Add strict image validation #17458
Add strict image validation #17458
Conversation
c4a0e11 to
1d3a0d3
Compare
| @@ -43,6 +44,22 @@ public function validate($value, Constraint $constraint) | |||
| return; | |||
| } | |||
|
|
|||
| if ($constraint->strict) { | |||
| if (!function_exists('imagecreatefromstring')) { | |||
| throw new RuntimeException('Strict image validation requires installed and enabled GD extension'); | |||
There was a problem hiding this comment.
I think the error should be triggered when the constraint is configured not when the validation happens.
There was a problem hiding this comment.
same logis uses in email validator: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Validator/Constraints/EmailValidator.php#L57
There was a problem hiding this comment.
Imo we should then change that in the EmailValidator too (if there isn't a reason for doing it this way that I am missing).
There was a problem hiding this comment.
Don't know, but is constraints can be cached and serialized? If yes and constructor wouldn't called then we will miss this check sometimes ang get fatal error in constraint validator.
|
👍 great addition |
| @@ -61,6 +61,7 @@ class Image extends File | |||
| public $allowSquare = true; | |||
| public $allowLandscape = true; | |||
| public $allowPortrait = true; | |||
| public $strict = false; | |||
There was a problem hiding this comment.
I don't like strict here as it does not convey what it really does.
There was a problem hiding this comment.
Can you suggest other name?
There was a problem hiding this comment.
checkIfCorrupted
allowCorrupted
detectCorrupted
allowUnsupported
detectUnsupported
checkUnsupported or checkIfUnsupported
An image resource will be returned on success. FALSE is returned if the image type is unsupported, the data is not in a recognised format, or the image is corrupt and cannot be loaded.
http://php.net/manual/en/function.imagecreatefromstring.php
d16b576 to
c46441f
Compare
|
@fabpot |
|
May be we should add a note on this feature in the docs about memory issue? Because default configuration of php is not fit to open HD image in memory via |
|
I think we could accept this PR if the new constraint is disabled by default, and also if the check is done after getimagesize validation |
|
I agree with @nicolas-grekas. |
|
Are there any things that should to be done which blocks PR merging? @symfony/mergers |
c46441f to
0405ac6
Compare
|
@fabpot I've added |
|
Thanks for that PR! |
| @@ -74,4 +77,5 @@ class Image extends File | |||
| public $allowSquareMessage = 'The image is square ({{ width }}x{{ height }}px). Square images are not allowed.'; | |||
| public $allowLandscapeMessage = 'The image is landscape oriented ({{ width }}x{{ height }}px). Landscape oriented images are not allowed.'; | |||
| public $allowPortraitMessage = 'The image is portrait oriented ({{ width }}x{{ height }}px). Portrait oriented images are not allowed.'; | |||
| public $corruptedMessage = 'This file contains corrupted image.'; | |||
There was a problem hiding this comment.
I suggest The image file is corrupted.
|
@Koc please move corruption check after image size validation. |
62b1a3e to
a298f22
Compare
|
@nicolas-grekas done. Travis failure looks unrelated |
|
|
||
| if ($constraint->detectCorrupted) { | ||
| if (!function_exists('imagecreatefromstring')) { | ||
| throw new RuntimeException('Strict image validation requires installed and enabled GD extension'); |
There was a problem hiding this comment.
Corrupted images detection requires... ?
|
👍 with one minor comment |
a298f22 to
7b6a96e
Compare
|
Thank you @Koc. |
This PR was merged into the 3.1-dev branch. Discussion ---------- Add strict image validation | Q | A | ------------- | --- | Bug fix? | yes (current validator does not validates corrupted images) | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | not, but fail looks like not relates to this PR | Fixed tickets | - | License | MIT | Doc PR | - getimagesize returns correct size for corrupted images, so I've added another check Commits ------- 7b6a96e Add corrupted images validation
…ions (javiereguiluz) This PR was squashed before being merged into the master branch (closes #6433). Discussion ---------- Documented the detectCorrupted and corruptedMessage options | Q | A | ------------- | --- | Doc fix? | no | New docs? | yes | Applies to | master (3.1+) | Fixed tickets | symfony/symfony#17458 Commits ------- 2140822 Documented the detectCorrupted and corruptedMessage options
getimagesize returns correct size for corrupted images, so I've added another check