-04-07 11:19:04 +02:00
chrysn 71b9ad33e0 set the file type parameter after reading the image
imagemagick, when reading an image, sets its magick parameter to
indicate the file type, overriding the explicitly set file type for
output if it is set at creation.

as a result, previously (with graphicsmagick-libmagick-dev-compat
1.3.18-1 providing Image::Magick), svg output files were not png,
neither svg, but mvg (imagemagick vector graphics).
2014-04-07 11:15:51 +02:00
Joey Hess 2872e1d738 cleanup now unused setting 2011-11-17 18:47:51 -04:00
Per Carlson 937c074232 Always use true image size 2011-11-17 22:59:31 +01:00
Joey Hess ae1857b43c img: Generate png format thumbnails for svg images.
Imagemagick does not generate svg images very well, but it can convert
them to png quite well.

For browsers that don't yet support displaying svg, this also provides a
workaround; just scale the svg down to get a png. But the workaround is
partial, since scaling the image larger, or leaving it the same size will
cause the original svg to be displayed. Since browsers are actively
improving svg support, this is good enough for me.
2011-06-29 14:40:30 -04:00
Joey Hess 1182e9d0ee use one-parameter form of urlto 2010-11-29 15:07:26 -04:00
Simon McVittie 1f019ac2aa Use local paths for most references to pages 2010-11-23 00:19:10 +00:00
Joey Hess 8555d10f63 img: If a class is specified, don't also put the img in the img class. 2010-10-13 12:57:16 -04:00
Joey Hess f6db10df21 img: Add a margin around images displayed by this directive.
Particularly important for floating images, which could before be placed
uncomfortably close to text.
2010-07-05 14:04:49 -04:00
Joey Hess 35a0715b9a avoid ugly warning if size="" is specified 2010-06-12 22:59:46 -04:00
Joey Hess d7cfcef54a img: Support hspace and vspace attributes. 2010-06-12 16:43:24 -04:00
Joey Hess b2327cfae4 improve preview mode comments 2010-06-09 17:43:20 -04:00
Joey Hess 0ccf21daaf img: Fill in missing height or width when scaling image. 2010-06-08 21:13:46 -04:00
Joey Hess 34fff64e7b setup file ordering 2010-02-12 06:35:52 -05:00
Joey Hess f91d79f469 img: Fix a bug that could taint @links with undef values. 2010-01-28 21:07:23 -05:00
Joey Hess eb30cfb310 only use css alignment stuff for table
This way users can use all the other alignment values when not including a
caption. Also, it will work without the standard style, and I don't have to
worry about regressions this way.
2010-01-07 16:09:34 -05:00
Joey Hess e31cb975a7 img: remove special case handling of link=yes
Only exists as an undocumented backwards compatability hack.
2010-01-07 15:41:16 -05:00
Joey Hess 253b1a41c1 refactor 2010-01-07 15:36:49 -05:00
Joey Hess e68cce6d1d brace style 2010-01-07 15:12:17 -05:00
Giuseppe Bilotta 4bda18a50a Support align attribute for img with caption
This is achieved by preparing CSS definitions that emulates the behavior
of the align attribute, and passing it to the outermost IMG wrapper
(A or TABLE) instead of passing the align value to IMG directly.
2010-01-06 21:02:09 +01:00
Joey Hess c5e237c013 img: use presence dependency when linking to a page 2009-10-09 13:37:06 -04:00
Joey Hess 7cb620d0e8 img: Fix dependency code for full size images.
I had assumed that an image shown full size did not need add_depends, since
a change would not need a change to the displaying page.

But this is not true if the image is modified and its size changes. Then
the page needs to update its img tag to reflect the current size.
2009-09-27 20:57:27 -04:00
Joey Hess f42215cb65 img: Correct bug in image size calculation code.
If an image was resized smaller, with width and height specified to values
that did not fit its aspect ratio, the image tag with/height were not
adjusted to the actual size imagemagick chooses.

This was broken by 03449610d6.

To fix it right, it unfortunatly needs to always read the src image now,
in order to determine if the image is being displayed larger, or resized
smaller. When resized smaller, it then always uses the size of the
thumbnail, while for larger it calculates the size.

(Only way to get rid of this sometimes extra image read would be to change
it to not allow displaying images larger.)
2009-09-27 20:53:02 -04:00
Joey Hess 03449610d6 img: Don't generate new verison of image if it is scaled to be larger in either dimension.
Although imagemagick handles even really large sizes sanely, using a page
file, doing so would just waste time and disk space, since the browser
can be told to resize it larger.
2009-08-28 23:31:53 -04:00
Simon McVittie e0bb9675ce img: depend on absolute page name, not relative
Previously, [[!img bar.jpg]] on foo, where foo/bar.jpg exists, would
get a dependency equivalent to "glob(bar.jpg)" (which might not match
anything), rather than the correct "glob(foo/bar.jpg)".
(cherry picked from commit 85b2ec49ecd12dd23e5c432933457a72744ce7cb)
2009-08-15 13:50:34 -04:00
Joey Hess 9d96250fc5 img: Fix adding of dependency from page to the image.
This was impressively broken. add_depends was being called with params
backwards, and on parameter was set to the name of the generated
file, which isn't in the source.

Now updates to images will update the page that contains them, thus
updating them. This is unncessary for fullsize images, so skipped.
2009-07-27 22:22:26 +02:00
Joey Hess b23ddf6c4a improve error message 2009-07-19 13:36:46 +02:00
Joey Hess b1b7a2100f img: Pass the align parameter through to the generated img tag. 2009-07-11 00:33:19 -04:00
Simon McVittie a648c439f3 img plugin: do not emit a redundant double-quote before alt attribute 2009-06-16 17:15:06 +01:00
Joey Hess 2a7721febd Avoid %links accumulating duplicates. (For TOVA)
This is sorta an optimisation, and sorta a bug fix. In one
test case I have available, it can speed a page build up from 3
minutes to 3 seconds.

The root of the problem is that $links{$page} contains arrays of
links, rather than hashes of links. And when a link is found,
it is just pushed onto the array, without checking for dups.

Now, the array is emptied before scanning a page, so there
should not be a lot of opportunity for lots of duplicate links
to pile up in it. But, in some cases, they can, and if there
are hundreds of duplicate links in the array, then scanning it
for matching links, as match_link and some other code does,
becomes much more expensive than it needs to be.

Perhaps the real right fix would be to change the data structure
to a hash. But, the list of links is never accessed like that,
you always want to iterate through it.

I also looked at deduping the list in saveindex, but that does
a lot of unnecessary work, and doesn't completly solve the problem.

So, finally, I decided to add an add_link function that handles deduping,
and make ikiwiki-transition remove the old dup links.
2009-05-06 00:27:24 -04:00
Gabriel McManus 950137eb6c img: only provide alt text if it was specified
if suitable alternate text is unknown, then it should not be given.
empty alt text is suitable mainly for purely decorative images.
(cherry picked from commit 3cd7f67f0cf894f4fd5ba16f68e82e4f7bdbfdc5)
2009-01-21 21:17:57 -05:00
Joey Hess 678d467a40 finalise version 3.00 of the plugin api 2008-12-23 16:34:19 -05:00
Joey Hess bb93fccf06 Coding style change: Remove explcit vim folding markers. 2008-12-17 15:22:16 -05:00
Joey Hess 5d53fab853 img: Support sizes like 200x. Closes: #475149 2008-09-09 15:20:06 -04:00
Joey Hess 903213e63f add plugin safe/rebuild info (part 1 of 2)
too many plugins.. brain exploding..
2008-08-03 16:40:12 -04:00
Joey Hess 97e21ae21c don't show an error if the image is missing, instead, a broken link 2008-07-21 16:53:52 -04:00
Joey Hess d724a26754 avoid internal error message when img uses just-deleted page
I think this used to be a fatal error, not just inline error, so I don't
know why it was never noticed, but if a page that an img directive mentions
gets deleted, bestlink() returns a file that no longer exists, and
srcfile() throws an error.

Note that bestlink's behavior of returning a deleted file could be
considered buggy. But, if it's changed to not do that, the page with the img
on it is not updated at all when the file is removed.
2008-07-21 16:38:40 -04:00
Joey Hess ffc99f5904 switch preprocess hooks to use error function 2008-07-13 15:05:34 -04:00
Joey Hess e4e3d7e2d4 convert fatal error to warning
Since perlmagick is not a hard dep, and goodstuff is enabled by default,
imgs should not crash builds
2008-07-12 20:21:42 -04:00
Joey Hess ecfb14f7d1 Don't generate empty title attributes, etc, and allow setting defaults for class and id too. 2008-06-08 00:02:33 -04:00
Joey Hess f6b47b0d1c img: Support captions. 2008-06-07 23:45:40 -04:00
Joey Hess bb51e81762 img: Support a title attribute, will be passed through to html. Closes: #478718 2008-04-30 12:58:36 -04:00
Joey Hess cb8d1c8642 revert destpage part of f7bdc2385
destpage does not normally need to be worried about when creating other files
as part of the process of rendering a page. Using destpage results in
inlined pages creating two copies of such files. It works to not use destpage
in this case because the inlining page depends on the source page, so if the
source page is modified or deleted the inlining page will be updated.
2008-03-23 20:01:26 -04:00