Add a configuration switch for enabled preview mimetypes

Backport of https://github.com/owncloud/core/pull/11211 to stable6

3 files changed, 35 insertions, 56 deletions

diff --git a/lib/private/preview.php b/lib/private/preview.php
index 703b01e94df..9ff4d81ccaf 100755
--- a/lib/private/preview.php
+++ b/lib/private/preview.php
@@ -19,7 +19,6 @@ require_once 'preview/mp3.php';
 require_once 'preview/pdf.php';
 require_once 'preview/svg.php';
 require_once 'preview/txt.php';
-require_once 'preview/unknown.php';
 require_once 'preview/office.php';
 
 class Preview {
@@ -51,6 +50,7 @@ class Preview {
 	//preview providers
 	static private $providers = array();
 	static private $registeredProviders = array();
+	static private $enabledProviders = array();
 
 	/**
 	 * @brief check if thumbnail or bigger version of thumbnail of file is cached
@@ -578,7 +578,33 @@ class Preview {
 	 * @return void
 	 */
 	public static function registerProvider($class, $options=array()) {
-		self::$registeredProviders[]=array('class'=>$class, 'options'=>$options);
+		/**
+		* Only register providers that have been explicitly enabled
+		*
+		* The following providers are enabled by default:
+		*  - OC\Preview\Image
+		*  - OC\Preview\MP3
+		*  - OC\Preview\TXT
+		*  - OC\Preview\MarkDown
+		*
+		* The following providers are disabled by default due to performance or privacy concerns:
+		*  - OC\Preview\Office
+		*  - OC\Preview\SVG
+		*  - OC\Preview\Movies
+		*  - OC\Preview\PDF
+		*/
+		if(empty(self::$enabledProviders)) {
+			self::$enabledProviders = \OC_Config::getValue('enabledPreviewProviders', array(
+				'OC\Preview\Image',
+				'OC\Preview\MP3',
+				'OC\Preview\TXT',
+				'OC\Preview\MarkDown',
+				));
+			}
+
+		if(in_array($class, self::$enabledProviders)) {
+			self::$registeredProviders[] = array('class' => $class, 'options' => $options);
+		}
 	}
 
 	/**
@@ -587,9 +613,7 @@ class Preview {
 	 */
 	private static function initProviders() {
 		if(!\OC_Config::getValue('enable_previews', true)) {
-			$provider = new Preview\Unknown(array());
-			self::$providers = array($provider->getMimeType() => $provider);
-			return;
+			self::$providers = array();
 		}
 
 		if(count(self::$providers)>0) {
@@ -633,8 +657,7 @@ class Preview {
 		}
 
 		//remove last element because it has the mimetype *
-		$providers = array_slice(self::$providers, 0, -1);
-		foreach($providers as $supportedMimetype => $provider) {
+		foreach(self::$providers as $supportedMimetype => $provider) {
 			if(preg_match($supportedMimetype, $mimetype)) {
 				return true;
 			}
diff --git a/lib/private/preview/svg.php b/lib/private/preview/svg.php
index b49e51720fa..488e3411ee8 100644
--- a/lib/private/preview/svg.php
+++ b/lib/private/preview/svg.php
@@ -25,6 +25,11 @@ if (extension_loaded('imagick')) {
 					$content = '<?xml version="1.0" encoding="UTF-8" standalone="no"?>' . $content;
 				}
 
+				// Do not parse SVG files with references
+				if(stripos($content, 'xlink:href') !== false) {
+					return false;
+				}
+
 				$svg->readImageBlob($content);
 				$svg->setImageFormat('png32');
 			} catch (\Exception $e) {
diff --git a/lib/private/preview/unknown.php b/lib/private/preview/unknown.php
deleted file mode 100644
index 4747f9e25ed..00000000000
--- a/lib/private/preview/unknown.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-/**
- * Copyright (c) 2013 Frank Karlitschek frank@owncloud.org
- * Copyright (c) 2013 Georg Ehrke georg@ownCloud.com
- * This file is licensed under the Affero General Public License version 3 or
- * later.
- * See the COPYING-README file.
- */
-namespace OC\Preview;
-
-class Unknown extends Provider {
-
-	public function getMimeType() {
-		return '/.*/';
-	}
-
-	public function getThumbnail($path, $maxX, $maxY, $scalingup, $fileview) {
-		$mimetype = $fileview->getMimeType($path);
-
-		$path = \OC_Helper::mimetypeIcon($mimetype);
-		$path = \OC::$SERVERROOT . substr($path, strlen(\OC::$WEBROOT));
-
-		$svgPath = substr_replace($path, 'svg', -3);
-
-		if (extension_loaded('imagick') && file_exists($svgPath)) {
-
-			// http://www.php.net/manual/de/imagick.setresolution.php#85284
-			$svg = new \Imagick();
-			$svg->readImage($svgPath);
-			$res = $svg->getImageResolution();
-			$x_ratio = $res['x'] / $svg->getImageWidth();
-			$y_ratio = $res['y'] / $svg->getImageHeight();
-			$svg->removeImage();
-			$svg->setResolution($maxX * $x_ratio, $maxY * $y_ratio);
-			$svg->setBackgroundColor(new \ImagickPixel('transparent'));
-			$svg->readImage($svgPath);
-			$svg->setImageFormat('png32');
-
-			$image = new \OC_Image();
-			$image->loadFromData($svg);
-		} else {
-			$image = new \OC_Image($path);
-		}
-
-		return $image;
-	}
-}
-
-\OC\Preview::registerProvider('OC\Preview\Unknown');