WebP Express - Version 0.14.15

Version Description

(released: 26 jun 2019)

Fixed errors with "redirect to conversion script" on systems with symlinked folders
Fixed errors with "redirect to conversion script" on systems where the filename cannot be passed through an environment variable

Release Info

Developer	rosell.dk
Plugin	WebP Express
Version	0.14.15
Comparing to
See all releases

Code changes from version 0.14.14 to 0.14.15

Files changed (7) hide show

README.md +20 -0
README.txt +37 -17
lib/classes/CapabilityTest.php +2 -0
lib/classes/ConvertHelperIndependent.php +1 -1
lib/classes/SanityCheck.php +17 -7
webp-express.php +1 -1
wod/webp-on-demand.php +12 -6

README.md CHANGED Viewed

	@@ -9,6 +9,10 @@ Note that to use the version on github, you need to cd into the plugin folder
9	## Description
10	Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
11




12	### The image converter
13	The plugin uses the [WebP Convert](https://github.com/rosell-dk/webp-convert) library to convert images to webp. WebP Convert is able to convert images using multiple methods. There are the "local" conversion methods: `cwebp`, `gd`, `imagick`. If none of these works on your host, there are the cloud alternatives: `ewww` (paid) or connecting to a Wordpress site where you got WebP Express installed and you enabled the "web service" functionality.
14
	@@ -597,6 +601,21 @@ Here are my current plans ahead: 0.15 will probably be a file manager-like inter
597
598	If you wish to affect priorities, it is certainly possible. You can try to argue your case in the forum or you can simply let the money do the talking. By donating as little as a cup of coffee on [ko-fi.com/rosell](https://ko-fi.com/rosell), you can leave a wish. I shall take these wishes into account when prioritizing between new features.
599















600	## Changes in 0.14.4
601	- Now bundles with multiple cwebp binaries for linux for systems where 1.0.2 fails.
602
	@@ -612,6 +631,7 @@ If you wish to affect priorities, it is certainly possible. You can try to argue
612	- A little something
613
614	## Changes in 0.14.0

615	- Added new "encoding" option, which can be set to auto. This can in some cases dramatically reduce the size of the webp. It is supported by all converters except ewww and gd.
616	- Added new "near-lossless" option (only for cwebp and vips). Using this is a good idea for reducing size of lossless webps with an acceptable loss of quality
617	- Added new "alpha-quality" option (all converters, except ewww and gd). Using this is a good idea when images with transparency are converted to lossy webp - it has the potential to reduce the size up to 50% (depending on the source material) while keeping an acceptable level of quality


9	## Description
10	Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
11
12	+ Security notice
13	+ Security issues has been found and fixed. I urge you to upgrade to the latest release (at least 0.14.11, but go with 0.14.15, as there are important bug fixes)
14	+
15	+
16	### The image converter
17	The plugin uses the [WebP Convert](https://github.com/rosell-dk/webp-convert) library to convert images to webp. WebP Convert is able to convert images using multiple methods. There are the "local" conversion methods: `cwebp`, `gd`, `imagick`. If none of these works on your host, there are the cloud alternatives: `ewww` (paid) or connecting to a Wordpress site where you got WebP Express installed and you enabled the "web service" functionality.
18

601
602	If you wish to affect priorities, it is certainly possible. You can try to argue your case in the forum or you can simply let the money do the talking. By donating as little as a cup of coffee on [ko-fi.com/rosell](https://ko-fi.com/rosell), you can leave a wish. I shall take these wishes into account when prioritizing between new features.
603
604	+ ## Changes in 0.14.12 - 0.14.15
605	+ - Fixed errors with "redirect to conversion script" on systems with symlinked folders
606	+ - Fixed errors with "redirect to conversion script" on systems where the filename cannot be passed through an environment variable
607	+
608	+ ## Changes in 0.14.5 - 0.14.11
609	+ The following security fixes has been applied in 0.14.0 - 0.14.11:
610	+ It is urged that you upgrade all of you WebP Express installations!
611	+
612	+ - Security fix: Closed a security hole that could be used to view the content of any file on the server (provided that the full path is known or guessed). This is a very serious flaw, which unfortunately has been around for quite a while.
613	+ - Security fix: Added capability checks to options page.
614	+ - Security fix: Sanitized user input.
615	+ - Security fix: Added checks for file paths and directories.
616	+ - Security fix: Nonces and capability checks for AJAX calls.
617	+
618	+
619	## Changes in 0.14.4
620	- Now bundles with multiple cwebp binaries for linux for systems where 1.0.2 fails.
621

631	- A little something
632
633	## Changes in 0.14.0
634	+ - Security fix: Closed a security hole that could be used to view the content of any file on the server (provided that the full path is known or guessed). This is a very serious flaw, which has been around for quite a while. I urge you to upgrade to 0.14.0.
635	- Added new "encoding" option, which can be set to auto. This can in some cases dramatically reduce the size of the webp. It is supported by all converters except ewww and gd.
636	- Added new "near-lossless" option (only for cwebp and vips). Using this is a good idea for reducing size of lossless webps with an acceptable loss of quality
637	- Added new "alpha-quality" option (all converters, except ewww and gd). Using this is a good idea when images with transparency are converted to lossy webp - it has the potential to reduce the size up to 50% (depending on the source material) while keeping an acceptable level of quality

README.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://ko-fi.com/rosell
4	Tags: webp, images, performance
5	Requires at least: 4.0
6	Tested up to: 5.2
7	- Stable tag: 0.14.14
8	Requires PHP: 5.6
9	License: GPLv3
10	License URI: https://www.gnu.org/licenses/gpl-3.0.html
	@@ -15,6 +15,9 @@ Serve autogenerated WebP images instead of jpeg/png to browsers that supports We
15
16	Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
17



18	### The image converter
19	The plugin uses the [WebP Convert](https://github.com/rosell-dk/webp-convert) library to convert images to webp. WebP Convert is able to convert images using multiple methods. There are the "local" conversion methods: `cwebp`, `gd`, `imagick`. If none of these works on your host, there are the cloud alternatives: `ewww` (paid) or connecting to a Wordpress site where you got WebP Express installed and you enabled the "web service" functionality.
20
	@@ -605,6 +608,12 @@ Easy enough! - [Go here!](https://ko-fi.com/rosell). Or [here](https://buymeacof
605
606	== Changelog ==
607






608	= 0.14.14 =
609	(released: 26 jun 2019)
610
	@@ -623,37 +632,44 @@ Easy enough! - [Go here!](https://ko-fi.com/rosell). Or [here](https://buymeacof
623	= 0.14.11 =
624	(released: 24 jun 2019)
625
626	- * ~~Tidied~~ up ~~code~~







627
628	= 0.14.10 =
629	(released: 24 jun 2019)
630
631	- * ~~Tidied~~ ~~up code~~
632
633	= 0.14.9 =
634	(released: 22 jun 2019)
635
636	- * ~~Tidied~~ ~~up code~~
637
638	= 0.14.8 =
639	(released: 21 jun 2019)
640
641	- * ~~Tidied~~ ~~up code~~
642
643	= 0.14.7 =
644	(released: 20 jun 2019)
645
646	- * Removed unneccesary files from webp-convert library
647
648	= 0.14.6 =
649	(released: 20 jun 2019)
650
651	- * ~~Various~~ ~~fixes~~
652
653	= 0.14.5 =
654	(released: 20 jun 2019)
655
656	- * ~~Various~~ ~~fixes~~
657
658	= 0.14.4 =
659	(released: 18 jun 2019)
	@@ -675,11 +691,12 @@ Easy enough! - [Go here!](https://ko-fi.com/rosell). Or [here](https://buymeacof
675	= 0.14.1 =
676	(released: 15 jun 2019)
677
678	- * A ~~little something~~
679
680	= 0.14.0 =
681	(released: 15 jun 2019)
682

683	* Added new "encoding" option, which can be set to auto. This can in some cases dramatically reduce the size of the webp. It is supported by all converters except ewww and gd.
684	* Added new "near-lossless" option (only for cwebp and vips). Using this is a good idea for reducing size of lossless webps with an acceptable loss of quality
685	* Added new "alpha-quality" option (all converters, except ewww and gd). Using this is a good idea when images with transparency are converted to lossy webp - it has the potential to reduce the size up to 50% (depending on the source material) while keeping an acceptable level of quality
	@@ -869,6 +886,9 @@ For older releases, check out changelog.txt
869
870	== Upgrade Notice ==
871



872	= 0.14.14 =
873	Fixed errors on systems with symlinked folders
874
	@@ -879,25 +899,25 @@ Fixed errors in conversion scripts
879	Fixed critical bug
880
881	= 0.14.11 =
882	- ~~Tidied~~ up ~~code~~
883
884	= 0.14.10 =
885	- ~~Tidied~~ ~~up code~~
886
887	= 0.14.9 =
888	- ~~Tidied~~ ~~up code~~
889
890	= 0.14.8 =
891	- ~~Tidied~~ ~~up code~~
892
893	= 0.14.7 =
894	- Removed unneccesary files from webp-convert library
895
896	= 0.14.6 =
897	- ~~Various~~ ~~fixes~~
898
899	= 0.14.5 =
900	- ~~Various~~ ~~fixes~~
901
902	= 0.14.4 =
903	Now bundles with multiple cwebp binaries for linux for systems where 1.0.2 fails.
	@@ -909,7 +929,7 @@ Fixed supplied binary for cwebp (linux)
909	A couple of bugfixes
910
911	= 0.14.1 =
912	- A ~~little something~~
913
914	= 0.14.0 =
915	New awesome conversion options that gets you even smaller webp files without compromising quality.


4	Tags: webp, images, performance
5	Requires at least: 4.0
6	Tested up to: 5.2
7	+ Stable tag: 0.14.15
8	Requires PHP: 5.6
9	License: GPLv3
10	License URI: https://www.gnu.org/licenses/gpl-3.0.html

15
16	Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
17
18	+ Security notice
19	+ Security issues has recently been found and fixed. I urge you to upgrade to the latest release (at least 0.14.11, but go with 0.14.15, as there are important bug fixes)
20	+
21	### The image converter
22	The plugin uses the [WebP Convert](https://github.com/rosell-dk/webp-convert) library to convert images to webp. WebP Convert is able to convert images using multiple methods. There are the "local" conversion methods: `cwebp`, `gd`, `imagick`. If none of these works on your host, there are the cloud alternatives: `ewww` (paid) or connecting to a Wordpress site where you got WebP Express installed and you enabled the "web service" functionality.
23

608
609	== Changelog ==
610
611	+ = 0.14.15 =
612	+ (released: 26 jun 2019)
613	+
614	+ * Fixed errors with "redirect to conversion script" on systems with symlinked folders
615	+ * Fixed errors with "redirect to conversion script" on systems where the filename cannot be passed through an environment variable
616	+
617	= 0.14.14 =
618	(released: 26 jun 2019)
619

632	= 0.14.11 =
633	(released: 24 jun 2019)
634
635	+ The following security fixes has been applied in 0.14.0 - 0.14.11:
636	+ It is urged that you upgrade all of you WebP Express installations!
637	+
638	+ – Security fix: Closed a security hole that could be used to view the content of any file on the server (provided that the full path is known or guessed). This is a very serious flaw, which unfortunately has been around for quite a while.
639	+ – Security fix: Added capability checks to options page.
640	+ – Security fix: Sanitized user input.
641	+ – Security fix: Added checks for file paths and directories.
642	+ – Security fix: Nonces and capability checks for AJAX calls.
643
644	= 0.14.10 =
645	(released: 24 jun 2019)
646
647	+ * Security related
648
649	= 0.14.9 =
650	(released: 22 jun 2019)
651
652	+ * Security related
653
654	= 0.14.8 =
655	(released: 21 jun 2019)
656
657	+ * Security related
658
659	= 0.14.7 =
660	(released: 20 jun 2019)
661
662	+ * Security related: Removed unneccesary files from webp-convert library
663
664	= 0.14.6 =
665	(released: 20 jun 2019)
666
667	+ * Security related
668
669	= 0.14.5 =
670	(released: 20 jun 2019)
671
672	+ * Security related
673
674	= 0.14.4 =
675	(released: 18 jun 2019)

691	= 0.14.1 =
692	(released: 15 jun 2019)
693
694	+ * Security related
695
696	= 0.14.0 =
697	(released: 15 jun 2019)
698
699	+ * Security fix: Closed a security hole that could be used to view the content of any file on the server (provided that the full path is known or guessed). This is a very serious flaw, which has been around for quite a while. I urge you to upgrade to 0.14.0.
700	* Added new "encoding" option, which can be set to auto. This can in some cases dramatically reduce the size of the webp. It is supported by all converters except ewww and gd.
701	* Added new "near-lossless" option (only for cwebp and vips). Using this is a good idea for reducing size of lossless webps with an acceptable loss of quality
702	* Added new "alpha-quality" option (all converters, except ewww and gd). Using this is a good idea when images with transparency are converted to lossy webp - it has the potential to reduce the size up to 50% (depending on the source material) while keeping an acceptable level of quality

886
887	== Upgrade Notice ==
888
889	+ = 0.14.15 =
890	+ * Fixed errors with "redirect to conversion script"
891	+
892	= 0.14.14 =
893	Fixed errors on systems with symlinked folders
894

899	Fixed critical bug
900
901	= 0.14.11 =
902	+ Important security fixes. Upgrade immediately!
903
904	= 0.14.10 =
905	+ Security related
906
907	= 0.14.9 =
908	+ Security related
909
910	= 0.14.8 =
911	+ Security related
912
913	= 0.14.7 =
914	+ Security related: Removed unneccesary files from webp-convert library
915
916	= 0.14.6 =
917	+ Security related
918
919	= 0.14.5 =
920	+ Security related
921
922	= 0.14.4 =
923	Now bundles with multiple cwebp binaries for linux for systems where 1.0.2 fails.

929	A couple of bugfixes
930
931	= 0.14.1 =
932	+ Security related
933
934	= 0.14.0 =
935	New awesome conversion options that gets you even smaller webp files without compromising quality.

lib/classes/CapabilityTest.php CHANGED Viewed

	@@ -89,6 +89,8 @@ class CapabilityTest
89	*/
90	public static function passThroughHeaderWorking()
91	{


92	return self::runTest('pass-server-var-through-header');
93	}
94


89	*/
90	public static function passThroughHeaderWorking()
91	{
92	+ // pretend it fails because .htaccess rules aren't currently generated correctly
93	+ return false;
94	return self::runTest('pass-server-var-through-header');
95	}
96

lib/classes/ConvertHelperIndependent.php CHANGED Viewed

	@@ -329,7 +329,7 @@ APACHE
329
330	$text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
331
332	- $text = 'WebP Express 0.14.14. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
333
334	$logFile = self::getLogFilename($source, $logDir);
335


329
330	$text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
331
332	+ $text = 'WebP Express 0.14.15. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
333
334	$logFile = self::getLogFilename($source, $logDir);
335

lib/classes/SanityCheck.php CHANGED Viewed

	@@ -120,20 +120,30 @@ class SanityCheck
120	return self::path($input);
121	}
122
123	- public static function absPathIsInDocRoot($input, $errorMsg = 'Path is outside ~~allowed~~ ~~path~~')
124	{
125	$docRoot = self::absPath($_SERVER["DOCUMENT_ROOT"]);


126
127	// Use realpath to expand symbolic links and check if it exists
128	- $~~docRoot~~ = realpath($docRoot);
129	- if ($~~docRoot~~ === false) {
130	throw new SanityException('Cannot find document root');
131	}
132	- $~~docRoot~~ = rtrim($~~docRoot~~, '/');
133	- $~~docRoot~~ = self::absPathExists($~~docRoot~~, 'Document root does not exist!');
134	- $~~docRoot~~ = self::absPathExistsAndIsDir($~~docRoot~~, 'Document root is not a directory!');









135
136	- self::pathBeginsWith($input, $docRoot . '/', $errorMsg);
137	return $input;
138	}
139


120	return self::path($input);
121	}
122
123	+ public static function absPathIsInDocRoot($input, $errorMsg = 'Path is outside document root')
124	{
125	$docRoot = self::absPath($_SERVER["DOCUMENT_ROOT"]);
126	+ $docRoot = rtrim($docRoot, '/');
127	+ $docRoot = self::absPathExistsAndIsDir($docRoot);
128
129	// Use realpath to expand symbolic links and check if it exists
130	+ $docRootSymLinksExpanded = realpath($docRoot);
131	+ if ($docRootSymLinksExpanded === false) {
132	throw new SanityException('Cannot find document root');
133	}
134	+ $docRootSymLinksExpanded = rtrim($docRootSymLinksExpanded, '/');
135	+ $docRootSymLinksExpanded = self::absPathExists($docRootSymLinksExpanded, 'Document root does not exist!');
136	+ $docRootSymLinksExpanded = self::absPathExistsAndIsDir($docRootSymLinksExpanded, 'Document root is not a directory!');
137	+
138	+ try {
139	+ // try without symlinks expanded
140	+ self::pathBeginsWith($input, $docRoot . '/', $errorMsg);
141	+ } catch (SanityException $e) {
142	+
143	+ // if that fails, check with symlinks expanded
144	+ self::pathBeginsWith(realpath($input), $docRootSymLinksExpanded . '/', $errorMsg);
145	+ }
146

147	return $input;
148	}
149

webp-express.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: WebP Express
4	* Plugin URI: https://github.com/rosell-dk/webp-express
5	* Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6	- * Version: 0.14.14
7	* Author: Bjørn Rosell
8	* Author URI: https://www.bitwise-it.dk
9	* License: GPL2


3	* Plugin Name: WebP Express
4	* Plugin URI: https://github.com/rosell-dk/webp-express
5	* Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6	+ * Version: 0.14.15
7	* Author: Bjørn Rosell
8	* Author URI: https://www.bitwise-it.dk
9	* License: GPL2

wod/webp-on-demand.php CHANGED Viewed

	@@ -126,6 +126,7 @@ class WebPOnDempand
126	// Check if it is in an environment variable
127	$source = self::getEnvPassedInRewriteRule('REQFN');
128	if ($source !== false) {

129	$source = SanityCheck::absPathExistsAndIsFile($source);
130	} else {
131	// Check if it is in header (but only if .htaccess was configured to send in header)
	@@ -133,18 +134,20 @@ class WebPOnDempand
133	$capTests = $wodOptions['base-htaccess-on-these-capability-tests'];
134	$passThroughHeaderDefinitelyUnavailable = ($capTests['passThroughHeaderWorking'] === false);
135	$passThrougEnvVarDefinitelyAvailable =($capTests['passThroughEnvWorking'] === true);


136	} else {
137	- $~~passThroughHeaderDefinitelyUnavailable~~ = ~~false~~;
138	- $passThrougEnvVarDefinitelyAvailable = false;
139	}
140	- ~~if ((!$passThrougEnvVarDefinitelyAvailable) && (!$passThroughHeaderDefinitelyUnavailable)) {~~
141	- if (isset($_SERVER['HTTP_REQFN'])) {
142	- $~~source~~ = ~~SanityCheck::absPathExistsAndIsFile~~(~~$_SERVER[~~'~~HTTP_REQFN'])~~;
143	- }
144	} else {
145	// Check querystring (relative path)
146	$srcRel = '';
147	if (isset($_GET['xsource-rel'])) {

148	$xsrcRel = SanityCheck::noControlChars($_GET['xsource-rel']);
149	$srcRel = SanityCheck::pathWithoutDirectoryTraversal(substr($xsrcRel, 1));
150	$source = SanityCheck::absPathExistsAndIsFile($docRoot . '/' . $srcRel);
	@@ -155,6 +158,7 @@ class WebPOnDempand
155	(stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') !== false) &&
156	(isset($_GET['source']) \|\| isset($_GET['xsource']))
157	) {

158	if (isset($_GET['source'])) {
159	$source = SanityCheck::absPathExistsAndIsFile($_GET['source']);
160	} else {
	@@ -164,6 +168,7 @@ class WebPOnDempand
164	} else {
165	// Last resort is to use $_SERVER['REQUEST_URI'], well knowing that it does not give the
166	// correct result in all setups (ie "folder method 1")

167	$srcRel = SanityCheck::pathWithoutDirectoryTraversal(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH));
168	$source = SanityCheck::absPathExistsAndIsFile($docRoot . $srcRel);
169	}
	@@ -207,6 +212,7 @@ class WebPOnDempand
207	} else {
208	$serveOptions['serve-image']['headers']['vary-accept'] = true;
209	}

210
211	ConvertHelperIndependent::serveConverted(
212	$source,


126	// Check if it is in an environment variable
127	$source = self::getEnvPassedInRewriteRule('REQFN');
128	if ($source !== false) {
129	+ $checking = 'source (passed through env)';
130	$source = SanityCheck::absPathExistsAndIsFile($source);
131	} else {
132	// Check if it is in header (but only if .htaccess was configured to send in header)

134	$capTests = $wodOptions['base-htaccess-on-these-capability-tests'];
135	$passThroughHeaderDefinitelyUnavailable = ($capTests['passThroughHeaderWorking'] === false);
136	$passThrougEnvVarDefinitelyAvailable =($capTests['passThroughEnvWorking'] === true);
137	+ // This determines if .htaccess was configured to send in querystring
138	+ $headerMagicAddedInHtaccess = ((!$passThrougEnvVarDefinitelyAvailable) && (!$passThroughHeaderDefinitelyUnavailable));
139	} else {
140	+ $headerMagicAddedInHtaccess = true; // pretend its true

141	}
142	+
143	+ if ($headerMagicAddedInHtaccess && (isset($_SERVER['HTTP_REQFN']))) {
144	+ $checking = 'source (passed through request header)';
145	+ $source = SanityCheck::absPathExistsAndIsFile($_SERVER['HTTP_REQFN']);
146	} else {
147	// Check querystring (relative path)
148	$srcRel = '';
149	if (isset($_GET['xsource-rel'])) {
150	+ $checking = 'source (passed as relative path, through querystring)';
151	$xsrcRel = SanityCheck::noControlChars($_GET['xsource-rel']);
152	$srcRel = SanityCheck::pathWithoutDirectoryTraversal(substr($xsrcRel, 1));
153	$source = SanityCheck::absPathExistsAndIsFile($docRoot . '/' . $srcRel);

158	(stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') !== false) &&
159	(isset($_GET['source']) \|\| isset($_GET['xsource']))
160	) {
161	+ $checking = 'source (passed as absolute path on nginx)';
162	if (isset($_GET['source'])) {
163	$source = SanityCheck::absPathExistsAndIsFile($_GET['source']);
164	} else {

168	} else {
169	// Last resort is to use $_SERVER['REQUEST_URI'], well knowing that it does not give the
170	// correct result in all setups (ie "folder method 1")
171	+ $checking = 'source (retrieved by the request_uri server var)';
172	$srcRel = SanityCheck::pathWithoutDirectoryTraversal(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH));
173	$source = SanityCheck::absPathExistsAndIsFile($docRoot . $srcRel);
174	}

212	} else {
213	$serveOptions['serve-image']['headers']['vary-accept'] = true;
214	}
215	+ //echo $source . '<br>' . $destination; exit;
216
217	ConvertHelperIndependent::serveConverted(
218	$source,