WebP Express - Version 0.14.22

Version Description

(released: 4 aug 2019)

  • Fixed bug in Nginx rules in the FAQ (they did not take into account that the webp images outside upload folder are never stored "mingled")
  • Fixed bug: The extension setting was not respected - it was always appending ".webp", never setting. Thanks to Florian from Germany and Derrick Hammer from USA for reporting.
  • Fixed bug: It turns out that Imagick gives up quality detection for some images and returns 0. This resulted in very poor quality webps when the quality was set to same as jpeg. The 0 is now treated as a failure and the max-quality will be used for such images. Thanks to @sanjayojha303 from India for reporting that there were quality problems on some images.
  • Fixed bug-like behavior: The conversion scripts no longer requires that the respective setting is on for Nginx. Thanks to Mike from Russia for reporting this.
  • Fixed bug: The error handler in webp-convert for handling warnings could in some cases result in endless recursion. For some the result was that they could no longer upload images. Thanks to Tobias Keller from Germany for reporting this bug.
  • Fixed minor bug: Attempt to call private method in a rare scenario (when accessing one of the php scripts in the "wod" folder directly - which is not allowed). Thanks to Giacomo Lawrance from the U.K. for providing input that led to this discovery.
  • Fixed minor bug: It was not tested whether a corresponding webp existed before trying to deleting it when an image was deleted. This produced warnings in debug.log.
  • Security related: Added sanitizing of paths to avoid false positives on coderisk.com (there where no risk because already test the paths for sanity - but this is not detected by coderisk, as the variable is not modified). This was simply done in order get rid of the warnings at coderisk.
  • Security fix: Paths were not sanitized on Windows.
Download this release

Release Info

Developer rosell.dk
Plugin Icon 128x128 WebP Express
Version 0.14.22
Comparing to
See all releases

Code changes from version 0.14.21 to 0.14.22

README.md CHANGED
@@ -1,5 +1,7 @@
1
# WebP Express
2
3
Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP.
4
5
The plugin is available on the Wordpress codex ([here](https://wordpress.org/plugins/webp-express/)).
@@ -145,7 +147,11 @@ Easy enough. Browsers looks at the *content type* header rather than the URL to
145
I am btw considering making an option to have the plugin redirect to the webp instead of serving immediately. That would remove the apparent mismatch between file extension and content type header. However, the cost of doing that will be an extra request for each image, which means extra time and worse performance. I believe you'd be ill advised to use that option, so I guess I will not implement it. But perhaps you have good reasons to use it? If you do, please let me know!
146
147
### I am on NGINX / OpenResty
148
- It is possible to make WebP Express work on NGINX, but it requires manually inserting redirection rules in the NGINX configuration file (nginx.conf or the configuration file for the site, found in `/etc/nginx/sites-available`).
149
150
There are two different approaches to achieve the redirections. One based on *rewrite* and one based on *try_files*. As *try_files* performs best, I shall recommend that.
151
@@ -170,7 +176,7 @@ location ~* ^/?wp-content/.*\.(png|jpe?g)$ {
170
}
171
try_files
172
/nonexisting-because-try-files-needs-fallback
173
- /wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content&$args
174
;
175
}
176
```
@@ -190,17 +196,16 @@ If you cannot get this to work then perhaps you need to add the following to you
190
191
If you still cannot get it to work, you can instead try *method 2*
192
193
194
**Step 2**: *Redirecting directly to existing webp images.*
195
196
Once you got this working, lets improve performance by redirecting directly to existing webp images. This step isn't necessary, as the script also does that - but invoking the php script takes more resources that the direct redirect. Also, a direct redirect will produce *ETag* response header, which is increases caching performance.
197
198
- The rules looks for existing webp files by appending ".webp" to the URL. So for this to work, you must configure *WebP Express* to store the converted files like that:
199
- 1. Set *Destination folder* to *mingled*
200
- 2. Set *File extension* to *Append ".webp"*
201
202
203
- Now, place the following in the `server` context (replacing what you inserted in step 1):
204
```nginx
205
# WebP Express rules
206
# --------------------
@@ -211,14 +216,17 @@ location ~* ^/?wp-content/.*\.(png|jpe?g)$ {
211
break;
212
}
213
try_files
214
$uri.webp
215
- /wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content&$args
216
;
217
}
218
# ------------------- (WebP Express rules ends here)
219
```
220
*Beware when copy/pasting: You might get html-encoded characters. Verify that the ampersand before "wp-content" isn't encoded*
221
222
Again, beware that if you haven't enabled *png* conversion, you should replace "(png|jpe?g)" with "jpe?g".
223
224
Credits: This second step builds on [Eugene Lazutkins solution](http://www.lazutkin.com/blog/2014/02/23/serve-files-with-nginx-conditionally/).
@@ -259,7 +267,7 @@ if ($http_accept ~* "webp"){
259
260
**Step 2**: *Redirecting directly to existing webp images.*
261
262
- Insert the following in the `server` context (replacing the rules you inserted in step 1)
263
```nginx
264
# WebP Express rules
265
# --------------------
1
# WebP Express
2
3
+ [![RIPS CodeRisk](https://coderisk.com/wp/plugin/webp-express/badge "RIPS CodeRisk")](https://coderisk.com/wp/plugin/webp-express)
4
+
5
Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP.
6
7
The plugin is available on the Wordpress codex ([here](https://wordpress.org/plugins/webp-express/)).
147
I am btw considering making an option to have the plugin redirect to the webp instead of serving immediately. That would remove the apparent mismatch between file extension and content type header. However, the cost of doing that will be an extra request for each image, which means extra time and worse performance. I believe you'd be ill advised to use that option, so I guess I will not implement it. But perhaps you have good reasons to use it? If you do, please let me know!
148
149
### I am on NGINX / OpenResty
150
+ The easy solution is simply to use the plugin in "CDN friendly" mode, do a bulk conversion (takes care of converting existing images) and activate the "Convert on upload" option (takes care of converting new images in the media library).
151
+
152
+ This however does not cover images in external CSS and images being dynamically added with javascript. And it does not handle new theme images.
153
+
154
+ To get this working, requires manually inserting redirection rules in the NGINX configuration file (nginx.conf or the configuration file for the site, found in `/etc/nginx/sites-available`).
155
156
There are two different approaches to achieve the redirections. One based on *rewrite* and one based on *try_files*. As *try_files* performs best, I shall recommend that.
157
176
}
177
try_files
178
/nonexisting-because-try-files-needs-fallback
179
+ /wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content
180
;
181
}
182
```
196
197
If you still cannot get it to work, you can instead try *method 2*
198
199
+ Note: There is no longer any reason to add "&$args" to the line begining with "/wp-content". It was there to enable debugging a single image by appending "?debug" to the url. I however removed that functionality from `webp-on-demand.php`.
200
201
**Step 2**: *Redirecting directly to existing webp images.*
202
203
Once you got this working, lets improve performance by redirecting directly to existing webp images. This step isn't necessary, as the script also does that - but invoking the php script takes more resources that the direct redirect. Also, a direct redirect will produce *ETag* response header, which is increases caching performance.
204
205
+ The rules looks for existing webp files by appending ".webp" to the URL. So for this to work, you must configure *WebP Express* to store the converted files like that.
206
207
+ The following rules works both when WebP Express are configured to store images in the same folder as the originals ("mingled") and when or in a separate folder. Nginx will first see if there is a corresponding webp in the separate folder and then if there is a corresponding webp in the same folder and finally fall back to calling the conversion script.
208
209
```nginx
210
# WebP Express rules
211
# --------------------
216
break;
217
}
218
try_files
219
+ /wp-content/webp-express/webp-images/doc-root/$uri.webp
220
$uri.webp
221
+ /wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content
222
;
223
}
224
# ------------------- (WebP Express rules ends here)
225
```
226
*Beware when copy/pasting: You might get html-encoded characters. Verify that the ampersand before "wp-content" isn't encoded*
227
228
+ If you have configured WebP Express to store images in separate folder, you do not need the "$uri.webp" line. But it doesn't hurt to have it. But the reverse is not true. If configured to store images in the same folder ("mingled"), you still need the line that looks for a webp in the separate folder. The reason for this is that the "mingled" only applies to the images in the upload folder - other images - such as theme images are always stored in a separate folder.
229
+
230
Again, beware that if you haven't enabled *png* conversion, you should replace "(png|jpe?g)" with "jpe?g".
231
232
Credits: This second step builds on [Eugene Lazutkins solution](http://www.lazutkin.com/blog/2014/02/23/serve-files-with-nginx-conditionally/).
267
268
**Step 2**: *Redirecting directly to existing webp images.*
269
270
+ Make sure that WebP Express is configured with "Destination" set to "Mingled". And then insert the following in the `server` context (replacing the rules you inserted in step 1)
271
```nginx
272
# WebP Express rules
273
# --------------------
README.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://ko-fi.com/rosell
4
Tags: webp, images, performance
5
Requires at least: 4.0
6
Tested up to: 5.2
7
- Stable tag: 0.14.21
8
Requires PHP: 5.6
9
License: GPLv3
10
License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -16,7 +16,7 @@ Serve autogenerated WebP images instead of jpeg/png to browsers that supports We
16
Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
17
18
!! **SECURITY NOTICE** !!
19
- Security issues has recently been found and fixed. I urge you to upgrade to the latest release (at least 0.14.11, but go with 0.14.21, as there are important bug fixes)
20
21
22
### The image converter
@@ -39,8 +39,8 @@ The plugin builds on [WebPConvert](https://github.com/rosell-dk/webp-convert) an
39
- Better user experience (whether performance goes from terrible to bad, or from good to impressive, it is a benefit)
40
- Better ranking in Google searches (performance is taken into account by Google)
41
- Less bandwidth consumption - makes a huge difference in the parts of the world where the internet is slow and costly (you know, ~80% of the world population lives under these circumstances).
42
- - Currently ~73% of all traffic, and ~79% of mobile browsing traffic are done with browsers supporting webp. With Mozilla and Microsoft [finally on board](https://medium.com/@richard_90141/webp-image-support-an-8-year-saga-7aa2bedb8d02), these numbers are bound to increase. Check current numbers on [caniuse.com](https://caniuse.com/webp)).
43
-
44
45
== Installation ==
46
@@ -76,12 +76,15 @@ In case no conversion methods are working out of the box, you have several optio
76
- You can set up [webp-convert-cloud-service](https://github.com/rosell-dk/webp-convert-cloud-service) on another server and connect to that. Its open source.
77
- You can try to meet the server requirements of cwebp, gd, imagick or gmagick. Check out [this wiki page](https://github.com/rosell-dk/webp-convert/wiki/Meeting-the-requirements-of-the-converters) on how to do that
78
79
- ### The auto quality
80
- If your server has imagick og gmagick installed, the plugin will be able to detect the quality of a jpeg, and use the same quality for the converted webp. You can tell if it does, by looking at the quality option. If it allows you to select "auto" quality, it is available, otherwise it is not, and you will only have the option to set a specific quality for all conversions. *Auto* should be chosen, if available, as this ensures that each conversion are converted with an appropriate quality. Say you have a jpeg with low quality (say 30). The best result, is achieved by converting it to the same quality. Converting it with high quality (say 80), will not get you better quality, only a larger file.
81
82
- If you do not the "auto" option available:
83
- - Install imagick or gmagick, if you can
84
- - Use "Remote WebP Express" converter to connect to a site, that *does* have the auto option available
85
- If you have cwebp converter available, you can configure it to aim for a certain reduction, rather than using the quality parameter. Set this to for example 50%, or even 45%.
86
87
### Notes
@@ -118,7 +121,7 @@ Note that the plugin does not change any HTML (unless you enabled the *Alter HTM
118
- Reload the page
119
- Find a jpeg or png image in the list. In the "type" column, it should say "webp"
120
121
- In order to test that the image is not being reconverted every time, look at the Response headers of the image. There should be a "X-WebP-Convert-Status" header. It should say "Serving existing converted image" the first time, but "Serving existing converted image" on subsequent requests (WebP-Express is based upon [WebP Convert](https://github.com/rosell-dk/webp-convert)).
122
123
You can also append `?debug` after any image url, in order to run a conversion, and see the conversion report. Also, if you append `?reconvert` after an image url, you will force a reconversion of the image.
124
@@ -151,10 +154,9 @@ Easy enough. Browsers looks at the *content type* header rather than the URL to
151
I am btw considering making an option to have the plugin redirect to the webp instead of serving immediately. That would remove the apparent mismatch between file extension and content type header. However, the cost of doing that will be an extra request for each image, which means extra time and worse performance. I believe you'd be ill advised to use that option, so I guess I will not implement it. But perhaps you have good reasons to use it? If you do, please let me know!
152
153
= I am on NGINX / OpenResty =
154
- The easy solution is simply to use the plugin in "CDN friendly" mode, do a bulk conversion and activate the "Convert on upload" option.
155
156
- This however does not cover images in CSS and images being dynamically added with javascript.
157
- To get this working, requires manually inserting redirection rules in the NGINX configuration file (nginx.conf or the configuration file for the site, found in `/etc/nginx/sites-available`).
158
159
There are two different approaches to achieve the redirections. One based on *rewrite* and one based on *try_files*. As *try_files* performs best, I shall recommend that.
160
@@ -201,16 +203,15 @@ image/webp webp;
201
202
If you still cannot get it to work, you can instead try *method 2*
203
204
205
**Step 2**: *Redirecting directly to existing webp images.*
206
207
Once you got this working, lets improve performance by redirecting directly to existing webp images. This step isn't necessary, as the script also does that - but invoking the php script takes more resources that the direct redirect. Also, a direct redirect will produce *ETag* response header, which is increases caching performance.
208
209
- The rules looks for existing webp files by appending ".webp" to the URL. So for this to work, you must configure *WebP Express* to store the converted files like that:
210
- 1. Set *Destination folder* to *mingled*
211
- 2. Set *File extension* to *Append ".webp"*
212
213
- Now, place the following in the `server` context (replacing what you inserted in step 1):
214
215
`
216
location ~* ^/?wp-content/.*\.(png|jpe?g)$ {
@@ -220,6 +221,7 @@ location ~* ^/?wp-content/.*\.(png|jpe?g)$ {
220
break;
221
}
222
try_files
223
$uri.webp
224
/wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content
225
;
@@ -227,6 +229,8 @@ location ~* ^/?wp-content/.*\.(png|jpe?g)$ {
227
`
228
*Beware when copy/pasting: You might get html-encoded characters. Verify that the ampersand before "wp-content" isn't encoded*
229
230
Again, beware that if you haven't enabled *png* conversion, you should replace "(png|jpe?g)" with "jpe?g".
231
232
Credits: This second step builds on [Eugene Lazutkins solution](http://www.lazutkin.com/blog/2014/02/23/serve-files-with-nginx-conditionally/).
@@ -265,7 +269,7 @@ if ($http_accept ~* "webp"){
265
266
**Step 2**: *Redirecting directly to existing webp images.*
267
268
- Insert the following in the `server` context (replacing the rules you inserted in step 1)
269
`
270
location ~* ^/wp-content/.*\.(png|jpe?g)$ {
271
add_header Vary Accept;
@@ -608,6 +612,19 @@ Easy enough! - [Go here!](https://ko-fi.com/rosell). Or [here](https://buymeacof
608
609
== Changelog ==
610
611
= 0.14.21 =
612
*(released: 30 jun 2019)*
613
@@ -920,6 +937,9 @@ For older releases, check out changelog.txt
920
921
== Upgrade Notice ==
922
923
= 0.14.21 =
924
* Hopefully fixed WebP Express Error: "png" option is Object
925
4
Tags: webp, images, performance
5
Requires at least: 4.0
6
Tested up to: 5.2
7
+ Stable tag: 0.14.22
8
Requires PHP: 5.6
9
License: GPLv3
10
License URI: https://www.gnu.org/licenses/gpl-3.0.html
16
Almost 4 out of 5 mobile users use a browser that is able to display webp images. Yet, on most websites, they are served jpeg images, which are typically double the size of webp images for a given quality. What a waste of bandwidth! This plugin was created to help remedy that situation. With little effort, Wordpress admins can have their site serving autogenerated webp images to browsers that supports it, while still serving jpeg and png files to browsers that does not support webp.
17
18
!! **SECURITY NOTICE** !!
19
+ Security issues has recently been found and fixed. I urge you to upgrade to the latest release (at least 0.14.11, but go with 0.14.22, as there are important bug fixes)
20
21
22
### The image converter
39
- Better user experience (whether performance goes from terrible to bad, or from good to impressive, it is a benefit)
40
- Better ranking in Google searches (performance is taken into account by Google)
41
- Less bandwidth consumption - makes a huge difference in the parts of the world where the internet is slow and costly (you know, ~80% of the world population lives under these circumstances).
42
+ - Currently ~83% of all traffic, and ~80% of mobile browsing traffic are done with browsers supporting webp. With Mozilla and Microsoft [finally on board](https://medium.com/@richard_90141/webp-image-support-an-8-year-saga-7aa2bedb8d02), these numbers are bound to increase. Check current numbers on [caniuse.com](https://caniuse.com/webp)).
43
+ - It's great for the environment too! Reducing network traffic reduces electricity consumption which reduces CO2 emissions.
44
45
== Installation ==
46
76
- You can set up [webp-convert-cloud-service](https://github.com/rosell-dk/webp-convert-cloud-service) on another server and connect to that. Its open source.
77
- You can try to meet the server requirements of cwebp, gd, imagick or gmagick. Check out [this wiki page](https://github.com/rosell-dk/webp-convert/wiki/Meeting-the-requirements-of-the-converters) on how to do that
78
79
+ ### Quality detection of jpegs
80
+ If your server has Imagick extension or is able to execute imagemagick binary, the plugin will be able to detect the quality of a jpeg, and use that quality for the converted webp. You can tell if the quality detection is available by hovering the help icon in Conversion > Jpeg options > Quality for lossy. The last line in that help text tells you.
81
+
82
+ This auto quality has benefits over fixed quality as it ensures that each conversion are converted with an appropriate quality. Encoding low quality jpegs to high quality webps does not magically increase the visual quality so that your webp looks better than the original. But it does result in a much larger filesize than if the jpeg where converting to a webp with the same quality setting as the original.
83
84
+ If you do not have quality detection working, you can try one of the following:
85
+ - Install Imagick on the server (for this purpose, it is not required that it is compiled with WebP support)
86
+ - Install imagemagick on the server and grant permission for PHP to use the "exec" function.
87
+ - Use "Remote WebP Express" converter to connect to a site, that *does* have quality detection working
88
- If you have cwebp converter available, you can configure it to aim for a certain reduction, rather than using the quality parameter. Set this to for example 50%, or even 45%.
89
90
### Notes
121
- Reload the page
122
- Find a jpeg or png image in the list. In the "type" column, it should say "webp"
123
124
+ In order to test that the image is not being reconverted every time, look at the Response headers of the image. There should be a "X-WebP-Convert-Status" header. It should say "Serving freshly converted image" the first time, but "Serving existing converted image" on subsequent requests (WebP-Express is based upon [WebP Convert](https://github.com/rosell-dk/webp-convert)).
125
126
You can also append `?debug` after any image url, in order to run a conversion, and see the conversion report. Also, if you append `?reconvert` after an image url, you will force a reconversion of the image.
127
154
I am btw considering making an option to have the plugin redirect to the webp instead of serving immediately. That would remove the apparent mismatch between file extension and content type header. However, the cost of doing that will be an extra request for each image, which means extra time and worse performance. I believe you'd be ill advised to use that option, so I guess I will not implement it. But perhaps you have good reasons to use it? If you do, please let me know!
155
156
= I am on NGINX / OpenResty =
157
+ The easy solution is simply to use the plugin in "CDN friendly" mode, do a bulk conversion (takes care of converting existing images) and activate the "Convert on upload" option (takes care of converting new images in the media library).
158
159
+ This however does not cover images in external CSS and images being dynamically added with javascript. And it does not handle new theme images.
160
161
There are two different approaches to achieve the redirections. One based on *rewrite* and one based on *try_files*. As *try_files* performs best, I shall recommend that.
162
203
204
If you still cannot get it to work, you can instead try *method 2*
205
206
+ Note: There is no longer any reason to add "&$args" to the line begining with "/wp-content". It was there to enable debugging a single image by appending "?debug" to the url. I however removed that functionality from `webp-on-demand.php`.
207
208
**Step 2**: *Redirecting directly to existing webp images.*
209
210
Once you got this working, lets improve performance by redirecting directly to existing webp images. This step isn't necessary, as the script also does that - but invoking the php script takes more resources that the direct redirect. Also, a direct redirect will produce *ETag* response header, which is increases caching performance.
211
212
+ The rules looks for existing webp files by appending ".webp" to the URL. So for this to work, you must configure *WebP Express* to store the converted files like that.
213
214
+ The following rules works both when WebP Express are configured to store images in the same folder as the originals ("mingled") and when or in a separate folder. Nginx will first see if there is a corresponding webp in the separate folder and then if there is a corresponding webp in the same folder and finally fall back to calling the conversion script.
215
216
`
217
location ~* ^/?wp-content/.*\.(png|jpe?g)$ {
221
break;
222
}
223
try_files
224
+ /wp-content/webp-express/webp-images/doc-root/$uri.webp
225
$uri.webp
226
/wp-content/plugins/webp-express/wod/webp-on-demand.php?xsource=x$request_filename&wp-content=wp-content
227
;
229
`
230
*Beware when copy/pasting: You might get html-encoded characters. Verify that the ampersand before "wp-content" isn't encoded*
231
232
+ If you have configured WebP Express to store images in separate folder, you do not need the "$uri.webp" line. But it doesn't hurt to have it. But the reverse is not true. If configured to store images in the same folder ("mingled"), you still need the line that looks for a webp in the separate folder. The reason for this is that the "mingled" only applies to the images in the upload folder - other images - such as theme images are always stored in a separate folder.
233
+
234
Again, beware that if you haven't enabled *png* conversion, you should replace "(png|jpe?g)" with "jpe?g".
235
236
Credits: This second step builds on [Eugene Lazutkins solution](http://www.lazutkin.com/blog/2014/02/23/serve-files-with-nginx-conditionally/).
269
270
**Step 2**: *Redirecting directly to existing webp images.*
271
272
+ Make sure that WebP Express is configured with "Destination" set to "Mingled". And then insert the following in the `server` context (replacing the rules you inserted in step 1)
273
`
274
location ~* ^/wp-content/.*\.(png|jpe?g)$ {
275
add_header Vary Accept;
612
613
== Changelog ==
614
615
+ = 0.14.22 =
616
+ *(released: 4 aug 2019)*
617
+
618
+ * Fixed bug in Nginx rules in the FAQ (they did not take into account that the webp images outside upload folder are never stored "mingled")
619
+ * Fixed bug: The extension setting was not respected - it was always appending ".webp", never setting. Thanks to Florian from Germany and Derrick Hammer from USA for reporting.
620
+ * Fixed bug: It turns out that Imagick gives up quality detection for some images and returns 0. This resulted in very poor quality webps when the quality was set to same as jpeg. The 0 is now treated as a failure and the max-quality will be used for such images. Thanks to @sanjayojha303 from India for reporting that there were quality problems on some images.
621
+ * Fixed bug-like behavior: The conversion scripts no longer requires that the respective setting is on for Nginx. Thanks to Mike from Russia for reporting this.
622
+ * Fixed bug: The error handler in webp-convert for handling warnings could in some cases result in endless recursion. For some the result was that they could no longer upload images. Thanks to Tobias Keller from Germany for reporting this bug.
623
+ * Fixed minor bug: Attempt to call private method in a rare scenario (when accessing one of the php scripts in the "wod" folder directly - which is not allowed). Thanks to Giacomo Lawrance from the U.K. for providing input that led to this discovery.
624
+ * Fixed minor bug: It was not tested whether a corresponding webp existed before trying to deleting it when an image was deleted. This produced warnings in debug.log.
625
+ * Security related: Added sanitizing of paths to avoid false positives on coderisk.com (there where no risk because already test the paths for sanity - but this is not detected by coderisk, as the variable is not modified). This was simply done in order get rid of the warnings at coderisk.
626
+ * Security fix: Paths were not sanitized on Windows.
627
+
628
= 0.14.21 =
629
*(released: 30 jun 2019)*
630
937
938
== Upgrade Notice ==
939
940
+ = 0.14.22 =
941
+ * A bundle of bug fixes and a security fix for Windows
942
+
943
= 0.14.21 =
944
* Hopefully fixed WebP Express Error: "png" option is Object
945
composer.json CHANGED
@@ -4,9 +4,9 @@
4
"type": "project",
5
"license": "MIT",
6
"require": {
7
- "rosell-dk/webp-convert": "^2.1.3",
8
"rosell-dk/webp-convert-cloud-service": "^2.0.0",
9
- "rosell-dk/dom-util-for-webp": "^0.3.0"
10
},
11
"require-dev": {
12
},
4
"type": "project",
5
"license": "MIT",
6
"require": {
7
+ "rosell-dk/webp-convert": "^2.1.5",
8
"rosell-dk/webp-convert-cloud-service": "^2.0.0",
9
+ "rosell-dk/dom-util-for-webp": "^0.3.1"
10
},
11
"require-dev": {
12
},
composer.lock CHANGED
@@ -4,20 +4,20 @@
4
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
5
"This file is @generated automatically"
6
],
7
- "content-hash": "4b326e154cd42a9b5e0182756cab2642",
8
"packages": [
9
{
10
"name": "rosell-dk/dom-util-for-webp",
11
- "version": "0.3.0",
12
"source": {
13
"type": "git",
14
"url": "https://github.com/rosell-dk/dom-util-for-webp.git",
15
- "reference": "c9cebf304553695fb6f7cf5634da51172e8e4aba"
16
},
17
"dist": {
18
"type": "zip",
19
- "url": "https://api.github.com/repos/rosell-dk/dom-util-for-webp/zipball/c9cebf304553695fb6f7cf5634da51172e8e4aba",
20
- "reference": "c9cebf304553695fb6f7cf5634da51172e8e4aba",
21
"shasum": ""
22
},
23
"require-dev": {
@@ -48,8 +48,8 @@
48
"authors": [
49
{
50
"name": "Bjørn Rosell",
51
- "homepage": "https://www.bitwise-it.dk/contact",
52
- "role": "Project Author"
53
}
54
],
55
"description": "Replace image URLs found in HTML",
@@ -59,7 +59,7 @@
59
"images",
60
"replace"
61
],
62
- "time": "2019-03-07T09:15:07+00:00"
63
},
64
{
65
"name": "rosell-dk/image-mime-type-guesser",
@@ -118,16 +118,16 @@
118
},
119
{
120
"name": "rosell-dk/webp-convert",
121
- "version": "2.1.4",
122
"source": {
123
"type": "git",
124
"url": "https://github.com/rosell-dk/webp-convert.git",
125
- "reference": "4ea37baaa3edee036223b45249ec6898fa945821"
126
},
127
"dist": {
128
"type": "zip",
129
- "url": "https://api.github.com/repos/rosell-dk/webp-convert/zipball/4ea37baaa3edee036223b45249ec6898fa945821",
130
- "reference": "4ea37baaa3edee036223b45249ec6898fa945821",
131
"shasum": ""
132
},
133
"require": {
@@ -167,14 +167,14 @@
167
],
168
"authors": [
169
{
170
- "name": "Martin Folkers",
171
- "homepage": "https://twobrain.io",
172
- "role": "Collaborator"
173
},
174
{
175
- "name": "Bjørn Rosell",
176
- "homepage": "https://www.bitwise-it.dk/contact",
177
- "role": "Project Author"
178
}
179
],
180
"description": "Convert JPEG & PNG to WebP with PHP",
@@ -190,20 +190,20 @@
190
"png",
191
"png2webp"
192
],
193
- "time": "2019-06-28T19:21:17+00:00"
194
},
195
{
196
"name": "rosell-dk/webp-convert-cloud-service",
197
- "version": "2.0.0",
198
"source": {
199
"type": "git",
200
"url": "https://github.com/rosell-dk/webp-convert-cloud-service.git",
201
- "reference": "5345c63d0a44d529591c36ebab33c3bcfc080787"
202
},
203
"dist": {
204
"type": "zip",
205
- "url": "https://api.github.com/repos/rosell-dk/webp-convert-cloud-service/zipball/5345c63d0a44d529591c36ebab33c3bcfc080787",
206
- "reference": "5345c63d0a44d529591c36ebab33c3bcfc080787",
207
"shasum": ""
208
},
209
"require": {
@@ -237,8 +237,8 @@
237
"authors": [
238
{
239
"name": "Bjørn Rosell",
240
- "homepage": "https://www.bitwise-it.dk/contact",
241
- "role": "Project Author"
242
}
243
],
244
"description": "Cloud service for converting JPEG & PNG to WebP",
@@ -254,7 +254,7 @@
254
"png",
255
"png2webp"
256
],
257
- "time": "2019-06-14T13:05:09+00:00"
258
}
259
],
260
"packages-dev": [],
4
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
5
"This file is @generated automatically"
6
],
7
+ "content-hash": "628e816c040c595618fbe0151b6021b0",
8
"packages": [
9
{
10
"name": "rosell-dk/dom-util-for-webp",
11
+ "version": "0.3.1",
12
"source": {
13
"type": "git",
14
"url": "https://github.com/rosell-dk/dom-util-for-webp.git",
15
+ "reference": "bae8f4a9b666726359d28bfb227d886c12f136a9"
16
},
17
"dist": {
18
"type": "zip",
19
+ "url": "https://api.github.com/repos/rosell-dk/dom-util-for-webp/zipball/bae8f4a9b666726359d28bfb227d886c12f136a9",
20
+ "reference": "bae8f4a9b666726359d28bfb227d886c12f136a9",
21
"shasum": ""
22
},
23
"require-dev": {
48
"authors": [
49
{
50
"name": "Bjørn Rosell",
51
+ "role": "Project Author",
52
+ "homepage": "https://www.bitwise-it.dk/contact"
53
}
54
],
55
"description": "Replace image URLs found in HTML",
59
"images",
60
"replace"
61
],
62
+ "time": "2019-07-31T14:17:18+00:00"
63
},
64
{
65
"name": "rosell-dk/image-mime-type-guesser",
118
},
119
{
120
"name": "rosell-dk/webp-convert",
121
+ "version": "2.1.5",
122
"source": {
123
"type": "git",
124
"url": "https://github.com/rosell-dk/webp-convert.git",
125
+ "reference": "b28ce7fe71ce4f930bd352f12b4f1591ac21b9f0"
126
},
127
"dist": {
128
"type": "zip",
129
+ "url": "https://api.github.com/repos/rosell-dk/webp-convert/zipball/b28ce7fe71ce4f930bd352f12b4f1591ac21b9f0",
130
+ "reference": "b28ce7fe71ce4f930bd352f12b4f1591ac21b9f0",
131
"shasum": ""
132
},
133
"require": {
167
],
168
"authors": [
169
{
170
+ "name": "Bjørn Rosell",
171
+ "role": "Project Author",
172
+ "homepage": "https://www.bitwise-it.dk/contact"
173
},
174
{
175
+ "name": "Martin Folkers",
176
+ "role": "Collaborator",
177
+ "homepage": "https://twobrain.io"
178
}
179
],
180
"description": "Convert JPEG & PNG to WebP with PHP",
190
"png",
191
"png2webp"
192
],
193
+ "time": "2019-08-02T14:13:24+00:00"
194
},
195
{
196
"name": "rosell-dk/webp-convert-cloud-service",
197
+ "version": "2.0.1",
198
"source": {
199
"type": "git",
200
"url": "https://github.com/rosell-dk/webp-convert-cloud-service.git",
201
+ "reference": "703c2f1c76d30468ee3977170bfa3da138d8c4ad"
202
},
203
"dist": {
204
"type": "zip",
205
+ "url": "https://api.github.com/repos/rosell-dk/webp-convert-cloud-service/zipball/703c2f1c76d30468ee3977170bfa3da138d8c4ad",
206
+ "reference": "703c2f1c76d30468ee3977170bfa3da138d8c4ad",
207
"shasum": ""
208
},
209
"require": {
237
"authors": [
238
{
239
"name": "Bjørn Rosell",
240
+ "role": "Project Author",
241
+ "homepage": "https://www.bitwise-it.dk/contact"
242
}
243
],
244
"description": "Cloud service for converting JPEG & PNG to WebP",
254
"png",
255
"png2webp"
256
],
257
+ "time": "2019-06-30T08:28:35+00:00"
258
}
259
],
260
"packages-dev": [],
docs/development.md CHANGED
@@ -1,3 +1,33 @@
1
- The plugin published on github now uses composer. I still include the vendor files on the svn (the Wordpress "codex").
2
3
- For the few, who might be using this thing here on github: To get the dependent libraries, you need to cd into the plugin dir and run `composer install`. This gets you the latest dev releases of "webp-convert" and "webp-convert-cloud-service" on github. You must change the composer.json if you rather want the latest stable release (remove the repositories and change the minimum requirements). On the svn, I simply rsync everything, including the vendor folder, before committing.
1
+ ## Updating the vendor dir:
2
3
+ 1. Run `composer update` in the root.
4
+ 2. Run `composer dump-autoload -o`
5
+ (for some reason, `vendor/composer/autoload_classmap.php` looses all its mappings on composer update). It also looses them on a `composer dump-autoload` (without the -o option).
6
+ It actually seems that the mappings are not needed. It seems to work fine when I alter autoload_real to not use the static loader. But well, I'm reluctant to change anything that works.
7
+
8
+ 3. Remove unneeded files:
9
+
10
+ - Open bash
11
+ - cd into the folder
12
+
13
+ ```
14
+ rm -r tests
15
+
16
+ rm -r vendor/rosell-dk/webp-convert/build-scripts
17
+ rm -r vendor/rosell-dk/webp-convert/tests
18
+ rm -r vendor/rosell-dk/webp-convert/build-tests-webp-convert
19
+ rm -r vendor/rosell-dk/webp-convert/build-tests-wod
20
+ rm -r vendor/rosell-dk/webp-convert/src-build
21
+ rm -r vendor/rosell-dk/webp-convert/docs
22
+ rm vendor/rosell-dk/webp-convert/*.sh
23
+ rm -r vendor/rosell-dk/webp-convert/src//Helpers/*.txt
24
+ rm vendor/rosell-dk/webp-convert/.gitignore
25
+
26
+ rm -r vendor/rosell-dk/webp-convert-cloud-service/tests
27
+ rm -r vendor/rosell-dk/webp-convert-cloud-service/docs
28
+
29
+ rm vendor/rosell-dk/dom-util-for-webp/phpstan.neon
30
+
31
+ ```
32
+
33
+ 3. Commit on git
lib/classes/ConvertHelperIndependent.php CHANGED
@@ -83,9 +83,6 @@ class ConvertHelperIndependent
83
$destination = $source . '.webp';
84
} else {
85
$destination = preg_replace('/\\.(jpe?g|png)#x2F;', '', $source) . '.webp';
86
- // TODO: make this check work with symlinks
87
- //$destination = SanityCheck::absPathIsInDocRoot($source . '.webp');
88
- $destination = $source . '.webp';
89
}
90
} else {
91
$docRoot = rtrim(realpath($_SERVER["DOCUMENT_ROOT"]), '/');
@@ -329,7 +326,7 @@ APACHE
329
330
$text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
331
332
- $text = 'WebP Express 0.14.21. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
333
334
$logFile = self::getLogFilename($source, $logDir);
335
83
$destination = $source . '.webp';
84
} else {
85
$destination = preg_replace('/\\.(jpe?g|png)#x2F;', '', $source) . '.webp';
86
}
87
} else {
88
$docRoot = rtrim(realpath($_SERVER["DOCUMENT_ROOT"]), '/');
326
327
$text = preg_replace('#' . preg_quote($_SERVER["DOCUMENT_ROOT"]) . '#', '[doc-root]', $text);
328
329
+ $text = 'WebP Express 0.14.22. ' . $msgTop . ', ' . date("Y-m-d H:i:s") . "\n\r\n\r" . $text;
330
331
$logFile = self::getLogFilename($source, $logDir);
332
lib/classes/HandleDeleteFileHook.php CHANGED
@@ -21,8 +21,10 @@ class HandleDeleteFileHook
21
}
22
23
$destination = Convert::getDestination($filename);
24
- if (!unlink($destination)) {
25
- error_log('WebP Express failed deleting webp:' . $destination);
26
}
27
return $filename;
28
}
21
}
22
23
$destination = Convert::getDestination($filename);
24
+ if (@file_exists($destination)) {
25
+ if (!@unlink($destination)) {
26
+ error_log('WebP Express failed deleting webp:' . $destination);
27
+ }
28
}
29
return $filename;
30
}
lib/classes/Sanitize.php CHANGED
@@ -16,4 +16,16 @@ class Sanitize
16
return str_replace(chr(0), '', $string);
17
}
18
19
}
16
return str_replace(chr(0), '', $string);
17
}
18
19
+ public static function removeStreamWrappers($string)
20
+ {
21
+ return preg_replace('#^\\w+://#', '', $string);
22
+ }
23
+
24
+ public static function path($string)
25
+ {
26
+ $string = self::removeNUL($string);
27
+ $string = self::removeStreamWrappers($string);
28
+ return $string;
29
+ }
30
+
31
}
lib/classes/SanityCheck.php CHANGED
@@ -98,6 +98,11 @@ class SanityCheck
98
self::noControlChars($input);
99
self::noDirectoryTraversal($input);
100
self::noStreamWrappers($input);
101
return $input;
102
}
103
@@ -133,34 +138,41 @@ class SanityCheck
133
return $input;
134
}
135
136
- public static function absPath($input, $errorMsg = 'Not an absolute path')
137
{
138
- if ((strpos($input, '/') !== 0)) {
139
- // On microsoft, allow
140
-
141
- $onMicrosoft = false;
142
- if (isset($_SERVER['SERVER_SOFTWARE'])) {
143
- if (strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft') !== false) {
144
- $onMicrosoft = true;
145
- }
146
- }
147
- switch (PHP_OS) {
148
- case "WINNT":
149
- case "WIN32":
150
- case "INTERIX":
151
- case "UWIN":
152
- case "UWIN-W7":
153
- $onMicrosoft = true;
154
- break;
155
}
156
157
- if (!$onMicrosoft) {
158
throw new SanityException($errorMsg);
159
}
160
- self::absPathMicrosoftStyle($input);
161
-
162
}
163
- return self::path($input);
164
}
165
166
private static function findClosestExistingFolderSymLinksExpanded($input) {
98
self::noControlChars($input);
99
self::noDirectoryTraversal($input);
100
self::noStreamWrappers($input);
101
+
102
+ // PS: The following sanitize has no effect, as we have just tested that there are no NUL and
103
+ // no stream wrappers. It is here to avoid false positives on coderisk.com
104
+ $input = Sanitize::path($input);
105
+
106
return $input;
107
}
108
138
return $input;
139
}
140
141
+ private static function isOnMicrosoft()
142
{
143
+ if (isset($_SERVER['SERVER_SOFTWARE'])) {
144
+ if (strpos(strtolower($_SERVER['SERVER_SOFTWARE']), 'microsoft') !== false) {
145
+ return true;
146
}
147
+ }
148
+ switch (PHP_OS) {
149
+ case "WINNT":
150
+ case "WIN32":
151
+ case "INTERIX":
152
+ case "UWIN":
153
+ case "UWIN-W7":
154
+ return true;
155
+ break;
156
+ }
157
+ return false;
158
+ }
159
160
+ public static function absPath($input, $errorMsg = 'Not an absolute path')
161
+ {
162
+ // first make sure there are no nasty things like control chars, phar wrappers, etc.
163
+ // - and no directory traversal either.
164
+ self::path($input);
165
+
166
+ // For non-windows, we require that an absolute path begins with "/"
167
+ // On windows, we also accept that a path starts with a drive letter, ie "C:\"
168
+ if ((strpos($input, '/') !== 0)) {
169
+ if (self::isOnMicrosoft()) {
170
+ self::absPathMicrosoftStyle($input);
171
+ } else {
172
throw new SanityException($errorMsg);
173
}
174
}
175
+ return $input;
176
}
177
178
private static function findClosestExistingFolderSymLinksExpanded($input) {
vendor/autoload.php CHANGED
@@ -4,4 +4,4 @@
4
5
require_once __DIR__ . '/composer/autoload_real.php';
6
7
- return ComposerAutoloaderInit8fd167583ae3bd095a84a87a56a51e7c::getLoader();
4
5
require_once __DIR__ . '/composer/autoload_real.php';
6
7
+ return ComposerAutoloaderInit16597e36dd1bfcd787ed5a8e6d908243::getLoader();
vendor/composer/autoload_real.php CHANGED
@@ -2,7 +2,7 @@
2
3
// autoload_real.php @generated by Composer
4
5
- class ComposerAutoloaderInit8fd167583ae3bd095a84a87a56a51e7c
6
{
7
private static $loader;
8
@@ -19,15 +19,15 @@ class ComposerAutoloaderInit8fd167583ae3bd095a84a87a56a51e7c
19
return self::$loader;
20
}
21
22
- spl_autoload_register(array('ComposerAutoloaderInit8fd167583ae3bd095a84a87a56a51e7c', 'loadClassLoader'), true, true);
23
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24
- spl_autoload_unregister(array('ComposerAutoloaderInit8fd167583ae3bd095a84a87a56a51e7c', 'loadClassLoader'));
25
26
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
27
if ($useStaticLoader) {
28
require_once __DIR__ . '/autoload_static.php';
29
30
- call_user_func(\Composer\Autoload\ComposerStaticInit8fd167583ae3bd095a84a87a56a51e7c::getInitializer($loader));
31
} else {
32
$map = require __DIR__ . '/autoload_namespaces.php';
33
foreach ($map as $namespace => $path) {
2
3
// autoload_real.php @generated by Composer
4
5
+ class ComposerAutoloaderInit16597e36dd1bfcd787ed5a8e6d908243
6
{
7
private static $loader;
8
19
return self::$loader;
20
}
21
22
+ spl_autoload_register(array('ComposerAutoloaderInit16597e36dd1bfcd787ed5a8e6d908243', 'loadClassLoader'), true, true);
23
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24
+ spl_autoload_unregister(array('ComposerAutoloaderInit16597e36dd1bfcd787ed5a8e6d908243', 'loadClassLoader'));
25
26
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
27
if ($useStaticLoader) {
28
require_once __DIR__ . '/autoload_static.php';
29
30
+ call_user_func(\Composer\Autoload\ComposerStaticInit16597e36dd1bfcd787ed5a8e6d908243::getInitializer($loader));
31
} else {
32
$map = require __DIR__ . '/autoload_namespaces.php';
33
foreach ($map as $namespace => $path) {
vendor/composer/autoload_static.php CHANGED
@@ -4,7 +4,7 @@
4
5
namespace Composer\Autoload;
6
7
- class ComposerStaticInit8fd167583ae3bd095a84a87a56a51e7c
8
{
9
public static $prefixLengthsPsr4 = array (
10
'W' =>
@@ -130,9 +130,9 @@ class ComposerStaticInit8fd167583ae3bd095a84a87a56a51e7c
130
public static function getInitializer(ClassLoader $loader)
131
{
132
return \Closure::bind(function () use ($loader) {
133
- $loader->prefixLengthsPsr4 = ComposerStaticInit8fd167583ae3bd095a84a87a56a51e7c::$prefixLengthsPsr4;
134
- $loader->prefixDirsPsr4 = ComposerStaticInit8fd167583ae3bd095a84a87a56a51e7c::$prefixDirsPsr4;
135
- $loader->classMap = ComposerStaticInit8fd167583ae3bd095a84a87a56a51e7c::$classMap;
136
137
}, null, ClassLoader::class);
138
}
4
5
namespace Composer\Autoload;
6
7
+ class ComposerStaticInit16597e36dd1bfcd787ed5a8e6d908243
8
{
9
public static $prefixLengthsPsr4 = array (
10
'W' =>
130
public static function getInitializer(ClassLoader $loader)
131
{
132
return \Closure::bind(function () use ($loader) {
133
+ $loader->prefixLengthsPsr4 = ComposerStaticInit16597e36dd1bfcd787ed5a8e6d908243::$prefixLengthsPsr4;
134
+ $loader->prefixDirsPsr4 = ComposerStaticInit16597e36dd1bfcd787ed5a8e6d908243::$prefixDirsPsr4;
135
+ $loader->classMap = ComposerStaticInit16597e36dd1bfcd787ed5a8e6d908243::$classMap;
136
137
}, null, ClassLoader::class);
138
}
vendor/composer/installed.json CHANGED
@@ -1,17 +1,17 @@
1
[
2
{
3
"name": "rosell-dk/dom-util-for-webp",
4
- "version": "0.3.0",
5
- "version_normalized": "0.3.0.0",
6
"source": {
7
"type": "git",
8
"url": "https://github.com/rosell-dk/dom-util-for-webp.git",
9
- "reference": "c9cebf304553695fb6f7cf5634da51172e8e4aba"
10
},
11
"dist": {
12
"type": "zip",
13
- "url": "https://api.github.com/repos/rosell-dk/dom-util-for-webp/zipball/c9cebf304553695fb6f7cf5634da51172e8e4aba",
14
- "reference": "c9cebf304553695fb6f7cf5634da51172e8e4aba",
15
"shasum": ""
16
},
17
"require-dev": {
@@ -19,7 +19,7 @@
19
"phpunit/phpunit": "5.7.27",
20
"squizlabs/php_codesniffer": "3.*"
21
},
22
- "time": "2019-03-07T09:15:07+00:00",
23
"type": "library",
24
"extra": {
25
"scripts-descriptions": {
@@ -44,8 +44,8 @@
44
"authors": [
45
{
46
"name": "Bjørn Rosell",
47
- "homepage": "https://www.bitwise-it.dk/contact",
48
- "role": "Project Author"
49
}
50
],
51
"description": "Replace image URLs found in HTML",
@@ -115,17 +115,17 @@
115
},
116
{
117
"name": "rosell-dk/webp-convert",
118
- "version": "2.1.4",
119
- "version_normalized": "2.1.4.0",
120
"source": {
121
"type": "git",
122
"url": "https://github.com/rosell-dk/webp-convert.git",
123
- "reference": "4ea37baaa3edee036223b45249ec6898fa945821"
124
},
125
"dist": {
126
"type": "zip",
127
- "url": "https://api.github.com/repos/rosell-dk/webp-convert/zipball/4ea37baaa3edee036223b45249ec6898fa945821",
128
- "reference": "4ea37baaa3edee036223b45249ec6898fa945821",
129
"shasum": ""
130
},
131
"require": {
@@ -143,7 +143,7 @@
143
"ext-vips": "to use Vips extension for converting.",
144
"php-stan/php-stan": "Suggested for dev, in order to analyse code before committing"
145
},
146
- "time": "2019-06-28T19:21:17+00:00",
147
"type": "library",
148
"extra": {
149
"scripts-descriptions": {
@@ -167,14 +167,14 @@
167
],
168
"authors": [
169
{
170
- "name": "Martin Folkers",
171
- "homepage": "https://twobrain.io",
172
- "role": "Collaborator"
173
},
174
{
175
- "name": "Bjørn Rosell",
176
- "homepage": "https://www.bitwise-it.dk/contact",
177
- "role": "Project Author"
178
}
179
],
180
"description": "Convert JPEG & PNG to WebP with PHP",
@@ -193,17 +193,17 @@
193
},
194
{
195
"name": "rosell-dk/webp-convert-cloud-service",
196
- "version": "2.0.0",
197
- "version_normalized": "2.0.0.0",
198
"source": {
199
"type": "git",
200
"url": "https://github.com/rosell-dk/webp-convert-cloud-service.git",
201
- "reference": "5345c63d0a44d529591c36ebab33c3bcfc080787"
202
},
203
"dist": {
204
"type": "zip",
205
- "url": "https://api.github.com/repos/rosell-dk/webp-convert-cloud-service/zipball/5345c63d0a44d529591c36ebab33c3bcfc080787",
206
- "reference": "5345c63d0a44d529591c36ebab33c3bcfc080787",
207
"shasum": ""
208
},
209
"require": {
@@ -214,7 +214,7 @@
214
"phpunit/phpunit": "5.7.27",
215
"squizlabs/php_codesniffer": "3.*"
216
},
217
- "time": "2019-06-14T13:05:09+00:00",
218
"type": "library",
219
"extra": {
220
"scripts-descriptions": {
@@ -239,8 +239,8 @@
239
"authors": [
240
{
241
"name": "Bjørn Rosell",
242
- "homepage": "https://www.bitwise-it.dk/contact",
243
- "role": "Project Author"
244
}
245
],
246
"description": "Cloud service for converting JPEG & PNG to WebP",
1
[
2
{
3
"name": "rosell-dk/dom-util-for-webp",
4
+ "version": "0.3.1",
5
+ "version_normalized": "0.3.1.0",
6
"source": {
7
"type": "git",
8
"url": "https://github.com/rosell-dk/dom-util-for-webp.git",
9
+ "reference": "bae8f4a9b666726359d28bfb227d886c12f136a9"
10
},
11
"dist": {
12
"type": "zip",
13
+ "url": "https://api.github.com/repos/rosell-dk/dom-util-for-webp/zipball/bae8f4a9b666726359d28bfb227d886c12f136a9",
14
+ "reference": "bae8f4a9b666726359d28bfb227d886c12f136a9",
15
"shasum": ""
16
},
17
"require-dev": {
19
"phpunit/phpunit": "5.7.27",
20
"squizlabs/php_codesniffer": "3.*"
21
},
22
+ "time": "2019-07-31T14:17:18+00:00",
23
"type": "library",
24
"extra": {
25
"scripts-descriptions": {
44
"authors": [
45
{
46
"name": "Bjørn Rosell",
47
+ "role": "Project Author",
48
+ "homepage": "https://www.bitwise-it.dk/contact"
49
}
50
],
51
"description": "Replace image URLs found in HTML",
115
},
116
{
117
"name": "rosell-dk/webp-convert",
118
+ "version": "2.1.5",
119
+ "version_normalized": "2.1.5.0",
120
"source": {
121
"type": "git",
122
"url": "https://github.com/rosell-dk/webp-convert.git",
123
+ "reference": "b28ce7fe71ce4f930bd352f12b4f1591ac21b9f0"
124
},
125
"dist": {
126
"type": "zip",
127
+ "url": "https://api.github.com/repos/rosell-dk/webp-convert/zipball/b28ce7fe71ce4f930bd352f12b4f1591ac21b9f0",
128
+ "reference": "b28ce7fe71ce4f930bd352f12b4f1591ac21b9f0",
129
"shasum": ""
130
},
131
"require": {
143
"ext-vips": "to use Vips extension for converting.",
144
"php-stan/php-stan": "Suggested for dev, in order to analyse code before committing"
145
},
146
+ "time": "2019-08-02T14:13:24+00:00",
147
"type": "library",
148
"extra": {
149
"scripts-descriptions": {
167
],
168
"authors": [
169
{
170
+ "name": "Bjørn Rosell",
171
+ "role": "Project Author",
172
+ "homepage": "https://www.bitwise-it.dk/contact"
173
},
174
{
175
+ "name": "Martin Folkers",
176
+ "role": "Collaborator",
177
+ "homepage": "https://twobrain.io"
178
}
179
],
180
"description": "Convert JPEG & PNG to WebP with PHP",
193
},
194
{
195
"name": "rosell-dk/webp-convert-cloud-service",
196
+ "version": "2.0.1",
197
+ "version_normalized": "2.0.1.0",
198
"source": {
199
"type": "git",
200
"url": "https://github.com/rosell-dk/webp-convert-cloud-service.git",
201
+ "reference": "703c2f1c76d30468ee3977170bfa3da138d8c4ad"
202
},
203
"dist": {
204
"type": "zip",
205
+ "url": "https://api.github.com/repos/rosell-dk/webp-convert-cloud-service/zipball/703c2f1c76d30468ee3977170bfa3da138d8c4ad",
206
+ "reference": "703c2f1c76d30468ee3977170bfa3da138d8c4ad",
207
"shasum": ""
208
},
209
"require": {
214
"phpunit/phpunit": "5.7.27",
215
"squizlabs/php_codesniffer": "3.*"
216
},
217
+ "time": "2019-06-30T08:28:35+00:00",
218
"type": "library",
219
"extra": {
220
"scripts-descriptions": {
239
"authors": [
240
{
241
"name": "Bjørn Rosell",
242
+ "role": "Project Author",
243
+ "homepage": "https://www.bitwise-it.dk/contact"
244
}
245
],
246
"description": "Cloud service for converting JPEG & PNG to WebP",
vendor/rosell-dk/dom-util-for-webp/README.md CHANGED
@@ -1,6 +1,11 @@
1
# dom-util-for-webp
2
3
- [![Build Status](https://travis-ci.org/rosell-dk/dom-util-for-webp.png?branch=master)](https://travis-ci.org/rosell-dk/dom-util-for-webp)
4
5
*Replace image URLs found in HTML*
6
1
# dom-util-for-webp
2
3
+ [![Latest Stable Version](https://img.shields.io/packagist/v/rosell-dk/image-mime-type-guesser.svg?style=flat-square)](https://packagist.org/packages/rosell-dk/dom-util-for-webp)
4
+ [![Minimum PHP Version](https://img.shields.io/badge/php-%3E%3D%205.6-8892BF.svg?style=flat-square)](https://php.net)
5
+ [![Build Status](https://img.shields.io/travis/rosell-dk/dom-util-for-webp/master.svg?style=flat-square)](https://travis-ci.org/rosell-dk/dom-util-for-webp)
6
+ [![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/rosell-dk/dom-util-for-webp.svg?style=flat-square)](https://scrutinizer-ci.com/g/rosell-dk/dom-util-for-webp/code-structure/master)
7
+ [![Quality Score](https://img.shields.io/scrutinizer/g/rosell-dk/dom-util-for-webp.svg?style=flat-square)](https://scrutinizer-ci.com/g/rosell-dk/dom-util-for-webp/)
8
+ [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](https://github.com/rosell-dk/dom-util-for-webp/blob/master/LICENSE)
9
10
*Replace image URLs found in HTML*
11
vendor/rosell-dk/dom-util-for-webp/composer.json CHANGED
@@ -10,17 +10,19 @@
10
"@build",
11
"@test",
12
"@phpcs-all",
13
- "@composer validate --no-check-all --strict"
14
],
15
"cs-fix-all": [
16
"php-cs-fixer fix src"
17
],
18
"cs-fix": "php-cs-fixer fix",
19
"cs-dry": "php-cs-fixer fix --dry-run --diff",
20
- "test": "phpunit",
21
"phpcs": "phpcs --standard=PSR2",
22
- "phpcs-all": "phpcs --standard=PSR2 --ignore=src/simple_html_dom/simple_html_dom.inc src",
23
- "phpcbf": "phpcbf --standard=PSR2"
24
},
25
"extra": {
26
"scripts-descriptions": {
10
"@build",
11
"@test",
12
"@phpcs-all",
13
+ "@composer validate --no-check-all --strict",
14
+ "@phpstan-global"
15
],
16
"cs-fix-all": [
17
"php-cs-fixer fix src"
18
],
19
"cs-fix": "php-cs-fixer fix",
20
"cs-dry": "php-cs-fixer fix --dry-run --diff",
21
+ "test": "phpunit --coverage-text --coverage-clover=coverage.clover",
22
"phpcs": "phpcs --standard=PSR2",
23
+ "phpcbf": "phpcbf --standard=PSR2",
24
+ "phpstan": "vendor/bin/phpstan analyse src --level=4",
25
+ "phpstan-global": "~/.composer/vendor/bin/phpstan analyse src --level=4"
26
},
27
"extra": {
28
"scripts-descriptions": {
vendor/rosell-dk/dom-util-for-webp/phpunit.xml.dist CHANGED
@@ -20,11 +20,19 @@
20
21
<filter>
22
<whitelist>
23
- <directory>./</directory>
24
<exclude>
25
<directory>./vendor</directory>
26
<directory>./tests</directory>
27
</exclude>
28
</whitelist>
29
</filter>
30
</phpunit>
20
21
<filter>
22
<whitelist>
23
+ <directory suffix=".php">src/</directory>
24
<exclude>
25
<directory>./vendor</directory>
26
<directory>./tests</directory>
27
</exclude>
28
</whitelist>
29
</filter>
30
+
31
+ <logging>
32
+ <log type="junit" target="build/report.junit.xml"/>
33
+ <log type="coverage-clover" target="build/logs/clover.xml"/>
34
+ <log type="coverage-text" target="build/coverage.txt"/>
35
+ <!--<log type="coverage-html" target="build/coverage"/>-->
36
+ </logging>
37
+
38
</phpunit>
vendor/rosell-dk/dom-util-for-webp/{src → src-vendor}/simple_html_dom/simple_html_dom.inc RENAMED
File without changes
vendor/rosell-dk/dom-util-for-webp/src/ImageUrlReplacer.php CHANGED
@@ -26,17 +26,30 @@ namespace DOMUtilForWebP;
26
class ImageUrlReplacer
27
{
28
29
- // define tags to be searched. The div and li are on the list because these are often used with lazy loading
30
- public static $searchInTags = ['img', 'source', 'input', 'iframe', 'div', 'li'];
31
32
/**
33
*
34
- * @return webp url or, if URL should not be changed, return nothing
35
**/
36
public function replaceUrl($url)
37
{
38
if (!preg_match('#(png|jpe?g)$#', $url)) {
39
- return;
40
}
41
return $url . '.webp';
42
}
@@ -157,6 +170,11 @@ class ImageUrlReplacer
157
158
//$dom = HtmlDomParser::str_get_html($html, false, false, 'UTF-8', false);
159
$dom = str_get_html($html, false, false, 'UTF-8', false);
160
if ($dom === false) {
161
if (strlen($html) > MAX_FILE_SIZE) {
162
return '<!-- Alter HTML was skipped because the HTML is too big to process! ' .
@@ -204,7 +222,7 @@ class ImageUrlReplacer
204
public static function replace($html)
205
{
206
if (!function_exists('str_get_html')) {
207
- require_once 'simple_html_dom/simple_html_dom.inc';
208
}
209
$iur = new static();
210
return $iur->replaceHtml($html);
26
class ImageUrlReplacer
27
{
28
29
+ // define tags to be searched.
30
+ // The div and li are on the list because these are often used with lazy loading
31
+ // should we add <meta> ?
32
+ // Probably not for open graph images or twitter
33
+ // so not these:
34
+ // - <meta property="og:image" content="[url]">
35
+ // - <meta property="og:image:secure_url" content="[url]">
36
+ // - <meta name="twitter:image" content="[url]">
37
+ // Meta can also be used in schema.org micro-formatting, ie:
38
+ // - <meta itemprop="image" content="[url]">
39
+ //
40
+ // How about preloaded images? - yes, suppose we should replace those
41
+ // - <link rel="prefetch" href="[url]">
42
+ // - <link rel="preload" as="image" href="[url]">
43
+ public static $searchInTags = ['img', 'source', 'input', 'iframe', 'div', 'li', 'link', 'a', 'section'];
44
45
/**
46
*
47
+ * @return string|null webp url or, if URL should not be changed, return nothing
48
**/
49
public function replaceUrl($url)
50
{
51
if (!preg_match('#(png|jpe?g)$#', $url)) {
52
+ return null;
53
}
54
return $url . '.webp';
55
}
170
171
//$dom = HtmlDomParser::str_get_html($html, false, false, 'UTF-8', false);
172
$dom = str_get_html($html, false, false, 'UTF-8', false);
173
+
174
+ // MAX_FILE_SIZE is defined in simple_html_dom.
175
+ // For safety sake, we make sure it is defined before using
176
+ defined('MAX_FILE_SIZE') || define('MAX_FILE_SIZE', 600000);
177
+
178
if ($dom === false) {
179
if (strlen($html) > MAX_FILE_SIZE) {
180
return '<!-- Alter HTML was skipped because the HTML is too big to process! ' .
222
public static function replace($html)
223
{
224
if (!function_exists('str_get_html')) {
225
+ require_once __DIR__ . '/../src-vendor/simple_html_dom/simple_html_dom.inc';
226
}
227
$iur = new static();
228
return $iur->replaceHtml($html);
vendor/rosell-dk/dom-util-for-webp/src/PictureTags.php CHANGED
@@ -30,11 +30,11 @@ class PictureTags
30
/**
31
* Look for attributes such as "data-lazy-src" and "data-src" and prefer them over "src"
32
*
33
- * @param $attributes an array of attributes for the element
34
- * @param $attrName ie "src", "srcset" or "sizes"
35
*
36
- * @return [value:.., attrName:...] (value is the value of the attribute and
37
- * attrName is the name of the attribute used)
38
*
39
*/
40
private static function lazyGet($attributes, $attrName)
@@ -90,7 +90,7 @@ class PictureTags
90
/**
91
* Makes a string with all attributes.
92
*
93
- * @param $attribute_array
94
* @return string
95
*/
96
private static function createAttributes($attribute_array)
@@ -194,7 +194,7 @@ class PictureTags
194
public static function replace($html)
195
{
196
if (!function_exists('str_get_html')) {
197
- require_once 'simple_html_dom/simple_html_dom.inc';
198
}
199
$pt = new static();
200
return $pt->replaceHtml($html);
30
/**
31
* Look for attributes such as "data-lazy-src" and "data-src" and prefer them over "src"
32
*
33
+ * @param array $attributes an array of attributes for the element
34
+ * @param string $attrName ie "src", "srcset" or "sizes"
35
*
36
+ * @return array an array with "value" key and "attrName" key. ("value" is the value of the attribute and
37
+ * "attrName" is the name of the attribute used)
38
*
39
*/
40
private static function lazyGet($attributes, $attrName)
90
/**
91
* Makes a string with all attributes.
92
*
93
+ * @param array $attribute_array
94
* @return string
95
*/
96
private static function createAttributes($attribute_array)
194
public static function replace($html)
195
{
196
if (!function_exists('str_get_html')) {
197
+ require_once __DIR__ . '/../src-vendor/simple_html_dom/simple_html_dom.inc';
198
}
199
$pt = new static();
200
return $pt->replaceHtml($html);
vendor/rosell-dk/webp-convert/phpstan.neon CHANGED
@@ -23,3 +23,6 @@ parameters:
23
-
24
message: '#SystemRequirementsNotMet#'
25
path: %currentWorkingDirectory%/src/Convert/Converters/ConverterTraits/ExecTrait.php
23
-
24
message: '#SystemRequirementsNotMet#'
25
path: %currentWorkingDirectory%/src/Convert/Converters/ConverterTraits/ExecTrait.php
26
+ -
27
+ message: '#Call to function is_callable\(\) with array.* always evaluate to false#'
28
+ path: %currentWorkingDirectory%/src/Convert/ConverterFactory.php
vendor/rosell-dk/webp-convert/src/Convert/Converters/BaseTraits/WarningLoggerTrait.php CHANGED
@@ -79,10 +79,17 @@ trait WarningLoggerTrait
79
$this->logLn($msg, 'italic');
80
$this->logLn('');
81
82
- //echo 'previously defined handler:' . print_r($this->previousErrorHandler, true);
83
-
84
if (!is_null($this->previousErrorHandler)) {
85
- return call_user_func($this->previousErrorHandler, $errno, $errstr, $errfile, $errline);
86
} else {
87
return false;
88
}
79
$this->logLn($msg, 'italic');
80
$this->logLn('');
81
82
if (!is_null($this->previousErrorHandler)) {
83
+ // If previousErrorHandler is this very error handler, exit to avoid recursion
84
+ // (this could happen if ::activateWarningLogger() were called twice)
85
+ if (is_array($this->previousErrorHandler) &&
86
+ isset($this->previousErrorHandler[0]) &&
87
+ ($this->previousErrorHandler[0] == $this)
88
+ ) {
89
+ return false;
90
+ } else {
91
+ return call_user_func($this->previousErrorHandler, $errno, $errstr, $errfile, $errline);
92
+ }
93
} else {
94
return false;
95
}
vendor/rosell-dk/webp-convert/src/Convert/Helpers/JpegQualityDetector.php CHANGED
@@ -13,7 +13,13 @@ class JpegQualityDetector
13
{
14
15
/**
16
- * Try to detect quality of jpeg using imagick extension
17
*
18
* @param string $filename A complete file path to file to be examined
19
* @return int|null Quality, or null if it was not possible to detect quality
@@ -26,7 +32,14 @@ class JpegQualityDetector
26
27
// The required function is available as from PECL imagick v2.2.2
28
if (method_exists($img, 'getImageCompressionQuality')) {
29
- return $img->getImageCompressionQuality();
30
}
31
} catch (\Exception $e) {
32
// Well well, it just didn't work out.
@@ -38,7 +51,17 @@ class JpegQualityDetector
38
39
40
/**
41
- * Try to detect quality of jpeg using imagick binary
42
*
43
* @param string $filename A complete file path to file to be examined
44
* @return int|null Quality, or null if it was not possible to detect quality
@@ -58,7 +81,12 @@ class JpegQualityDetector
58
59
60
/**
61
- * Try to detect quality of jpeg using gmagick binary
62
*
63
* @param string $filename A complete file path to file to be examined
64
* @return int|null Quality, or null if it was not possible to detect quality
@@ -69,7 +97,15 @@ class JpegQualityDetector
69
// Try GraphicsMagick
70
exec("gm identify -format '%Q' " . escapeshellarg($filename) . " 2>&1", $output, $returnCode);
71
if ((intval($returnCode) == 0) && (is_array($output)) && (count($output) == 1)) {
72
- return intval($output[0]);
73
}
74
}
75
return null;
13
{
14
15
/**
16
+ * Try to detect quality of jpeg using imagick extension.
17
+ *
18
+ * Note that the detection might fail for two different reasons:
19
+ * 1) Imagick is not installed
20
+ * 2) Imagick for some reason fails to detect quality for some images
21
+ *
22
+ * In both cases, null is returned.
23
*
24
* @param string $filename A complete file path to file to be examined
25
* @return int|null Quality, or null if it was not possible to detect quality
32
33
// The required function is available as from PECL imagick v2.2.2
34
if (method_exists($img, 'getImageCompressionQuality')) {
35
+ $quality = $img->getImageCompressionQuality();
36
+ if ($quality === 0) {
37
+ // We have experienced that this Imagick method returns 0 for some images,
38
+ // (even though the imagemagick binary is able to detect the quality)
39
+ // ie "/test/images/quality-undetectable-with-imagick.jpg". See #208
40
+ $quality = null;
41
+ }
42
+ return $quality;
43
}
44
} catch (\Exception $e) {
45
// Well well, it just didn't work out.
51
52
53
/**
54
+ * Try to detect quality of jpeg using imagick binary.
55
+ *
56
+ * Note that the detection might fail for three different reasons:
57
+ * 1) exec function is not available
58
+ * 2) the 'identify' command is not available on the system
59
+ * 3) imagemagick for some reason fails to detect quality for some images
60
+ *
61
+ * In the first two cases, null is returned.
62
+ * In the third case, 92 is returned. This is what imagemagick returns when it cannot detect the quality.
63
+ * and unfortunately we cannot distinguish between the situation where the quality is undetectable
64
+ * and the situation where the quality is actually 92 (at least, I have not found a way to do so)
65
*
66
* @param string $filename A complete file path to file to be examined
67
* @return int|null Quality, or null if it was not possible to detect quality
81
82
83
/**
84
+ * Try to detect quality of jpeg using graphicsmagick binary.
85
+ *
86
+ * It seems that graphicsmagick is never able to detect the quality! - and always returns
87
+ * the default quality, which is 75.
88
+ * However, as this might be solved in future versions, the method might be useful one day.
89
+ * But we treat "75" as a failure to detect and shall return null in that case.
90
*
91
* @param string $filename A complete file path to file to be examined
92
* @return int|null Quality, or null if it was not possible to detect quality
97
// Try GraphicsMagick
98
exec("gm identify -format '%Q' " . escapeshellarg($filename) . " 2>&1", $output, $returnCode);
99
if ((intval($returnCode) == 0) && (is_array($output)) && (count($output) == 1)) {
100
+ $quality = intval($output[0]);
101
+
102
+ // It seems that graphicsmagick is (currently) never able to detect the quality!
103
+ // - and always returns 75 as a fallback
104
+ // We shall therefore treat 75 as a failure to detect. (#209)
105
+ if ($quality == 75) {
106
+ return null;
107
+ }
108
+ return $quality;
109
}
110
}
111
return null;
vendor/rosell-dk/webp-convert/src/Exceptions/SanityException.txt ADDED
@@ -0,0 +1,10 @@
1
+ <?php
2
+
3
+ namespace WebPConvert\Exceptions;
4
+
5
+ use WebPConvert\Exceptions\WebPConvertException;
6
+
7
+ class SanityException extends WebPConvertException
8
+ {
9
+ public $description = 'Sanity check failed';
10
+ }
webp-express.php CHANGED
@@ -3,7 +3,7 @@
3
* Plugin Name: WebP Express
4
* Plugin URI: https://github.com/rosell-dk/webp-express
5
* Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6
- * Version: 0.14.21
7
* Author: Bjørn Rosell
8
* Author URI: https://www.bitwise-it.dk
9
* License: GPL2
3
* Plugin Name: WebP Express
4
* Plugin URI: https://github.com/rosell-dk/webp-express
5
* Description: Serve autogenerated WebP images instead of jpeg/png to browsers that supports WebP. Works on anything (media library images, galleries, theme images etc).
6
+ * Version: 0.14.22
7
* Author: Bjørn Rosell
8
* Author URI: https://www.bitwise-it.dk
9
* License: GPL2
wod/webp-on-demand.php CHANGED
@@ -14,12 +14,12 @@ use \WebPExpress\SanityException;
14
use \WebPExpress\ValidateException;
15
use \WebPExpress\Validate;
16
17
- class WebPOnDempand
18
{
19
20
private static $docRoot;
21
22
- private static function exitWithError($msg) {
23
header('X-WebP-Express-Error: ' . $msg, true);
24
echo $msg;
25
exit;
@@ -108,10 +108,14 @@ class WebPOnDempand
108
109
110
// Validate that WebPExpress was configured to redirect to this conversion script
111
// ------------------------------------------------------------------------------
112
$checking = 'settings';
113
- if (!isset($wodOptions['enable-redirection-to-converter']) || ($wodOptions['enable-redirection-to-converter'] === false)) {
114
- throw new ValidateException('Redirection to conversion script is not enabled');
115
}
116
117
@@ -219,9 +223,11 @@ class WebPOnDempand
219
// Only protect on Apache. We know for sure that the method is not reliable on nginx. We have not tested on litespeed yet, so we dare not.
220
if (stripos($_SERVER["SERVER_SOFTWARE"], 'apache') !== false && stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') === false) {
221
if (strpos($_SERVER['REQUEST_URI'], 'webp-on-demand.php') !== false) {
222
- WebPOnDempand::exitWithError('It seems you are visiting this file (plugins/webp-express/wod/webp-on-demand.php) directly. We do not allow this.');
223
exit;
224
}
225
}
226
227
- WebPOnDempand::process();
14
use \WebPExpress\ValidateException;
15
use \WebPExpress\Validate;
16
17
+ class WebPOnDemand
18
{
19
20
private static $docRoot;
21
22
+ public static function exitWithError($msg) {
23
header('X-WebP-Express-Error: ' . $msg, true);
24
echo $msg;
25
exit;
108
109
110
// Validate that WebPExpress was configured to redirect to this conversion script
111
+ // (but do not require that for Nginx)
112
// ------------------------------------------------------------------------------
113
$checking = 'settings';
114
+ if (stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') === false) {
115
+ if (!isset($wodOptions['enable-redirection-to-converter']) || ($wodOptions['enable-redirection-to-converter'] === false)) {
116
+ throw new ValidateException('Redirection to conversion script is not enabled');
117
+ }
118
+
119
}
120
121
223
// Only protect on Apache. We know for sure that the method is not reliable on nginx. We have not tested on litespeed yet, so we dare not.
224
if (stripos($_SERVER["SERVER_SOFTWARE"], 'apache') !== false && stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') === false) {
225
if (strpos($_SERVER['REQUEST_URI'], 'webp-on-demand.php') !== false) {
226
+ WebPOnDemand::exitWithError(
227
+ 'It seems you are visiting this file (plugins/webp-express/wod/webp-on-demand.php) directly. We do not allow this.'
228
+ );
229
exit;
230
}
231
}
232
233
+ WebPOnDemand::process();
wod/webp-realizer.php CHANGED
@@ -15,7 +15,7 @@ class WebPRealizer
15
16
private static $docRoot;
17
18
- private static function exitWithError($msg) {
19
header('X-WebP-Express-Error: ' . $msg, true);
20
echo $msg;
21
exit;
@@ -111,10 +111,13 @@ class WebPRealizer
111
112
113
// Validate that WebPExpress was configured to redirect to this conversion script
114
// ------------------------------------------------------------------------------
115
$checking = 'settings';
116
- if (!isset($wodOptions['enable-redirection-to-webp-realizer']) || ($wodOptions['enable-redirection-to-webp-realizer'] === false)) {
117
- throw new ValidateException('Redirection to webp realizer is not enabled');
118
}
119
120
@@ -207,7 +210,9 @@ class WebPRealizer
207
// Only protect on Apache. We know for sure that the method is not reliable on nginx. We have not tested on litespeed yet, so we dare not.
208
if (stripos($_SERVER["SERVER_SOFTWARE"], 'apache') !== false && stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') === false) {
209
if (strpos($_SERVER['REQUEST_URI'], 'webp-realizer.php') !== false) {
210
- WebPRealizer::exitWithError('It seems you are visiting this file (plugins/webp-express/wod/webp-realizer.php) directly. We do not allow this.');
211
exit;
212
}
213
}
15
16
private static $docRoot;
17
18
+ public static function exitWithError($msg) {
19
header('X-WebP-Express-Error: ' . $msg, true);
20
echo $msg;
21
exit;
111
112
113
// Validate that WebPExpress was configured to redirect to this conversion script
114
+ // (but do not require that for Nginx)
115
// ------------------------------------------------------------------------------
116
$checking = 'settings';
117
+ if (stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') === false) {
118
+ if (!isset($wodOptions['enable-redirection-to-webp-realizer']) || ($wodOptions['enable-redirection-to-webp-realizer'] === false)) {
119
+ throw new ValidateException('Redirection to webp realizer is not enabled');
120
+ }
121
}
122
123
210
// Only protect on Apache. We know for sure that the method is not reliable on nginx. We have not tested on litespeed yet, so we dare not.
211
if (stripos($_SERVER["SERVER_SOFTWARE"], 'apache') !== false && stripos($_SERVER["SERVER_SOFTWARE"], 'nginx') === false) {
212
if (strpos($_SERVER['REQUEST_URI'], 'webp-realizer.php') !== false) {
213
+ WebPRealizer::exitWithError(
214
+ 'It seems you are visiting this file (plugins/webp-express/wod/webp-realizer.php) directly. We do not allow this.'
215
+ );
216
exit;
217
}
218
}