Allow to set the protocol for external images

This changes makes url like /image/1/80/80/1/https://external.domain/image.jpg Mostly needed for sites that are https only or ones that upgrade insecure requests
symphonycms · Jun 23, 2016 · f2a5c17 · f2a5c17
1 parent 1f7245b
commit f2a5c17
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/README.markdown b/README.markdown
@@ -155,6 +155,10 @@ The URL then requires a sixth parameter, external, (where the fourth and fifth p
 	<img src="{$root}/image/1/80/80/1/{full/path/to/image}" />
 	                                ^ External parameter
 
+You can also include the protocol in the full path of the image. This can eliminate a redirection when requesting images from a domain that upgrade insecure requests.
+
+	<img src="{$root}/image/1/80/80/1/https://{full/path/to/image}" />
+
 ### Recipes
 
 Recipes are named rules in JIT settings which help improve security and convenience. They can be edited at the preferences page in the JIT section and are saved in `/workspace/jit-image-manipulation/recipes.php`. An image using a recipe called `thumbnail` might look like:

diff --git a/extension.meta.xml b/extension.meta.xml
@@ -27,6 +27,7 @@
 			- Removed the Image::renderOutputHeaders() method
 			- Removed support for the undocumented "Direct display" (mode 0)
 			- Added support for forced download via the ?save query string
+			- Added support to pass protocol for external images
 		</release>
 		<release version="2.0.0" date="2016-04-26" min="2.6.0" max="2.x.x">
 			- JIT image process is it's own Symphony renderer now

diff --git a/lib/class.jit.php b/lib/class.jit.php
@@ -265,7 +265,14 @@ public function fetchImagePath(array &$parameters)
     {
         // Fetch external images
         if ($parameters['settings']['external'] === true) {
-            $image_path = "http://{$parameters['image']}";
+            if (preg_match('/^https?:\/\/?/i', $parameters['image'])) {
+                // User agent will reduce multiple slashes (//) after the protocol.
+                // This replacement will take this fact into account
+                $image_path = preg_replace('/^(https?:)\/([^\/])(.+)$/i', '$1//$2$3', $parameters['image']);
+            }
+            else {
+                $image_path = "http://{$parameters['image']}";
+            }
 
             // Image is external, check to see that it is a trusted source
             $rules = @file(WORKSPACE . '/jit-image-manipulation/trusted-sites', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);