forked from OFFLINE-GmbH/oc-responsive-images-plugin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwebp.php
130 lines (111 loc) · 3.12 KB
/
webp.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
$includes = [
__DIR__ . '/../../../vendor/autoload.php',
__DIR__ . '/vendor/autoload.php',
];
// Include the Composer autoloader.
foreach ($includes as $include) {
if (file_exists($include)) {
require $include;
}
}
use WebPConvert\WebPConvert;
/**
* Include Composer's autoloader, then convert and serve the WebP image.
* @return void
*/
function main()
{
$source = $_GET['path'];
// Prefix the input path with a slash if it is not there already.
if (strpos($source, '/') !== 0) {
$source = '/' . $source;
}
$baseDir = env('RESPONSIVE_IMAGES_BASE_DIR', __DIR__ . '/../../..');
$source = realpath($baseDir . $source);
$destination = $source . '.webp';
$path = validatePath($source);
if ($path === '') {
redirectNotFound();
die();
}
WebPConvert::serveConverted($source, $destination, [
// Serve the original if the client does not support WebP.
'serve-original' => strpos($_SERVER['HTTP_ACCEPT'], 'image/webp') === false,
'fail' => 'original',
'fail-when-fail-fails' => '404',
'serve-image' => [
'headers' => [
'cache-control' => true,
'content-length' => true,
'content-type' => true,
'expires' => false,
'last-modified' => true,
'vary-accept' => false,
],
'cache-control-header' => 'public, max-age=31536000',
],
'convert' => [
'quality' => 95,
],
]);
}
main();
/**
* Make sure no one is tampering with the path's GET parameter.
*
* @param string $path
*
* @return string
*/
function validatePath(string $path)
{
if ( ! file_exists($path)) {
return '';
}
$path = realpath($path);
if ( ! realpath($path)) {
return '';
}
if (strpos($path, '..') !== false) {
return '';
}
if (strpos($path, './') !== false || strpos($path, '//') !== false) {
return '';
}
// Get the project's base path based on the current directory.
$basePath = str_replace('plugins/offline/responsiveimages', '', realpath(__DIR__));
// Make sure the included path starts with the project's base path.
if (strpos($path, $basePath) !== 0) {
return '';
}
return $path;
}
/**
* Redirect to October's /404 URL to trigger a not found response.
* @return void
*/
function redirectNotFound()
{
$location = sprintf('%s://%s/404', getProtocol(), $_SERVER['SERVER_NAME']);
header('Location: ' . $location);
die;
}
/**
* Determine the request protocol of the current request.
*
* @return string
*/
function getProtocol(): string
{
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
return 'https';
}
if ( ! empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
return 'https';
}
if ( ! empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on') {
return 'https';
}
return 'http';
}