diff --git a/config/config.sample.php b/config/config.sample.php index 879ba9e9d0..3a2f3308e1 100755 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -284,6 +284,29 @@ $CONFIG = array( /* cl parameters for libreoffice / openoffice */ 'preview_office_cl_parameters' => '', +/** + * Only register providers that have been explicitly enabled + * + * The following providers are enabled by default: + * - OC\Preview\Image + * - OC\Preview\MP3 + * - OC\Preview\TXT + * - OC\Preview\MarkDown + * + * The following providers are disabled by default due to performance or privacy concerns: + * - OC\Preview\Office + * - OC\Preview\SVG + * - OC\Preview\Movies + * - OC\Preview\PDF + * - OC\Preview\Tiff + */ +'enabledPreviewProviders' => array( + 'OC\Preview\Image', + 'OC\Preview\MP3', + 'OC\Preview\TXT', + 'OC\Preview\MarkDown' +), + /* whether avatars should be enabled */ 'enable_avatars' => true, diff --git a/lib/private/preview.php b/lib/private/preview.php index b04cc2b856..9d44d00e68 100755 --- a/lib/private/preview.php +++ b/lib/private/preview.php @@ -13,7 +13,6 @@ */ namespace OC; -use OC\Files\Filesystem; use OC\Preview\Provider; use OCP\Files\NotFoundException; @@ -23,7 +22,6 @@ require_once 'preview/mp3.php'; require_once 'preview/pdf.php'; require_once 'preview/svg.php'; require_once 'preview/txt.php'; -require_once 'preview/unknown.php'; require_once 'preview/office.php'; require_once 'preview/tiff.php'; @@ -62,6 +60,7 @@ class Preview { //preview providers static private $providers = array(); static private $registeredProviders = array(); + static private $enabledProviders = array(); /** * @var \OCP\Files\FileInfo @@ -669,12 +668,39 @@ class Preview { } /** - * register a new preview provider to be used + * Register a new preview provider to be used + * @param $class * @param array $options - * @return void */ public static function registerProvider($class, $options = array()) { - self::$registeredProviders[] = array('class' => $class, 'options' => $options); + /** + * Only register providers that have been explicitly enabled + * + * The following providers are enabled by default: + * - OC\Preview\Image + * - OC\Preview\MP3 + * - OC\Preview\TXT + * - OC\Preview\MarkDown + * + * The following providers are disabled by default due to performance or privacy concerns: + * - OC\Preview\Office + * - OC\Preview\SVG + * - OC\Preview\Movies + * - OC\Preview\PDF + * - OC\Preview\Tiff + */ + if(empty(self::$enabledProviders)) { + self::$enabledProviders = \OC::$server->getConfig()->getSystemValue('enabledPreviewProviders', array( + 'OC\Preview\Image', + 'OC\Preview\MP3', + 'OC\Preview\TXT', + 'OC\Preview\MarkDown', + )); + } + + if(in_array($class, self::$enabledProviders)) { + self::$registeredProviders[] = array('class' => $class, 'options' => $options); + } } /** @@ -682,9 +708,8 @@ class Preview { * @return void */ private static function initProviders() { - if (!\OC_Config::getValue('enable_previews', true)) { - $provider = new Preview\Unknown(array()); - self::$providers = array($provider->getMimeType() => $provider); + if (!\OC::$server->getConfig()->getSystemValue('enable_previews', true)) { + self::$providers = array(); return; } @@ -698,12 +723,12 @@ class Preview { /** @var $object Provider */ $object = new $class($options); - self::$providers[$object->getMimeType()] = $object; } $keys = array_map('strlen', array_keys(self::$providers)); array_multisort($keys, SORT_DESC, self::$providers); + } public static function post_write($args) { @@ -758,9 +783,7 @@ class Preview { self::initProviders(); } - //remove last element because it has the mimetype * - $providers = array_slice(self::$providers, 0, -1); - foreach ($providers as $supportedMimeType => $provider) { + foreach (self::$providers as $supportedMimeType => $provider) { /** * @var \OC\Preview\Provider $provider */ diff --git a/lib/private/preview/svg.php b/lib/private/preview/svg.php index 82ef3cdebf..0b5dbc9716 100644 --- a/lib/private/preview/svg.php +++ b/lib/private/preview/svg.php @@ -31,6 +31,11 @@ if (extension_loaded('imagick')) { $content = '' . $content; } + // Do not parse SVG files with references + if(stripos($content, 'xlink:href') !== false) { + return false; + } + $svg->readImageBlob($content); $svg->setImageFormat('png32'); } catch (\Exception $e) { diff --git a/lib/private/preview/unknown.php b/lib/private/preview/unknown.php deleted file mode 100644 index 2d3b5c5655..0000000000 --- a/lib/private/preview/unknown.php +++ /dev/null @@ -1,49 +0,0 @@ -getMimeType($path); - - $path = \OC_Helper::mimetypeIcon($mimetype); - $path = \OC::$SERVERROOT . substr($path, strlen(\OC::$WEBROOT)); - - $svgPath = substr_replace($path, 'svg', -3); - - if (extension_loaded('imagick') && file_exists($svgPath) && count(@\Imagick::queryFormats("SVG")) === 1) { - - // http://www.php.net/manual/de/imagick.setresolution.php#85284 - $svg = new \Imagick(); - $svg->readImage($svgPath); - $res = $svg->getImageResolution(); - $x_ratio = $res['x'] / $svg->getImageWidth(); - $y_ratio = $res['y'] / $svg->getImageHeight(); - $svg->removeImage(); - $svg->setResolution($maxX * $x_ratio, $maxY * $y_ratio); - $svg->setBackgroundColor(new \ImagickPixel('transparent')); - $svg->readImage($svgPath); - $svg->setImageFormat('png32'); - - $image = new \OC_Image(); - $image->loadFromData($svg); - } else { - $image = new \OC_Image($path); - } - - return $image; - } -} - -\OC\Preview::registerProvider('OC\Preview\Unknown');