fix EXIF-rotated images shown cropped in previews, closes #4482

JPEGs with EXIF orientation 5/6/7/8 were rendered cropped in the
mediamanager detail view, the image diff view and the fullscreen
deta

fix EXIF-rotated images shown cropped in previews, closes #4482

JPEGs with EXIF orientation 5/6/7/8 were rendered cropped in the
mediamanager detail view, the image diff view and the fullscreen
detail page: getimagesize() / JpegMeta report raw (rotation-unaware)
pixel dimensions, and passing both w and h to fetch.php defaults to
center-crop.

- Bump splitbrain/slika to 1.1, which ships ImageInfo: a rotation-
aware, metadata-only dimension simulator mirroring Adapter's
fluent API (autorotate/resize/crop).
- Add fit=1 to fetch.php: when both w and h are given, route to
media_resize_image() (bbox fit) instead of media_crop_image().
Token hashes only (id, w, h) so existing tokens stay valid.
- Add MediaFile::getDisplayDimensions($w, $h, $crop) which delegates
to ImageInfo and returns the dims fetch.php would produce.
- Add Display::getDetailHtml() and retire media_preview() / the old
media_image_preview_size() helper. media_tab_view and MediaDiff
now share the Display-based renderer.
- Rewrite tpl_img() (lib/tpl/*/detail.php) to use MediaFile dims +
fit=1 URL; drops the manual ratio math.
- Tests: MediaFileTest covers the dims math, DisplayTest covers the
detail-view HTML (rotated dims, rev-vs-timestamp URL selection,
structure), fetch_imagetoken gains a fit-token compat test.
Fixture _test/data/media/wiki/exif-orient-6.jpg: 20x30 JPEG with
EXIF orientation 6.

show more ...

Use str_starts_with/str_ends_with

code style: line breaks

Rector to rename print to echo calls

reformat /lib/exe/ folder

Apply rector fixes to lib/exe

opening up CSP headers for fetch.php resources

This drops the sandbox attribute as discussed in #3710 to re-enable
inline display of PDFs in Safari again.

Dropping the sandbox attribute should also

opening up CSP headers for fetch.php resources

This drops the sandbox attribute as discussed in #3710 to re-enable
inline display of PDFs in Safari again.

Dropping the sandbox attribute should also help with using navigational
links within SVG files as discussed in
https://forum.dokuwiki.org/d/20420-how-to-embed-svg-with-links-the-proper-way

It also allows the loading of fonts from within SVG files. This
currently does not allow font loading from google fonts as asked for
in #3709 though. I'm not sure if we should favor any font provider here.

show more ...

minor SVG improvements

* never try to use slika to resize SVGs - let the browser do it
* use object-fit:cover for all images - this properly crops inside the
browser if the backend didn't (like fo

minor SVG improvements

* never try to use slika to resize SVGs - let the browser do it
* use object-fit:cover for all images - this properly crops inside the
browser if the backend didn't (like for SVGs). currently dokuwiki
template only - might be worth moving to default styles
* show previews for SVGs in media manager

show more ...

Media CSP: omit script-src and add frame-ancestors

See comments for details:

https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506909727
https://github.com/splitbrain/dokuwiki/pull/3310#

Media CSP: omit script-src and add frame-ancestors

See comments for details:

https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506909727
https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506913304

show more ...

Restrictive Content-Security-Policy for media #1045

This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptabl

Restrictive Content-Security-Policy for media #1045

This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptable media, like SVG is used.

Suggestions on finetuning the policy are welcome.

The policy is added to the MEDIA_SENDFILE event, so plugins can easily
influence it. The way it is passed as an array should make it easier to
modify from plugins as well.

I put the mechanism to send the header into it's own class in the HTTP
namespace. Additional methods from inc/httputils could be moved here
later. The method might also be interesting for #2198 and #1676.

show more ...

add new "MEDIA_RESIZE" event

First go at moving the plugin classes into their own namespace

adjusted the Input clases for PSR2

They are now in their own namespace.

fix misspelled variable name,

Re-order parameters to not break other callers

Use original filename for Content-Disposition

In most cases this change will have no effect, but noes the response will use the filename that was originally requested. The downloaded filename can be

Use original filename for Content-Disposition

In most cases this change will have no effect, but noes the response will use the filename that was originally requested. The downloaded filename can be modified to something different as well. E.g. the siteexport plugin will make use of it.

show more ...

media image can be resized by height (without width)

Add check for token when resizing and caching external images

refactor fetch to support unittesting

add a token to fetch urls requiring image resize/crop to prevent external DDOS via fetch

there's no pragma: private

max-age not allowed with no-cache

adjusted cache=0 headers again

fixed passed cache parameter

handle public vs. private ressource in sendFile()