From d06949ffe5594b64d4b7b6b3e2036dc0093f110a Mon Sep 17 00:00:00 2001
From: Moctar <diouf@alchemy.fr>
Date: Thu, 7 Jan 2021 19:27:22 +0100
Subject: [PATCH] manage ImageMagick policies on docker context

---
 .env                                   | 10 ++++++++++
 docker-compose.yml                     |  9 ++++++++-
 docker/phraseanet/worker/entrypoint.sh |  8 ++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/.env b/.env
index 51dfc6d4a0..a77e09e8e8 100644
--- a/.env
+++ b/.env
@@ -140,3 +140,13 @@ SSH_AUTH_SOCK=/dev/null
 # Plugin support
 PHRASEANET_PLUGINS=
 PHRASEANET_SSH_PRIVATE_KEY=
+
+# ImageMagick policies change
+IMAGEMAGICK_POLICY_VERSION=6
+IMAGEMAGICK_POLICY_WIDTH=16KP
+IMAGEMAGICK_POLICY_HEIGHT=16KP
+IMAGEMAGICK_POLICY_MAP=512MiB
+IMAGEMAGICK_POLICY_MEMORY=256MiB
+IMAGEMAGICK_POLICY_AREA=128MB
+IMAGEMAGICK_POLICY_DISK=1GiB
+IMAGEMAGICK_POLICY_TEMPORARY_PATH=/tmp
diff --git a/docker-compose.yml b/docker-compose.yml
index 605538354e..1f9c13b271 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -135,7 +135,14 @@ services:
     - LC_CTYPE=C.UTF-8
     - LC_TIME=C.UTF-8
     - LC_NAME=C.UTF-8
-
+    - IMAGEMAGICK_POLICY_VERSION
+    - IMAGEMAGICK_POLICY_WIDTH
+    - IMAGEMAGICK_POLICY_HEIGHT
+    - IMAGEMAGICK_POLICY_MAP
+    - IMAGEMAGICK_POLICY_MEMORY
+    - IMAGEMAGICK_POLICY_AREA
+    - IMAGEMAGICK_POLICY_DISK
+    - IMAGEMAGICK_POLICY_TEMPORARY_PATH
     volumes:
     - ${PHRASEANET_CONFIG_DIR}:/var/alchemy/Phraseanet/config:rw
     - ${PHRASEANET_LOGS_DIR}:/var/alchemy/Phraseanet/logs:rw
diff --git a/docker/phraseanet/worker/entrypoint.sh b/docker/phraseanet/worker/entrypoint.sh
index 763a07d8ba..ac6c6944b7 100755
--- a/docker/phraseanet/worker/entrypoint.sh
+++ b/docker/phraseanet/worker/entrypoint.sh
@@ -15,4 +15,12 @@ if [ ${XDEBUG_ENABLED} == "1" ]; then
     docker-php-ext-enable xdebug
 fi
 
+sed -i "s/domain=\"resource\" name=\"memory\" value=\".*\"/domain=\"resource\" name=\"memory\" value=\"$IMAGEMAGICK_POLICY_MEMORY\"/g" /etc/ImageMagick-6/policy.xml
+sed -i "s/domain=\"resource\" name=\"map\" value=\".*\"/domain=\"resource\" name=\"map\" value=\"$IMAGEMAGICK_POLICY_MAP\"/g" /etc/ImageMagick-6/policy.xml
+sed -i "s/domain=\"resource\" name=\"width\" value=\".*\"/domain=\"resource\" name=\"width\" value=\"$IMAGEMAGICK_POLICY_WIDTH\"/g" /etc/ImageMagick-6/policy.xml
+sed -i "s/domain=\"resource\" name=\"height\" value=\".*\"/domain=\"resource\" name=\"height\" value=\"$IMAGEMAGICK_POLICY_HEIGHT\"/g" /etc/ImageMagick-6/policy.xml
+sed -i "s/domain=\"resource\" name=\"disk\" value=\".*\"/domain=\"resource\" name=\"disk\" value=\"$IMAGEMAGICK_POLICY_DISK\"/g" /etc/ImageMagick-6/policy.xml
+sed -i "s/domain=\"resource\" name=\"area\" value=\".*\"/domain=\"resource\" name=\"area\" value=\"$IMAGEMAGICK_POLICY_AREA\"/g" /etc/ImageMagick-6/policy.xml
+sed -i "s/domain=\"resource\" name=\"temporary-path\" value=\".*\"/domain=\"resource\" name=\"temporary-path\" value=\"\$IMAGEMAGICK_POLICY_TEMPORARY_PATH\"/g" /etc/ImageMagick-6/policy.xml
+
 runuser -u app -- $@