img: restrict to JPEG, PNG and GIF images by default

[git.ikiwiki.info.git] / IkiWiki / Plugin / img.pm

diff --git a/IkiWiki/Plugin/img.pm b/IkiWiki/Plugin/img.pm
index a63e27dd6e5005dac324062fce2aac4bb977afeb..53d963425eb1dade14cdb5e8406457b20b2916f7 100644 (file)
--- a/IkiWiki/Plugin/img.pm
+++ b/IkiWiki/Plugin/img.pm
@@ -21,6 +21,28 @@ sub getsetup () {
                        rebuild => undef,
                        section => "widget",
                },
+               img_allowed_formats => {
+                       type => "string",
+                       default => [qw(jpeg png gif)],
+                       description => "Image formats to process (jpeg, png, gif, pdf, svg or 'everything' to accept all)",
+                       # ImageMagick has had arbitrary code execution flaws,
+                       # and the whole delegates mechanism is scary from
+                       # that perspective
+                       safe => 0,
+                       rebuild => 0,
+               },
+}
+
+sub allowed {
+       my $format = shift;
+       my $allowed = $config{img_allowed_formats};
+       $allowed = ['jpeg', 'png'] unless defined $allowed && @$allowed;
+
+       foreach my $a (@$allowed) {
+               return 1 if $a eq $format || $a eq 'everything';
+       }
+
+       return 0;
 }
 
 sub preprocess (@) {
@@ -97,6 +119,8 @@ sub preprocess (@) {
                $format = '';
        }
 
+       error sprintf(gettext("%s image processing disabled in img_allowed_formats configuration"), $format ? $format : "\"$extension\"") unless allowed($format ? $format : "everything");
+
        my $issvg = $base=~s/\.svg$/.png/i;
        my $ispdf = $base=~s/\.pdf$/.png/i;
        my $pagenumber = exists($params{pagenumber}) ? int($params{pagenumber}) : 0;