Umbraco-CMS

yv01p/Umbraco-CMS

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ronald Barendse	27ae8bdba9	v12: Add HMAC image processing protection (#14181 ) * Update to ImageSharp 2.1.0 and ImageSharp.Web 2.0.0-alpha.0.23 * Rename CachedNameLength to CacheHashLength and add CacheFolderDepth setting * Replace PhysicalFileSystemProvider with WebRootImageProvider * Support EXIF-orientation in image dimention extractor * Remove virtual methods on FileProviderImageProvider * Simplify FileInfoImageResolver * Update to SixLabors.ImageSharp.Web 2.0.0-alpha.0.25 and remove custom providers * Make CropWebProcessor EXIF orientation-aware * Improve width/height sanitization * Also use 'v' as cache buster value * Add WebP to supported image file types * Update to SixLabors.ImageSharp.Web 2.0.0-alpha.0.27 and fix test * Fix rounding error and add test cases * Update to newest and stable releases * Move ImageSharpImageUrlGenerator to Umbraco.Web.Common * Use IConfigureOptions to configure ImageSharp options * Implement IEquatable on ImageUrlGenerationOptions classes * Fix empty/null values in image URL generation and corresponding tests * Use IsSupportedImageFormat extension method * Remove unneeded reflection * Add HMACSecretKey setting and add token when generating image URLs * Ensure backoffice image URLs are generated by the server (and include a correct HMAC token) * Abstract HMAC generation to IImageUrlTokenGenerator * Change cache buster value to 'v' and use hexadecimal timestamp * Update comments * Fix backoffice thumbnail URL generation * Update grid media thumbnail URL generation * Remove breaking changes * Strip unknown commands from image URL token * Remove HMAC whitelisting possibility (not supported by ImageSharp) * Update to SixLabors.ImageSharp 2.1.3 * Add comment to internal constructor * Fix to support absolute image URLs * Update to SixLabors.ImageSharp.Web 2.0.3-alpha.0.3 * Remove IImageUrlTokenGenerator and use ImageSharpRequestAuthorizationUtilities * Move NuGet feed to config file * Update to ImageSharp v3	2023-05-11 11:01:03 +02:00
Mole	5e9ce916cf	V12: Update ImageSharp V3 and Add Legacy V2 Project (#14216 ) * Rename old imagesharp to v2 * Add Ronalds PR as imagesharp * Ensure that we use V3 by default	2023-05-09 10:09:54 +02:00
Ronald Barendse	3873a0735c	v11: Decouple dependencies (#12907 ) * Move core dependencies and MSBuild targets from Umbraco.Cms to Umbraco.Cms.Targets * Re-add appsettings.Tests.json * Include appsettings-schema.json * Use .NET 7.x in CodeQL build * Fix duplicate Directory.Build.props import * Decouple ImageSharp/ImageSharp.Web implementations * Further decouple SqlServer implementation * Add SupportedImageFileTypes to IImageDimensionExtractor * Update descriptions * Update project metadata * Re-enable package validation * Add embedded package icon * Move ContinuousIntegrationBuild to build script * Move shared properties to root Directory.Build.props * Fix GetInstallState throwing exception when default provider isn't configured * Remove redundant PackageRequireLicenseAcceptance and update version to 11.0.0-rc1 * Update build script * Remove LangVersion preview * Disable app-local ICU for MacOS integration test * Disable app-local ICU for all integration tests * Fix RuntimeState_Run test assertion * Update projects and build script to require Node.js 16.17 (latest LTS) * Remove app-local ICU from unit tests * Add missing project reference * Generate XML documentation files * Expose management API in Web.UI project * Update .NET 7 dependencies to RC1 * Update package-lock.json files * Downgrade Cypress version	2022-09-27 14:22:34 +02:00

Author

SHA1

Message

Date

Ronald Barendse

27ae8bdba9

v12: Add HMAC image processing protection (#14181 )

* Update to ImageSharp 2.1.0 and ImageSharp.Web 2.0.0-alpha.0.23

* Rename CachedNameLength to CacheHashLength and add CacheFolderDepth setting

* Replace PhysicalFileSystemProvider with WebRootImageProvider

* Support EXIF-orientation in image dimention extractor

* Remove virtual methods on FileProviderImageProvider

* Simplify FileInfoImageResolver

* Update to SixLabors.ImageSharp.Web 2.0.0-alpha.0.25 and remove custom providers

* Make CropWebProcessor EXIF orientation-aware

* Improve width/height sanitization

* Also use 'v' as cache buster value

* Add WebP to supported image file types

* Update to SixLabors.ImageSharp.Web 2.0.0-alpha.0.27 and fix test

* Fix rounding error and add test cases

* Update to newest and stable releases

* Move ImageSharpImageUrlGenerator to Umbraco.Web.Common

* Use IConfigureOptions to configure ImageSharp options

* Implement IEquatable on ImageUrlGenerationOptions classes

* Fix empty/null values in image URL generation and corresponding tests

* Use IsSupportedImageFormat extension method

* Remove unneeded reflection

* Add HMACSecretKey setting and add token when generating image URLs

* Ensure backoffice image URLs are generated by the server (and include a correct HMAC token)

* Abstract HMAC generation to IImageUrlTokenGenerator

* Change cache buster value to 'v' and use hexadecimal timestamp

* Update comments

* Fix backoffice thumbnail URL generation

* Update grid media thumbnail URL generation

* Remove breaking changes

* Strip unknown commands from image URL token

* Remove HMAC whitelisting possibility (not supported by ImageSharp)

* Update to SixLabors.ImageSharp 2.1.3

* Add comment to internal constructor

* Fix to support absolute image URLs

* Update to SixLabors.ImageSharp.Web 2.0.3-alpha.0.3

* Remove IImageUrlTokenGenerator and use ImageSharpRequestAuthorizationUtilities

* Move NuGet feed to config file

* Update to ImageSharp v3

2023-05-11 11:01:03 +02:00

Mole

5e9ce916cf

V12: Update ImageSharp V3 and Add Legacy V2 Project (#14216 )

* Rename old imagesharp to v2

* Add Ronalds PR as imagesharp

* Ensure that we use V3 by default

2023-05-09 10:09:54 +02:00

Ronald Barendse

3873a0735c

v11: Decouple dependencies (#12907 )

* Move core dependencies and MSBuild targets from Umbraco.Cms to Umbraco.Cms.Targets

* Re-add appsettings.Tests.json

* Include appsettings-schema.json

* Use .NET 7.x in CodeQL build

* Fix duplicate Directory.Build.props import

* Decouple ImageSharp/ImageSharp.Web implementations

* Further decouple SqlServer implementation

* Add SupportedImageFileTypes to IImageDimensionExtractor

* Update descriptions

* Update project metadata

* Re-enable package validation

* Add embedded package icon

* Move ContinuousIntegrationBuild to build script

* Move shared properties to root Directory.Build.props

* Fix GetInstallState throwing exception when default provider isn't configured

* Remove redundant PackageRequireLicenseAcceptance and update version to 11.0.0-rc1

* Update build script

* Remove LangVersion preview

* Disable app-local ICU for MacOS integration test

* Disable app-local ICU for all integration tests

* Fix RuntimeState_Run test assertion

* Update projects and build script to require Node.js 16.17 (latest LTS)

* Remove app-local ICU from unit tests

* Add missing project reference

* Generate XML documentation files

* Expose management API in Web.UI project

* Update .NET 7 dependencies to RC1

* Update package-lock.json files

* Downgrade Cypress version

2022-09-27 14:22:34 +02:00

3 Commits