[StoreRemoteMedia] StoreRemoteMedia now uses the new filename format, which allows it to display correctly in the UI. Formatting fixes

This commit is contained in:
Miguel Dantas 2019-06-30 13:36:33 +01:00 committed by Diogo Cordeiro
parent 8f31a1a820
commit f746866b65
6 changed files with 169 additions and 98 deletions

View File

@ -341,23 +341,27 @@ class File extends Managed_DataObject
* @return string|bool Value from the 'extblacklist' array, in the config * @return string|bool Value from the 'extblacklist' array, in the config
*/ */
public static function getSafeExtension(string $filename) { public static function getSafeExtension(string $filename) {
if (preg_match('/^.+?\.([A-Za-z0-9]+)$/', $filename, $matches)) { if (preg_match('/^.+?\.([A-Za-z0-9]+)$/', $filename, $matches) === 1) {
// we matched on a file extension, so let's see if it means something. // we matched on a file extension, so let's see if it means something.
common_debug("MATCHES EXT: " . print_r($matches, true));
$ext = mb_strtolower($matches[1]); $ext = mb_strtolower($matches[1]);
$blacklist = common_config('attachments', 'extblacklist'); $blacklist = common_config('attachments', 'extblacklist');
// If we got an extension from $filename we want to check if it's in a blacklist // If we got an extension from $filename we want to check if it's in a blacklist
// so we avoid people uploading restricted files // so we avoid people uploading restricted files
if (array_key_exists($ext, $blacklist)) { if (array_key_exists($ext, $blacklist)) {
if (!is_string($blacklist[$ext])) { if (!is_string($blacklist[$ext])) {
// Blocked
return false; return false;
} }
// return a safe replacement extension ('php' => 'phps' for example) // return a safe replacement extension ('php' => 'phps' for example)
return $blacklist[$ext]; return $blacklist[$ext];
} } else {
// the attachment extension based on its filename was not blacklisted so it's ok to use it // the attachment extension based on its filename was not blacklisted so it's ok to use it
return $ext; return $ext;
}
} else { } else {
return false; // No extension
return null;
} }
} }

View File

@ -87,7 +87,8 @@ class AttachmentList extends Widget
if ($this->notice->getProfile()->isSilenced()) { if ($this->notice->getProfile()->isSilenced()) {
// TRANS: Message for inline attachments list in notices when the author has been silenced. // TRANS: Message for inline attachments list in notices when the author has been silenced.
$this->element('div', ['class'=>'error'], _('Attachments are hidden because this profile has been silenced.')); $this->element('div', ['class'=>'error'],
_('Attachments are hidden because this profile has been silenced.'));
return 0; return 0;
} }

View File

@ -181,7 +181,8 @@ class AttachmentListItem extends Widget
unset($thumb); // there's no need carrying this along unset($thumb); // there's no need carrying this along
switch (common_bare_mime($this->attachment->mimetype)) { switch (common_bare_mime($this->attachment->mimetype)) {
case 'text/plain': case 'text/plain':
$this->element('div', ['class'=>'e-content plaintext'], file_get_contents($this->attachment->getPath())); $this->element('div', ['class'=>'e-content plaintext'],
file_get_contents($this->attachment->getPath()));
break; break;
case 'text/html': case 'text/html':
if (!empty($this->attachment->filename) if (!empty($this->attachment->filename)

View File

@ -236,6 +236,76 @@ class MediaFile
return common_config('attachments', 'file_quota'); return common_config('attachments', 'file_quota');
} }
/**
* Encodes a file name and a file hash in the new file format, which is used to avoid
* having an extension in the file, removing trust in extensions, while keeping the original name
* @throws ClientException
*/
public static function encodeFilename(string $original_name, string $filehash, string $ext = null) : string
{
if (empty($original_name)) {
$original_name = _('Untitled attachment');
}
// If we're given an extension explicitly, use it, otherwise...
$ext = $ext ?:
// get a replacement extension if configured, returns false if it's blocked,
// null if no extension
File::getSafeExtension($original_name);
if ($ext === false) {
throw new ClientException(_('Blacklisted file extension.'));
}
common_debug("EXT: " . print_r($ext, true));
if (!empty($ext)) {
// Remove dots if we have them (make sure they're not repeated)
$ext = preg_replace('/^\.+/', '', $ext);
$original_name = preg_replace('/\.+.+$/i', ".{$ext}", $original_name);
}
$enc_name = bin2hex($original_name);
return "{$enc_name}-{$filehash}";
}
/**
* Decode the new filename format
* @return false | null | string on failure, no match (old format) or original file name, respectively
*/
public static function decodeFilename(string $encoded_filename)
{
$ret = preg_match('/^([^-]+?)-[^-]+$/', $encoded_filename, $matches);
if ($ret === false) {
return false;
} elseif ($ret === 0) {
return null; // No match
} else {
$filename = hex2bin($matches[1]);
// Matches extension
if (preg_match('/^(.+?)\.(.+)$/', $filename, $sub_matches) === 1) {
$ext = $sub_matches[2];
// Previously, there was a blacklisted extension array, which could have an alternative
// extension, such as phps, to replace php. We want to turn it back (this is deprecated,
// as it no longer makes sense, since we don't trust trust files based on extension,
// but keep the feature)
$blacklist = common_config('attachments', 'extblacklist');
if (is_array($blacklist)) {
foreach ($blacklist as $upload_ext => $safe_ext) {
if ($ext === $safe_ext) {
$ext = $upload_ext;
break;
}
}
}
return "{$sub_matches[1]}.{$ext}";
} else {
// No extension, don't bother trying to replace it
return $filename;
}
}
}
/** /**
* Create a new MediaFile or ImageFile object from an upload * Create a new MediaFile or ImageFile object from an upload
* *
@ -314,12 +384,6 @@ class MediaFile
File::respectsQuota($scoped, $_FILES[$param]['size']); File::respectsQuota($scoped, $_FILES[$param]['size']);
} }
// Gets a replacement extension if configured in the config, returns false if it's blocked
$ext = File::getSafeExtension($_FILES[$param]['name']);
if ($ext === false) {
throw new ClientException(_('Blacklisted file extension.'));
}
$mimetype = self::getUploadedMimeType($_FILES[$param]['tmp_name'], $_FILES[$param]['name']); $mimetype = self::getUploadedMimeType($_FILES[$param]['tmp_name'], $_FILES[$param]['name']);
$media = common_get_mime_media($mimetype); $media = common_get_mime_media($mimetype);
@ -334,14 +398,7 @@ class MediaFile
$ext = image_type_to_extension($img->preferredType(), false); $ext = image_type_to_extension($img->preferredType(), false);
} }
// If we have a replacement extension (either from the config or from converting an image) $filename = self::encodeFilename($basename, $filehash, $ext);
if ($ext !== false) {
$basename = preg_replace("/\..+$/i", ".{$ext}", $basename);
}
// New file name format
$original_filename = bin2hex($basename);
$filename = "{$original_filename}-{$filehash}";
$filepath = File::path($filename); $filepath = File::path($filename);
if ($media === 'image') { if ($media === 'image') {
@ -582,27 +639,26 @@ class MediaFile
} }
// New file name format is "{bin2hex(original_name.ext)}-{$hash}" // New file name format is "{bin2hex(original_name.ext)}-{$hash}"
$ret = preg_match('/^([^\.-]+)-.+$/', $file->filename, $matches); $filename = self::decodeFilename($file->filename);
// If there was an error in the match, something's wrong with some piece // If there was an error in the match, something's wrong with some piece
// of code (could be a file with utf8 chars in the name) // of code (could be a file with utf8 chars in the name)
$log_error_msg = "Invalid file name for File with id={$file->id} " . $log_error_msg = "Invalid file name for File with id={$file->id} " .
"({$file->filename}). Some plugin probably did something wrong."; "({$file->filename}). Some plugin probably did something wrong.";
if ($filename === false) {
if ($ret === false) {
common_log(LOG_ERR, $log_error_msg); common_log(LOG_ERR, $log_error_msg);
} elseif ($ret === 1) { } elseif ($filename === null) {
$filename = hex2bin($matches[1]); // The old file name format was "{hash}.{ext}" so we didn't have a name
} else { // This extracts the extension
// The old file name format was "{hash}.{ext}"
// This estracts the extension
$ret = preg_match('/^.+?\.(.+)$/', $file->filename, $matches); $ret = preg_match('/^.+?\.(.+)$/', $file->filename, $matches);
if ($ret !== 1) { if ($ret !== 1) {
common_log(LOG_ERR, $log_error_msg); common_log(LOG_ERR, $log_error_msg);
return _('Untitled attachment'); return _('Untitled attachment');
} }
$ext = $matches[1]; $ext = $matches[1];
// Previously, there was a blacklisted extension array, which could have an alternative // There's a blacklisted extension array, which could have an alternative
// extension, such as phps, to replace php. We want to turn it back // extension, such as phps, to replace php. We want to turn it back
// (currently defaulted to empty, but let's keep the feature)
$blacklist = common_config('attachments', 'extblacklist'); $blacklist = common_config('attachments', 'extblacklist');
if (is_array($blacklist)) { if (is_array($blacklist)) {
foreach ($blacklist as $upload_ext => $safe_ext) { foreach ($blacklist as $upload_ext => $safe_ext) {

View File

@ -421,7 +421,8 @@ class OembedPlugin extends Plugin
// All our remote Oembed images lack a local filename property in the File object // All our remote Oembed images lack a local filename property in the File object
if (!is_null($file->filename)) { if (!is_null($file->filename)) {
common_debug(sprintf('Filename of file id==%d is not null (%s), so nothing oEmbed should handle.', $file->getID(), _ve($file->filename))); common_debug(sprintf('Filename of file id==%d is not null (%s), so nothing oEmbed '.
'should handle.', $file->getID(), _ve($file->filename)));
return true; return true;
} }
@ -440,10 +441,12 @@ class OembedPlugin extends Plugin
} catch (AlreadyFulfilledException $e) { } catch (AlreadyFulfilledException $e) {
// aw yiss! // aw yiss!
} catch (Exception $e) { } catch (Exception $e) {
common_debug(sprintf('oEmbed encountered an exception (%s) for file id==%d: %s', get_class($e), $file->getID(), _ve($e->getMessage()))); common_debug(sprintf('oEmbed encountered an exception (%s) for file id==%d: %s',
get_class($e), $file->getID(), _ve($e->getMessage())));
throw $e; throw $e;
} }
// Out
$imgPath = $thumbnail->getPath(); $imgPath = $thumbnail->getPath();
return false; return false;
@ -544,7 +547,8 @@ class OembedPlugin extends Plugin
protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail) protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail)
{ {
if (!empty($thumbnail->filename) && file_exists($thumbnail->getPath())) { if (!empty($thumbnail->filename) && file_exists($thumbnail->getPath())) {
throw new AlreadyFulfilledException(sprintf('A thumbnail seems to already exist for remote file with id==%u', $thumbnail->file_id)); throw new AlreadyFulfilledException(
sprintf('A thumbnail seems to already exist for remote file with id==%u', $thumbnail->file_id));
} }
$url = $thumbnail->getUrl(); $url = $thumbnail->getUrl();
@ -556,7 +560,8 @@ class OembedPlugin extends Plugin
$max_size = common_get_preferred_php_upload_limit(); $max_size = common_get_preferred_php_upload_limit();
$file_size = $this->getRemoteFileSize($url); $file_size = $this->getRemoteFileSize($url);
if (($file_size!=false) && ($file_size > $max_size)) { if (($file_size!=false) && ($file_size > $max_size)) {
common_debug("Went to store remote thumbnail of size " . $file_size . " but the upload limit is " . $max_size . " so we aborted."); common_debug("Went to store remote thumbnail of size " . $file_size .
" but the upload limit is " . $max_size . " so we aborted.");
return false; return false;
} }
} }
@ -567,7 +572,8 @@ class OembedPlugin extends Plugin
// First we download the file to memory and test whether it's actually an image file // First we download the file to memory and test whether it's actually an image file
// FIXME: To support remote video/whatever files, this needs reworking. // FIXME: To support remote video/whatever files, this needs reworking.
common_debug(sprintf('Downloading remote thumbnail for file id==%u with thumbnail URL: %s', $thumbnail->file_id, $url)); common_debug(sprintf('Downloading remote thumbnail for file id==%u with thumbnail URL: %s',
$thumbnail->file_id, $url));
$imgData = HTTPClient::quickGet($url); $imgData = HTTPClient::quickGet($url);
$info = @getimagesizefromstring($imgData); $info = @getimagesizefromstring($imgData);
if ($info === false) { if ($info === false) {
@ -580,14 +586,17 @@ class OembedPlugin extends Plugin
try { try {
// We'll trust sha256 (File::FILEHASH_ALG) not to have collision issues any time soon :) // We'll trust sha256 (File::FILEHASH_ALG) not to have collision issues any time soon :)
$filename = sprintf('oembed-%d.%s', hash(File::FILEHASH_ALG, $imgData), $ext); $original_filename = bin2hex('oembed.' . $ext);
$filehash = hash(File::FILEHASH_ALG, $imgData);
$filename = "{$original_filename}-{$filehash}";
$fullpath = File_thumbnail::path($filename); $fullpath = File_thumbnail::path($filename);
// Write the file to disk. Throw Exception on failure // Write the file to disk. Throw Exception on failure
if (!file_exists($fullpath) && file_put_contents($fullpath, $imgData) === false) { if (!file_exists($fullpath) && file_put_contents($fullpath, $imgData) === false) {
throw new ServerException(_('Could not write downloaded file to disk.')); throw new ServerException(_('Could not write downloaded file to disk.'));
} }
} catch (Exception $err) { } catch (Exception $err) {
common_log(LOG_ERROR, "Went to write a thumbnail to disk in OembedPlugin::storeRemoteThumbnail but encountered error: {$err}"); common_log(LOG_ERROR, "Went to write a thumbnail to disk in OembedPlugin::storeRemoteThumbnail " .
"but encountered error: {$err}");
return $err; return $err;
} finally { } finally {
unset($imgData); unset($imgData);
@ -602,7 +611,8 @@ class OembedPlugin extends Plugin
// Throws exception on failure. // Throws exception on failure.
$thumbnail->updateWithKeys($orig); $thumbnail->updateWithKeys($orig);
} catch (exception $err) { } catch (exception $err) {
common_log(LOG_ERROR, "Went to write a thumbnail entry to the database in OembedPlugin::storeRemoteThumbnail but encountered error: ".$err); common_log(LOG_ERROR, "Went to write a thumbnail entry to the database in " .
"OembedPlugin::storeRemoteThumbnail but encountered error: ".$err);
return $err; return $err;
} }
return true; return true;

View File

@ -10,19 +10,21 @@ class StoreRemoteMediaPlugin extends Plugin
// settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...)); // settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...));
// WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings // WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings
public $domain_whitelist = array( // hostname => service provider public $domain_whitelist = [
// hostname => service provider
'^i\d*\.ytimg\.com$' => 'YouTube', '^i\d*\.ytimg\.com$' => 'YouTube',
'^i\d*\.vimeocdn\.com$' => 'Vimeo', '^i\d*\.vimeocdn\.com$' => 'Vimeo',
); ];
public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
public $append_whitelist = []; // fill this array as domain_whitelist to add more trusted sources
public $check_whitelist = false; // security/abuse precaution public $check_whitelist = false; // security/abuse precaution
public $domain_blacklist = array(); public $domain_blacklist = [];
public $check_blacklist = false; public $check_blacklist = false;
public $max_image_bytes = 10485760; // 10MiB max image size by default public $max_image_bytes = 10 * 1024 * 1024; // 10MiB max image size by default
protected $imgData = array(); protected $imgData = [];
// these should be declared protected everywhere // these should be declared protected everywhere
public function initialize() public function initialize()
@ -32,38 +34,6 @@ class StoreRemoteMediaPlugin extends Plugin
$this->domain_whitelist = array_merge($this->domain_whitelist, $this->append_whitelist); $this->domain_whitelist = array_merge($this->domain_whitelist, $this->append_whitelist);
} }
/**
* Save embedding information for a File, if applicable.
*
* Normally this event is called through File::saveNew()
*
* @param File $file The abount-to-be-inserted File object.
*
* @return boolean success
*/
public function onStartFileSaveNew(File &$file)
{
// save given URL as title if it's a media file this plugin understands
// which will make it shown in the AttachmentList widgets
if (isset($file->title) && strlen($file->title)>0) {
// Title is already set
return true;
}
if (!isset($file->mimetype)) {
// Unknown mimetype, it's not our job to figure out what it is.
return true;
}
switch (common_get_mime_media($file->mimetype)) {
case 'image':
// Just to set something for now at least...
//$file->title = $file->mimetype;
break;
}
return true;
}
public function onCreateFileImageThumbnailSource(File $file, &$imgPath, $media=null) public function onCreateFileImageThumbnailSource(File $file, &$imgPath, $media=null)
{ {
// If we are on a private node, we won't do any remote calls (just as a precaution until // If we are on a private node, we won't do any remote calls (just as a precaution until
@ -92,41 +62,61 @@ class StoreRemoteMediaPlugin extends Plugin
return true; return true;
} }
// Relative URL, something's off
if (empty(parse_url($remoteUrl, PHP_URL_HOST))) {
common_err("StoreRemoteMedia found a url without host (\"{$remoteUrl}\") for file with id = {$file->id}");
return true;
}
try { try {
/*
$http = new HTTPClient(); $http = new HTTPClient();
common_debug(sprintf('Performing HEAD request for remote file id==%u to avoid unnecessarily downloading too large files. URL: %s', $file->getID(), $remoteUrl)); common_debug(sprintf('Performing HEAD request for remote file id==%u to avoid '.
'unnecessarily downloading too large files. URL: %s',
$file->getID(), $remoteUrl));
$head = $http->head($remoteUrl); $head = $http->head($remoteUrl);
$remoteUrl = $head->getEffectiveUrl(); // to avoid going through redirects again $remoteUrl = $head->getEffectiveUrl(); // to avoid going through redirects again
if (!$this->checkBlackList($remoteUrl)) { if (!$this->checkBlackList($remoteUrl)) {
common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s', __CLASS__, $file->getUrl(), $remoteUrl)); common_log(LOG_WARN, sprintf('%s: Non-blacklisted URL %s redirected to blacklisted URL %s',
__CLASS__, $file->getUrl(), $remoteUrl));
return true; return true;
} }
$headers = $head->getHeader(); $headers = $head->getHeader();
$filesize = isset($headers['content-length']) ? $headers['content-length'] : null; $filesize = isset($headers['content-length']) ?: $file->getSize();
*/
$filesize = $file->getSize();
if (empty($filesize)) { if (empty($filesize)) {
// file size not specified on remote server // file size not specified on remote server
common_debug(sprintf('%s: Ignoring remote media because we did not get a content length for file id==%u', __CLASS__, $file->getID())); common_debug(sprintf('%s: Ignoring remote media because we did not get a ' .
'content length for file id==%u', __CLASS__, $file->getID()));
return true; return true;
} elseif ($filesize > $this->max_image_bytes) { } elseif ($filesize > $this->max_image_bytes) {
//FIXME: When we perhaps start fetching videos etc. we'll need to differentiate max_image_bytes from that... //FIXME: When we perhaps start fetching videos etc. we'll need to
// differentiate max_image_bytes from that...
// file too big according to plugin configuration // file too big according to plugin configuration
common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than plugin configured max_image_bytes (%u) for file id==%u', __CLASS__, intval($filesize), $this->max_image_bytes, $file->getID())); common_debug(sprintf('%s: Skipping remote media because content length (%u) ' .
'is larger than plugin configured max_image_bytes (%u) ' .
'for file id==%u', __CLASS__, intval($filesize),
$this->max_image_bytes, $file->getID()));
return true; return true;
} elseif ($filesize > common_config('attachments', 'file_quota')) { } elseif ($filesize > common_config('attachments', 'file_quota')) {
// file too big according to site configuration // file too big according to site configuration
common_debug(sprintf('%s: Skipping remote media because content length (%u) is larger than file_quota (%u) for file id==%u', __CLASS__, intval($filesize), common_config('attachments', 'file_quota'), $file->getID())); common_debug(sprintf('%s: Skipping remote media because content length (%u) ' .
'is larger than file_quota (%u) for file id==%u',
__CLASS__, intval($filesize),
common_config('attachments', 'file_quota'), $file->getID()));
return true; return true;
} }
// Then we download the file to memory and test whether it's actually an image file // Then we download the file to memory and test whether it's actually an image file
common_debug(sprintf('Downloading remote file id==%u (should be size %u) with effective URL: %s', $file->getID(), $filesize, _ve($remoteUrl))); common_debug(sprintf('Downloading remote file id=%u (should be size %u) ' .
'with effective URL: %s', $file->getID(), $filesize, _ve($remoteUrl)));
$imgData = HTTPClient::quickGet($remoteUrl); $imgData = HTTPClient::quickGet($remoteUrl);
} catch (HTTP_Request2_ConnectionException $e) { } catch (HTTP_Request2_ConnectionException $e) {
common_log(LOG_ERR, __CLASS__.': '._ve(get_class($e)).' on URL: '._ve($file->getUrl()).' threw exception: '.$e->getMessage()); common_log(LOG_ERR, __CLASS__.': '._ve(get_class($e)).' on URL: ' .
_ve($file->getUrl()).' threw exception: '.$e->getMessage());
return true; return true;
} }
$info = @getimagesizefromstring($imgData); $info = @getimagesizefromstring($imgData);
@ -143,9 +133,16 @@ class StoreRemoteMediaPlugin extends Plugin
//FIXME: Add some code so we don't have to store duplicate File rows for same hash files. //FIXME: Add some code so we don't have to store duplicate File rows for same hash files.
} catch (NoResultException $e) { } catch (NoResultException $e) {
$filename = $filehash . '.' . common_supported_mime_to_ext($info['mime']); if (preg_match('/^.+; filename="(.+?)"$/', $headers['content-disposition'], $matches) === 1) {
$filename = MediaFile::encodeFilename($matches[1], $filehash);
} else {
common_log(LOG_ERR, "Couldn't determine filename for url: {$remoteUrl}");
// throw new ServerError(_("Couldn't determine filename for url: {$remoteUrl}"));
}
$fullpath = File::path($filename); $fullpath = File::path($filename);
common_debug("StoreRemoteMedia retrieved file with id={$file->id} and will store in {$filename}");
// Write the file to disk if it doesn't exist yet. Throw Exception on failure. // Write the file to disk if it doesn't exist yet. Throw Exception on failure.
if (!file_exists($fullpath) && file_put_contents($fullpath, $imgData) === false) { if (!file_exists($fullpath) && file_put_contents($fullpath, $imgData) === false) {
throw new ServerException(_('Could not write downloaded file to disk.')); throw new ServerException(_('Could not write downloaded file to disk.'));
@ -160,9 +157,11 @@ class StoreRemoteMediaPlugin extends Plugin
// Throws exception on failure. // Throws exception on failure.
$file->updateWithKeys($orig); $file->updateWithKeys($orig);
} }
// Get rid of the file from memory // Get rid of the file from memory
unset($imgData); unset($imgData);
// Output
$imgPath = $file->getPath(); $imgPath = $file->getPath();
return false; return false;