-
Notifications
You must be signed in to change notification settings - Fork 26
/
webp.php
135 lines (115 loc) · 3.21 KB
/
webp.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?php
$includes = [
__DIR__ . '/../../../vendor/autoload.php',
__DIR__ . '/vendor/autoload.php',
];
// Include the Composer autoloader.
foreach ($includes as $include) {
if (file_exists($include)) {
require $include;
}
}
use WebPConvert\WebPConvert;
use WebPConvert\Serve\ServeConvertedWebP;
/**
* Include Composer's autoloader, then convert and serve the WebP image.
* @return void
*/
function main()
{
$source = $_GET['path'];
// Prefix the input path with a slash if it is not there already.
if (strpos($source, '/') !== 0) {
$source = '/' . $source;
}
$baseDir = env('RESPONSIVE_IMAGES_BASE_DIR', __DIR__ . '/../../..');
$source = realpath($baseDir . $source);
$destination = $source . '.webp';
$path = validatePath($source);
if ($path === '') {
redirectNotFound();
die();
}
$maxSize = 750000; // 750 kb
if (strpos($_SERVER['HTTP_ACCEPT'], 'image/webp') === false || filesize($source) > $maxSize) {
ServeConvertedWebP::serveOriginal($source);
die();
}
WebPConvert::serveConverted($source, $destination, [
'fail' => 'original',
'fail-when-fail-fails' => '404',
'serve-image' => [
'headers' => [
'cache-control' => true,
'content-length' => true,
'content-type' => true,
'expires' => false,
'last-modified' => true,
'vary-accept' => false,
],
'cache-control-header' => 'public, max-age=31536000',
],
'convert' => [
'quality' => 95,
],
]);
}
main();
/**
* Make sure no one is tampering with the path's GET parameter.
*
* @param string $path
*
* @return string
*/
function validatePath(string $path)
{
if ( ! file_exists($path)) {
return '';
}
$path = realpath($path);
if ( ! realpath($path)) {
return '';
}
if (strpos($path, '..') !== false) {
return '';
}
if (strpos($path, './') !== false || strpos($path, '//') !== false) {
return '';
}
// Get the project's base path based on the current directory.
$basePath = str_replace('plugins/offline/responsiveimages', '', realpath(__DIR__));
// Make sure the included path starts with the project's base path.
if (strpos($path, $basePath) !== 0) {
return '';
}
return $path;
}
/**
* Redirect to October's /404 URL to trigger a not found response.
* @return void
*/
function redirectNotFound()
{
$location = sprintf('%s://%s/404', getProtocol(), $_SERVER['SERVER_NAME']);
header('Location: ' . $location);
die;
}
/**
* Determine the request protocol of the current request.
*
* @return string
*/
function getProtocol(): string
{
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
return 'https';
}
if ( ! empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
return 'https';
}
if ( ! empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on') {
return 'https';
}
return 'http';
}