From 7e7c5cb40bbd1e558bbabc407102c8b2937fc56c Mon Sep 17 00:00:00 2001 From: mcdruid Date: Tue, 3 Dec 2024 22:46:21 +0000 Subject: [PATCH 1/5] check temp path before deleting files in destructor --- src/InterventionBackend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/InterventionBackend.php b/src/InterventionBackend.php index a6644560..7746e650 100644 --- a/src/InterventionBackend.php +++ b/src/InterventionBackend.php @@ -815,7 +815,7 @@ public function __destruct() $this->image->destroy(); } // remove our temp file if it exists - if (file_exists($this->getTempPath() ?? '')) { + if ((strpos(basename($this->getTempPath()), 'interventionimage_') === 0) && file_exists($this->getTempPath() ?? '')) { unlink($this->getTempPath() ?? ''); } } From 16006f5578cb6b5ba68a31021bac5b2c7d85eb1e Mon Sep 17 00:00:00 2001 From: mcdruid Date: Wed, 4 Dec 2024 08:52:31 +0000 Subject: [PATCH 2/5] silverstripe requires PHP8 so we can use str_starts_with --- src/InterventionBackend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/InterventionBackend.php b/src/InterventionBackend.php index 7746e650..df79a048 100644 --- a/src/InterventionBackend.php +++ b/src/InterventionBackend.php @@ -815,7 +815,7 @@ public function __destruct() $this->image->destroy(); } // remove our temp file if it exists - if ((strpos(basename($this->getTempPath()), 'interventionimage_') === 0) && file_exists($this->getTempPath() ?? '')) { + if (str_starts_with(basename($this->getTempPath()), 'interventionimage_') && file_exists($this->getTempPath() ?? '')) { unlink($this->getTempPath() ?? ''); } } From 76a7dc06cd42d5b93ba325ab294216539a66b0f0 Mon Sep 17 00:00:00 2001 From: mcdruid Date: Tue, 18 Feb 2025 09:25:01 +0000 Subject: [PATCH 3/5] introduce constant TEMP_FILE_PREFIX --- src/InterventionBackend.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/InterventionBackend.php b/src/InterventionBackend.php index df79a048..9eedbcfc 100644 --- a/src/InterventionBackend.php +++ b/src/InterventionBackend.php @@ -35,6 +35,11 @@ class InterventionBackend implements Image_Backend, Flushable */ const CACHE_DIMENSIONS = 'DIMENSIONS_'; + /** + * Prefix for temp file names + */ + private const TEMP_FILE_PREFIX = 'interventionimage_'; + /** * Is cache flushing enabled? * @@ -258,7 +263,7 @@ public function getImageResource() // write the file to a local path so we can extract exif data if it exists. // Currently exif data can only be read from file paths and not streams $tempPath = $this->config()->get('local_temp_path') ?? TEMP_PATH; - $path = tempnam($tempPath ?? '', 'interventionimage_'); + $path = tempnam($tempPath ?? '', TEMP_FILE_PREFIX); if ($extension = pathinfo($assetContainer->getFilename() ?? '', PATHINFO_EXTENSION)) { //tmpnam creates a file, we should clean it up if we are changing the path name unlink($path ?? ''); @@ -815,7 +820,7 @@ public function __destruct() $this->image->destroy(); } // remove our temp file if it exists - if (str_starts_with(basename($this->getTempPath()), 'interventionimage_') && file_exists($this->getTempPath() ?? '')) { + if (str_starts_with(basename($this->getTempPath()), TEMP_FILE_PREFIX) && file_exists($this->getTempPath() ?? '')) { unlink($this->getTempPath() ?? ''); } } From 6f6b5c34f8eb15d1457c40fe7397f9c072c0b3ed Mon Sep 17 00:00:00 2001 From: Drew Webber Date: Tue, 18 Feb 2025 21:45:24 +0000 Subject: [PATCH 4/5] Update src/InterventionBackend.php Co-authored-by: Steve Boyd --- src/InterventionBackend.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/InterventionBackend.php b/src/InterventionBackend.php index 9eedbcfc..16058872 100644 --- a/src/InterventionBackend.php +++ b/src/InterventionBackend.php @@ -820,8 +820,10 @@ public function __destruct() $this->image->destroy(); } // remove our temp file if it exists - if (str_starts_with(basename($this->getTempPath()), TEMP_FILE_PREFIX) && file_exists($this->getTempPath() ?? '')) { - unlink($this->getTempPath() ?? ''); + $tempPath = $this->getTempPath() ?? ''; + if (str_starts_with(basename($tempPath), InterventionBackend::TEMP_FILE_PREFIX) && file_exists($tempPath)) { + unlink($tempPath); + } } } From 9343e1f7896a88855c5856b097e474d6835c058f Mon Sep 17 00:00:00 2001 From: Drew Webber Date: Tue, 18 Feb 2025 21:45:34 +0000 Subject: [PATCH 5/5] Update src/InterventionBackend.php Co-authored-by: Steve Boyd --- src/InterventionBackend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/InterventionBackend.php b/src/InterventionBackend.php index 16058872..105e53d1 100644 --- a/src/InterventionBackend.php +++ b/src/InterventionBackend.php @@ -263,7 +263,7 @@ public function getImageResource() // write the file to a local path so we can extract exif data if it exists. // Currently exif data can only be read from file paths and not streams $tempPath = $this->config()->get('local_temp_path') ?? TEMP_PATH; - $path = tempnam($tempPath ?? '', TEMP_FILE_PREFIX); + $path = tempnam($tempPath ?? '', InterventionBackend::TEMP_FILE_PREFIX); if ($extension = pathinfo($assetContainer->getFilename() ?? '', PATHINFO_EXTENSION)) { //tmpnam creates a file, we should clean it up if we are changing the path name unlink($path ?? '');