Add a configuration switch for enabled preview mimetypes

Backport of https://github.com/owncloud/core/pull/11211 to stable6

7 files changed, 56 insertions, 79 deletions

diff --git a/config/config.sample.php b/config/config.sample.php
index bfe7e5c9ffc..dfb7a227404 100755
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -243,6 +243,27 @@ $CONFIG = array(
 'preview_libreoffice_path' => '/usr/bin/libreoffice',
 /* cl parameters for libreoffice / openoffice */
 'preview_office_cl_parameters' => '',
+/**
+ * Only register providers that have been explicitly enabled
+ *
+ * The following providers are enabled by default:
+ *  - OC\Preview\Image
+ *  - OC\Preview\MP3
+ *  - OC\Preview\TXT
+ *  - OC\Preview\MarkDown
+ *
+ * The following providers are disabled by default due to performance or privacy concerns:
+ *  - OC\Preview\Office
+ *  - OC\Preview\SVG
+ *  - OC\Preview\Movies
+ *  - OC\Preview\PDF
+ */
+'enabledPreviewProviders' => array(
+	'OC\Preview\Image',
+	'OC\Preview\MP3',
+	'OC\Preview\TXT',
+	'OC\Preview\MarkDown'
+),
 
 /* whether avatars should be enabled */
 'enable_avatars' => true,
diff --git a/lib/private/preview.php b/lib/private/preview.php
index 703b01e94df..9ff4d81ccaf 100755
--- a/lib/private/preview.php
+++ b/lib/private/preview.php
@@ -19,7 +19,6 @@ require_once 'preview/mp3.php';
 require_once 'preview/pdf.php';
 require_once 'preview/svg.php';
 require_once 'preview/txt.php';
-require_once 'preview/unknown.php';
 require_once 'preview/office.php';
 
 class Preview {
@@ -51,6 +50,7 @@ class Preview {
 	//preview providers
 	static private $providers = array();
 	static private $registeredProviders = array();
+	static private $enabledProviders = array();
 
 	/**
 	 * @brief check if thumbnail or bigger version of thumbnail of file is cached
@@ -578,7 +578,33 @@ class Preview {
 	 * @return void
 	 */
 	public static function registerProvider($class, $options=array()) {
-		self::$registeredProviders[]=array('class'=>$class, 'options'=>$options);
+		/**
+		* Only register providers that have been explicitly enabled
+		*
+		* The following providers are enabled by default:
+		*  - OC\Preview\Image
+		*  - OC\Preview\MP3
+		*  - OC\Preview\TXT
+		*  - OC\Preview\MarkDown
+		*
+		* The following providers are disabled by default due to performance or privacy concerns:
+		*  - OC\Preview\Office
+		*  - OC\Preview\SVG
+		*  - OC\Preview\Movies
+		*  - OC\Preview\PDF
+		*/
+		if(empty(self::$enabledProviders)) {
+			self::$enabledProviders = \OC_Config::getValue('enabledPreviewProviders', array(
+				'OC\Preview\Image',
+				'OC\Preview\MP3',
+				'OC\Preview\TXT',
+				'OC\Preview\MarkDown',
+				));
+			}
+
+		if(in_array($class, self::$enabledProviders)) {
+			self::$registeredProviders[] = array('class' => $class, 'options' => $options);
+		}
 	}
 
 	/**
@@ -587,9 +613,7 @@ class Preview {
 	 */
 	private static function initProviders() {
 		if(!\OC_Config::getValue('enable_previews', true)) {
-			$provider = new Preview\Unknown(array());
-			self::$providers = array($provider->getMimeType() => $provider);
-			return;
+			self::$providers = array();
 		}
 
 		if(count(self::$providers)>0) {
@@ -633,8 +657,7 @@ class Preview {
 		}
 
 		//remove last element because it has the mimetype *
-		$providers = array_slice(self::$providers, 0, -1);
-		foreach($providers as $supportedMimetype => $provider) {
+		foreach(self::$providers as $supportedMimetype => $provider) {
 			if(preg_match($supportedMimetype, $mimetype)) {
 				return true;
 			}
diff --git a/lib/private/preview/svg.php b/lib/private/preview/svg.php
index b49e51720fa..488e3411ee8 100644
--- a/lib/private/preview/svg.php
+++ b/lib/private/preview/svg.php
@@ -25,6 +25,11 @@ if (extension_loaded('imagick')) {
 					$content = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>' . $content;
 				}
 
+				// Do not parse SVG files with references
+				if(stripos($content, 'xlink:href') !== false) {
+					return false;
+				}
+
 				$svg->readImageBlob($content);
 				$svg->setImageFormat('png32');
 			} catch (\Exception $e) {
diff --git a/lib/private/preview/unknown.php b/lib/private/preview/unknown.php
deleted file mode 100644
index 4747f9e25ed..00000000000
--- a/lib/private/preview/unknown.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-/**
- * Copyright (c) 2013 Frank Karlitschek frank@owncloud.org
- * Copyright (c) 2013 Georg Ehrke georg@ownCloud.com
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
-namespace OC\Preview;
-
-class Unknown extends Provider {
-
-	public function getMimeType() {
-		return '/.*/';
-	}
-
-	public function getThumbnail($path, $maxX, $maxY, $scalingup, $fileview) {
-		$mimetype = $fileview->getMimeType($path);
-
-		$path = \OC_Helper::mimetypeIcon($mimetype);
-		$path = \OC::$SERVERROOT . substr($path, strlen(\OC::$WEBROOT));
-
-		$svgPath = substr_replace($path, 'svg', -3);
-
-		if (extension_loaded('imagick') && file_exists($svgPath)) {
-
-			// http://www.php.net/manual/de/imagick.setresolution.php#85284
-			$svg = new \Imagick();
-			$svg->readImage($svgPath);
-			$res = $svg->getImageResolution();
-			$x_ratio = $res['x'] / $svg->getImageWidth();
-			$y_ratio = $res['y'] / $svg->getImageHeight();
-			$svg->removeImage();
-			$svg->setResolution($maxX * $x_ratio, $maxY * $y_ratio);
-			$svg->setBackgroundColor(new \ImagickPixel('transparent'));
-			$svg->readImage($svgPath);
-			$svg->setImageFormat('png32');
-
-			$image = new \OC_Image();
-			$image->loadFromData($svg);
-		} else {
-			$image = new \OC_Image($path);
-		}
-
-		return $image;
-	}
-}
-
-\OC\Preview::registerProvider('OC\Preview\Unknown');
diff --git a/tests/data/testcal.ics b/tests/data/testcal.ics
deleted file mode 100644
index e05f01ba1c2..00000000000
--- a/tests/data/testcal.ics
+++ /dev/null
@@ -1,13 +0,0 @@
-BEGIN:VCALENDAR
-PRODID:-//some random cal software//EN
-VERSION:2.0
-BEGIN:VEVENT
-CREATED:20130102T120000Z
-LAST-MODIFIED:20130102T120000Z
-DTSTAMP:20130102T120000Z
-UID:f106ecdf-c716-43ef-9d94-4e6f19f2fcfb
-SUMMARY:a test cal file
-DTSTART;VALUE=DATE:20130101
-DTEND;VALUE=DATE:20130102
-END:VEVENT
-END:VCALENDAR
\ No newline at end of file
diff --git a/tests/data/testcontact.vcf b/tests/data/testcontact.vcf
deleted file mode 100644
index 2af963d6916..00000000000
--- a/tests/data/testcontact.vcf
+++ /dev/null
@@ -1,6 +0,0 @@
-BEGIN:VCARD
-VERSION:3.0
-PRODID:-//some random contact software//EN
-N:def;abc;;;
-FN:abc def
-END:VCARD
\ No newline at end of file
diff --git a/tests/lib/preview.php b/tests/lib/preview.php
index 353b66fd6d6..dbdb5fb66dd 100644
--- a/tests/lib/preview.php
+++ b/tests/lib/preview.php
@@ -94,13 +94,9 @@ class Preview extends \PHPUnit_Framework_TestCase {
 
 	public function txtBlacklist() {
 		$txt = 'random text file';
-		$ics = file_get_contents(__DIR__ . '/../data/testcal.ics');
-		$vcf = file_get_contents(__DIR__ . '/../data/testcontact.vcf');
 
 		return array(
 			array('txt', $txt, false),
-			array('ics', $ics, true),
-			array('vcf', $vcf, true),
 		);
 	}