• Welcome to the Chevereto User Community!

    Here, users from all over the world come together to learn, share, and collaborate on everything related to Chevereto. It's a place to exchange ideas, ask questions, and help improve the software.

    Please keep in mind:

    • This community is user-driven. Always be polite and respectful to others.
    • Support development by purchasing a Chevereto license, which also gives you priority support.
    • Go further by joining the Community Subscription for even faster response times and to help sustain this space

Sitemap required for my image hosting site

Sort by date Sort by votes
Laurentiu said:
Hey there, I want to share my solution for those using Chevereto who struggle with image indexing (I created a free sitemap script see here) :
Click to expand...

potential xml injection on your $title?

If any of the data coming from your database contains characters like &, <, >, ", or ', it will break the XML structure here.

escape the url too.
Code: 
$escapedUrl = htmlspecialchars($fileUrl, ENT_XML1, 'UTF-8');
echo "    <loc>$escapedUrl</loc>\n";
echo "      <image:loc>$escapedUrl</image:loc>\n";

Code: 
catch (Exception $e) {
    error_log($e->getMessage());
    http_response_code(500);
    exit;
}
mine is
Code: 
<?php
ini_set('display_errors', 0);
ini_set('log_errors', 1);

header("Content-Type: application/xml; charset=utf-8");

try {
    $pdo = new PDO(
        "mysql:host=$db_host;dbname=$db_name;charset=utf8",
        $db_user,
        $db_pass,
        [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
    );

    echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
    echo '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
          xmlns:image="http://www.google.com/schemas/sitemap-image/1.1">' . "\n";

    $stmt = $pdo->query("SELECT image_id, image_name, image_extension, image_date, image_title 
                         FROM lgpn_images 
                         WHERE image_is_approved = 1 
                         ORDER BY image_id DESC 
                         LIMIT 4000");

    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
        $folderPath = date("Y/m/d/", strtotime($row['image_date']));
        $fileUrl = "https://YOURWEBSITE.COM/images/$folderPath{$row['image_name']}.{$row['image_extension']}";

        $escapedUrl = htmlspecialchars($fileUrl, ENT_XML1, 'UTF-8');
        $title = htmlspecialchars($row['image_title'] ?: $row['image_name'], ENT_XML1, 'UTF-8');

        echo "  <url>\n";
        echo "    <loc>$escapedUrl</loc>\n";
        echo "    <image:image>\n";
        echo "      <image:loc>$escapedUrl</image:loc>\n";
        echo "      <image:title>$title</image:title>\n";
        echo "    </image:image>\n";
        echo "  </url>\n";
    }

    echo '</urlset>';

} catch (Exception $e) {
    error_log($e->getMessage());
    http_response_code(500);
}

I did add HTTP_ACCEPT_ENCODING gzip to mine with paginated sitemap_1.xml etc but thankfully under the 50K still i did consider DOMDocument but not got around to it yet.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top