Download the PHP package arakne/swf without Composer

On this page you can find all versions of the php package arakne/swf. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of arakne/swf

Informations about the package swf

Arakne SWF - Parse and extract SWF files in PHP

Build Packagist codecov

Library to parse SWF tags and extract resources like sprites, images, etc. in pure PHP, without any external dependencies. Its goal is to simplify processing of multiple SWF files using a script file.

It renders shapes and sprites in SVG format, and can export images in JPEG or PNG format. It also implements a simple AVM interpreter to extract ActionScript 2 variables.

Use a CLI application

This project can be used as a simple CLI application, if you simply want to extract resources from a SWF file. You can use the bin/swf-extract command to do so.

Installation & show help

PHP 8.4 or higher is required. Composer is not required, but it's recommended if you want to use PHP scripts.

It may also require some PHP extensions, depending on the features you want to use:

[!NOTE] On some systems, the Imagick extension does not support well the SVG format, so the conversion may result in a weird image. In this case, try to install rsvg-convert command (package librsvg2-bin on Debian/Ubuntu, librsvg2-tools on Fedora) or inkscape. Inkscape is slower than rsvg, but may produce better results.

Usage

Here some examples of how to use the CLI application. To get the full list of options, run bin/swf-extract --help.

Use as a library

To perform more complex operations, you can use the library as a PHP library.

Installation & basic usage

First you need to install the library using Composer:

Then you can use the library in your PHP scripts:

Extract resources

You can use this library to render shapes and sprites in SVG format, and to export images in JPEG or PNG format. To do this, you can use the class Arakne\Swf\Extractor\SwfExtractor.

If you want a custom rendering format, you can implement Arakne\Swf\Extractor\Drawer\DrawerInterface and pass it to the method draw() of the character.

Render as raster image or animated image

You can also render sprites and shapes as raster images, and animations as animated images (GIF, WebP). The conversion from vector to raster image is done using the Arakne\Swf\Extractor\Drawer\Converter\Converter class.

[!NOTE] It internally uses Imagick to convert SVG to raster images, so you need to have the Imagick extension installed.

Extract ActionScript 2 variables & AVM interpreter

This library implements a simple AVM interpreter, which can be used to interpret variable declarations in ActionScript 2, and extract the variables from the SWF file.

By default, the interpreter will disable all function and object calls to avoid security issues. But you can enable them by settings some options to the interpreter.

Process SWF tags

You can also perform low level operations by extracting the tags from the SWF file.

Security & error handling

Checking file validity

If you want to open untrusted SWF files, you should always check if the file is valid before processing it. You can do this by calling the valid() method on the SwfFile instance. This method takes the maximum expected size of the uncompressed SWF file as an optional parameter, and will return false if the file has invalid header, or if the length of the file is greater than the expected size.

[!NOTE] The valid() method does not check the content of the SWF file, it only checks the header and the length of the file. The content of the SWF file is checked during the parsing process, so it's validity is guaranteed by strict error handling.

Parsing

The library provides a way to fine tune the error handling, which let you choose between strict error handling which will detect any invalid data, but may reject valid files, or a more permissive error handling which will try to recover from errors, but may produce unexpected results and security issues.

To configure the error handling, simply pass desired error flags to the second parameter of the SwfFile constructor. Error flags are defined in the Arakne\Swf\Error\Errors class, and you can combine them using bitwise OR operator (|).

If an error occurs, and it's not ignored, the library will throw an exception of type Arakne\Swf\Error\SwfExceptionInterface.

Here the description and recommandations for each error flag:

Error flag Description Recommandation
Errors::NONE All errors will be silently ignored, and fallback values will be used. Use only if you are in sandboxed environment, may produce unexpected results and security issues like DOS.
Errors::ALL All errors will be thrown as exceptions. This is the strictest error handling. Useful if you do not trust the origin of SWF files. Don't forget to catch exception when processing the file.
Errors::OUT_OF_BOUNDS If disabled, ignore when a tag is truncated, and the parser try to read beyond the end of the tag or SWF file. The parser will return null value instead. It's really advised to not disable this error, as it may lead to unexpected results and DOS.
Errors::INVALID_DATA If disabled, ignore when the parser detects invalid data in the SWF file, like invalid ids, or incoherent data. The parser will keep the value and continue the parsing. Disable this flag only if you want to recover corrupted or truncated SWF files. It's not recommended to disable this flag when parsing untrusted files.
Errors::EXTRA_DATA Detects when a tag contains extra data after the end of the tag. If disabled, the parser will ignore the extra data and continue parsing. This flag can be safely disabled, as it cannot lead to unexpected results.
Errors::UNKOWN_TAG Raise an error when the parser encounters an unknown tag. If disabled, UnknownTag will be returned. Disable this flag if you want to parse raw tags and keep the data. Do not lead to unexpected results nor security issues.
Errors::INVALID_TAG If disabled, ignore tags that raise an error when parsing. If enabled, parsing errors will be rethrown. Disable this flag is the safest way to provide a fail-safe parsing, but do not allow parsing highly corrupted or truncated SWF files.
Errors::CIRCULAR_REFERENCE If disabled, circular references on display list will be ignored, and replaced by an empty display list. It's not recommended to disable this flag, as it will always result to invalid display. Enable only if your goal is to get a very lenient renderer.
Errors::UNPROCESSABLE_DATA If disabled, ignore when the parser encounters data that cannot be processed, like invalid character reference or placement tag. The parser will skip the instruction instead. This flag can be safely disabled, invalid data will simply ignored or replaced by empty elements.

Common flags to use are:

Rendering

Rendering to SVG is mostly safe, as SVG is a vector format and does not execute any code. However, rendering to raster images (PNG, JPEG, GIF, WebP) may lead to security issues, as it uses the Imagick extension to convert SVG to raster images, which is known to have some security issues.

So, if you want to render untrusted SWF files, it's recommended to only render as SVG, and not raster images.

AVM interpreter

It's not recommended to use the AVM interpreter on untrusted SWF files, as it may lead to security issues. But if you want to use it, you can disable all function and object calls by setting the allowFunctionCall to false when creating the Processor instance. This will prevent the interpreter from executing any code, and only extract constants variables.

Found a security issue?

If you found a security issue, unexpected behavior, infinite loop or any other issue, please report it on the GitHub issues. Even with Errors::NONE the parsing should safely complete, but the output may be unexpected.

License and credit

This library is shared under the LGPLv3 license.

Thanks to

All versions of swf with dependencies

PHP Build Version
Package Version
Requires php-64bit Version ~8.4
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package arakne/swf contains the following files

Loading the files please wait ....