diff options
author | Varun Patil <varunpatil@ucla.edu> | 2024-04-07 19:10:19 -0700 |
---|---|---|
committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-05-15 20:16:43 +0000 |
commit | 312dc5612fab1e610270a97a6c82a92947425228 (patch) | |
tree | 6b0d6002a25e288e6118a718caf9912dd57bcf13 | |
parent | 10dfb76f283a360e704839e4eca647806db78411 (diff) | |
download | nextcloud-server-312dc5612fab1e610270a97a6c82a92947425228.tar.gz nextcloud-server-312dc5612fab1e610270a97a6c82a92947425228.zip |
fix(preview): check mime type before processing with Imagick
Signed-off-by: Varun Patil <varunpatil@ucla.edu>
-rw-r--r-- | lib/private/Preview/Bitmap.php | 21 | ||||
-rw-r--r-- | lib/private/Preview/Font.php | 7 | ||||
-rw-r--r-- | lib/private/Preview/HEIC.php | 12 | ||||
-rw-r--r-- | lib/private/Preview/Illustrator.php | 7 | ||||
-rw-r--r-- | lib/private/Preview/PDF.php | 7 | ||||
-rw-r--r-- | lib/private/Preview/Photoshop.php | 7 | ||||
-rw-r--r-- | lib/private/Preview/Postscript.php | 7 | ||||
-rw-r--r-- | lib/private/Preview/SGI.php | 9 | ||||
-rw-r--r-- | lib/private/Preview/SVG.php | 23 | ||||
-rw-r--r-- | lib/private/Preview/TGA.php | 9 | ||||
-rw-r--r-- | lib/private/Preview/TIFF.php | 7 | ||||
-rw-r--r-- | lib/private/PreviewManager.php | 6 |
12 files changed, 109 insertions, 13 deletions
diff --git a/lib/private/Preview/Bitmap.php b/lib/private/Preview/Bitmap.php index 84c7b4a8968..e0f1dc5fcae 100644 --- a/lib/private/Preview/Bitmap.php +++ b/lib/private/Preview/Bitmap.php @@ -38,6 +38,18 @@ use Psr\Log\LoggerInterface; */ abstract class Bitmap extends ProviderV2 { /** + * List of MIME types that this preview provider is allowed to process. + * + * These should correspond to the MIME types *identified* by Imagemagick + * for files to be processed by this provider. These do / will not + * necessarily need to match the MIME types stored in the database + * (which are identified by IMimeTypeDetector). + * + * @return string Regular expression + */ + abstract protected function getAllowedMimeTypes(): string; + + /** * {@inheritDoc} */ public function getThumbnail(File $file, int $maxX, int $maxY): ?IImage { @@ -86,10 +98,19 @@ abstract class Bitmap extends ProviderV2 { * @param int $maxY * * @return \Imagick + * + * @throws \Exception */ private function getResizedPreview($tmpPath, $maxX, $maxY) { $bp = new Imagick(); + // Validate mime type + $bp->pingImage($tmpPath . '[0]'); + $mimeType = $bp->getImageMimeType(); + if (!preg_match($this->getAllowedMimeTypes(), $mimeType)) { + throw new \Exception('File mime type does not match the preview provider: ' . $mimeType); + } + // Layer 0 contains either the bitmap or a flat representation of all vector layers $bp->readImage($tmpPath . '[0]'); diff --git a/lib/private/Preview/Font.php b/lib/private/Preview/Font.php index baf29e1defc..18dfb3e7ec0 100644 --- a/lib/private/Preview/Font.php +++ b/lib/private/Preview/Font.php @@ -30,4 +30,11 @@ class Font extends Bitmap { public function getMimeType(): string { return '/application\/(?:font-sfnt|x-font$)/'; } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/(application|image)\/(?:font-sfnt|x-font|x-otf|x-ttf|x-pfb$)/'; + } } diff --git a/lib/private/Preview/HEIC.php b/lib/private/Preview/HEIC.php index 71df98f9ac6..21cacd43c84 100644 --- a/lib/private/Preview/HEIC.php +++ b/lib/private/Preview/HEIC.php @@ -44,7 +44,7 @@ class HEIC extends ProviderV2 { * {@inheritDoc} */ public function getMimeType(): string { - return '/image\/hei(f|c)/'; + return '/image\/(x-)?hei(f|c)/'; } /** @@ -108,10 +108,20 @@ class HEIC extends ProviderV2 { * @param int $maxY * * @return \Imagick + * + * @throws \Exception */ private function getResizedPreview($tmpPath, $maxX, $maxY) { $bp = new \Imagick(); + // Some HEIC files just contain (or at least are identified as) other formats + // like JPEG. We just need to check if the image is safe to process. + $bp->pingImage($tmpPath . '[0]'); + $mimeType = $bp->getImageMimeType(); + if (!preg_match('/^image\/(x-)?(png|jpeg|gif|bmp|tiff|webp|hei(f|c)|avif)$/', $mimeType)) { + throw new \Exception('File mime type does not match the preview provider: ' . $mimeType); + } + // Layer 0 contains either the bitmap or a flat representation of all vector layers $bp->readImage($tmpPath . '[0]'); diff --git a/lib/private/Preview/Illustrator.php b/lib/private/Preview/Illustrator.php index 3d926c304c5..f284b670c9d 100644 --- a/lib/private/Preview/Illustrator.php +++ b/lib/private/Preview/Illustrator.php @@ -31,4 +31,11 @@ class Illustrator extends Bitmap { public function getMimeType(): string { return '/application\/illustrator/'; } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/application\/(illustrator|pdf)/'; + } } diff --git a/lib/private/Preview/PDF.php b/lib/private/Preview/PDF.php index 405fd1545f9..c387e72dfe3 100644 --- a/lib/private/Preview/PDF.php +++ b/lib/private/Preview/PDF.php @@ -31,4 +31,11 @@ class PDF extends Bitmap { public function getMimeType(): string { return '/application\/pdf/'; } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/application\/pdf/'; + } } diff --git a/lib/private/Preview/Photoshop.php b/lib/private/Preview/Photoshop.php index 9d79abf8191..dbe2e68192e 100644 --- a/lib/private/Preview/Photoshop.php +++ b/lib/private/Preview/Photoshop.php @@ -31,4 +31,11 @@ class Photoshop extends Bitmap { public function getMimeType(): string { return '/application\/x-photoshop/'; } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/(application|image)\/(x-photoshop|x-psd)/'; + } } diff --git a/lib/private/Preview/Postscript.php b/lib/private/Preview/Postscript.php index 06ea7fc8037..309bd54baa5 100644 --- a/lib/private/Preview/Postscript.php +++ b/lib/private/Preview/Postscript.php @@ -31,4 +31,11 @@ class Postscript extends Bitmap { public function getMimeType(): string { return '/application\/postscript/'; } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/application\/postscript/'; + } } diff --git a/lib/private/Preview/SGI.php b/lib/private/Preview/SGI.php index 9f392d2252f..3172e8773a3 100644 --- a/lib/private/Preview/SGI.php +++ b/lib/private/Preview/SGI.php @@ -28,6 +28,13 @@ class SGI extends Bitmap { * {@inheritDoc} */ public function getMimeType(): string { - return '/image\/sgi/'; + return '/image\/(x-)?sgi/'; + } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/image\/(x-)?sgi/'; } } diff --git a/lib/private/Preview/SVG.php b/lib/private/Preview/SVG.php index fd472083533..207c9dfb021 100644 --- a/lib/private/Preview/SVG.php +++ b/lib/private/Preview/SVG.php @@ -44,9 +44,6 @@ class SVG extends ProviderV2 { */ public function getThumbnail(File $file, int $maxX, int $maxY): ?IImage { try { - $svg = new \Imagick(); - $svg->setBackgroundColor(new \ImagickPixel('transparent')); - $content = stream_get_contents($file->fopen('r')); if (substr($content, 0, 5) !== '<?xml') { $content = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>' . $content; @@ -57,13 +54,25 @@ class SVG extends ProviderV2 { return null; } + $svg = new \Imagick(); + + $svg->pingImageBlob($content); + $mimeType = $svg->getImageMimeType(); + if (!preg_match($this->getMimeType(), $mimeType)) { + throw new \Exception('File mime type does not match the preview provider: ' . $mimeType); + } + + $svg->setBackgroundColor(new \ImagickPixel('transparent')); $svg->readImageBlob($content); $svg->setImageFormat('png32'); } catch (\Exception $e) { - \OC::$server->get(LoggerInterface::class)->error($e->getMessage(), [ - 'exception' => $e, - 'app' => 'core', - ]); + \OC::$server->get(LoggerInterface::class)->error( + 'File: ' . $file->getPath() . ' Imagick says:', + [ + 'exception' => $e, + 'app' => 'core', + ] + ); return null; } diff --git a/lib/private/Preview/TGA.php b/lib/private/Preview/TGA.php index cb591be2231..35f000b6bdd 100644 --- a/lib/private/Preview/TGA.php +++ b/lib/private/Preview/TGA.php @@ -28,6 +28,13 @@ class TGA extends Bitmap { * {@inheritDoc} */ public function getMimeType(): string { - return '/image\/t(ar)?ga/'; + return '/image\/(x-)?t(ar)?ga/'; + } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/image\/(x-)?t(ar)?ga/'; } } diff --git a/lib/private/Preview/TIFF.php b/lib/private/Preview/TIFF.php index 1a5d957d3ee..9628104a0f0 100644 --- a/lib/private/Preview/TIFF.php +++ b/lib/private/Preview/TIFF.php @@ -31,4 +31,11 @@ class TIFF extends Bitmap { public function getMimeType(): string { return '/image\/tiff/'; } + + /** + * {@inheritDoc} + */ + protected function getAllowedMimeTypes(): string { + return '/image\/tiff/'; + } } diff --git a/lib/private/PreviewManager.php b/lib/private/PreviewManager.php index aedcbbce335..9ae11dcce45 100644 --- a/lib/private/PreviewManager.php +++ b/lib/private/PreviewManager.php @@ -376,9 +376,9 @@ class PreviewManager implements IPreview { 'PSD' => ['mimetype' => '/application\/x-photoshop/', 'class' => Preview\Photoshop::class], 'EPS' => ['mimetype' => '/application\/postscript/', 'class' => Preview\Postscript::class], 'TTF' => ['mimetype' => '/application\/(?:font-sfnt|x-font$)/', 'class' => Preview\Font::class], - 'HEIC' => ['mimetype' => '/image\/hei(f|c)/', 'class' => Preview\HEIC::class], - 'TGA' => ['mimetype' => '/image\/t(ar)?ga/', 'class' => Preview\TGA::class], - 'SGI' => ['mimetype' => '/image\/sgi/', 'class' => Preview\SGI::class], + 'HEIC' => ['mimetype' => '/image\/(x-)?hei(f|c)/', 'class' => Preview\HEIC::class], + 'TGA' => ['mimetype' => '/image\/(x-)?t(ar)?ga/', 'class' => Preview\TGA::class], + 'SGI' => ['mimetype' => '/image\/(x-)?sgi/', 'class' => Preview\SGI::class], ]; foreach ($imagickProviders as $queryFormat => $provider) { |