Menu
▾
▴
[xoops-svn] SF.net SVN: xoops-svn:[12722] XoopsCore/branches/2.5.x/2.5.8/htdocs/modules /system/class/thumbs
|
From: <be...@us...> - 2014-07-22 12:18:21
|
Revision: 12722
http://sourceforge.net/p/xoops/svn/12722
Author: beckmi
Date: 2014-07-22 12:18:06 +0000 (Tue, 22 Jul 2014)
Log Message:
-----------
Updating phpThumb to latest version
Modified Paths:
--------------
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpThumb.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.bmp.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.class.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.filters.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.functions.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.gif.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.ico.php
XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.unsharp.php
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpThumb.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpThumb.php 2014-07-20 20:29:24 UTC (rev 12721)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpThumb.php 2014-07-22 12:18:06 UTC (rev 12722)
@@ -1,7 +1,8 @@
<?php
//////////////////////////////////////////////////////////////
-/// phpThumb() by James Heinrich <in...@si...> //
-// available at http://phpthumb.sourceforge.net ///
+// phpThumb() by James Heinrich <in...@si...> //
+// available at http://phpthumb.sourceforge.net //
+// and/or https://github.com/JamesHeinrich/phpThumb //
//////////////////////////////////////////////////////////////
/// //
// See: phpthumb.changelog.txt for recent changes //
@@ -13,334 +14,340 @@
ini_set('display_errors', '1');
ini_set('magic_quotes_runtime', '0');
if (ini_get('magic_quotes_runtime')) {
- die('"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
+ die('"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
}
-$starttime = array_sum(explode(' ', microtime()));
+$starttime = array_sum(explode(' ', microtime())); // could be called as microtime(true) for PHP 5.0.0+
// this script relies on the superglobal arrays, fake it here for old PHP versions
if (phpversion() < '4.1.0') {
- $_SERVER = $HTTP_SERVER_VARS;
- $_GET = $HTTP_GET_VARS;
+ $_SERVER = $HTTP_SERVER_VARS;
+ $_GET = $HTTP_GET_VARS;
}
-function SendSaveAsFileHeaderIfNeeded()
-{
- if (headers_sent()) {
- return false;
- }
- global $phpThumb;
- $downloadfilename = phpthumb_functions::SanitizeFilename(@$_GET['sia'] ? $_GET['sia'] : (@$_GET['down'] ? $_GET['down'] : 'phpThumb_generated_thumbnail'.(@$_GET['f'] ? $_GET['f'] : 'jpg')));
- if (@$downloadfilename) {
- $phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
- header('Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"');
- }
-
- return true;
+function SendSaveAsFileHeaderIfNeeded() {
+ if (headers_sent()) {
+ return false;
+ }
+ global $phpThumb;
+ $downloadfilename = phpthumb_functions::SanitizeFilename(!empty($_GET['sia']) ? $_GET['sia'] : (!empty($_GET['down']) ? $_GET['down'] : 'phpThumb_generated_thumbnail'.(!empty($_GET['f']) ? $_GET['f'] : 'jpg')));
+ if (!empty($downloadfilename)) {
+ $phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(!empty($_GET['down']) ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
+ header('Content-Disposition: '.(!empty($_GET['down']) ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"');
+ }
+ return true;
}
-function PasswordStrength($password)
-{
- $strength = 0;
- $strength += strlen(preg_replace('#[^a-z]#', '', $password)) * 0.5; // lowercase characters are weak
- $strength += strlen(preg_replace('#[^A-Z]#', '', $password)) * 0.8; // uppercase characters are somewhat better
- $strength += strlen(preg_replace('#[^0-9]#', '', $password)) * 1.0; // numbers are somewhat better
- $strength += strlen(preg_replace('#[a-zA-Z0-9]#', '', $password)) * 2.0; // other non-alphanumeric characters are best
-
- return $strength;
+function PasswordStrength($password) {
+ $strength = 0;
+ $strength += strlen(preg_replace('#[^a-z]#', '', $password)) * 0.5; // lowercase characters are weak
+ $strength += strlen(preg_replace('#[^A-Z]#', '', $password)) * 0.8; // uppercase characters are somewhat better
+ $strength += strlen(preg_replace('#[^0-9]#', '', $password)) * 1.0; // numbers are somewhat better
+ $strength += strlen(preg_replace('#[a-zA-Z0-9]#', '', $password)) * 2.0; // other non-alphanumeric characters are best
+ return $strength;
}
-function RedirectToCachedFile()
-{
- global $phpThumb, $PHPTHUMB_CONFIG;
+function RedirectToCachedFile() {
+ global $phpThumb;
- $nice_cachefile = str_replace(DIRECTORY_SEPARATOR, '/', $phpThumb->cache_filename);
- $nice_docroot = str_replace(DIRECTORY_SEPARATOR, '/', rtrim($PHPTHUMB_CONFIG['document_root'], '/\\'));
+ $nice_cachefile = str_replace(DIRECTORY_SEPARATOR, '/', $phpThumb->cache_filename);
+ $nice_docroot = str_replace(DIRECTORY_SEPARATOR, '/', rtrim($phpThumb->config_document_root, '/\\'));
- $parsed_url = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
+ $parsed_url = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
- $nModified = filemtime($phpThumb->cache_filename);
+ $nModified = filemtime($phpThumb->cache_filename);
- if ($phpThumb->config_nooffsitelink_enabled && @$_SERVER['HTTP_REFERER'] && !in_array(@$parsed_url['host'], $phpThumb->config_nooffsitelink_valid_domains)) {
+ if ($phpThumb->config_nooffsitelink_enabled && !empty($_SERVER['HTTP_REFERER']) && !in_array(@$parsed_url['host'], $phpThumb->config_nooffsitelink_valid_domains)) {
- $phpThumb->DebugMessage('Would have used cached (image/'.$phpThumb->thumbnailFormat.') file "'.$phpThumb->cache_filename.'" (Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT), but skipping because $_SERVER[HTTP_REFERER] ('.@$_SERVER['HTTP_REFERER'].') is not in $phpThumb->config_nooffsitelink_valid_domains ('.implode(';', $phpThumb->config_nooffsitelink_valid_domains).')', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('Would have used cached (image/'.$phpThumb->thumbnailFormat.') file "'.$phpThumb->cache_filename.'" (Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT), but skipping because $_SERVER[HTTP_REFERER] ('.@$_SERVER['HTTP_REFERER'].') is not in $phpThumb->config_nooffsitelink_valid_domains ('.implode(';', $phpThumb->config_nooffsitelink_valid_domains).')', __FILE__, __LINE__);
- } elseif ($phpThumb->phpThumbDebug) {
+ } elseif ($phpThumb->phpThumbDebug) {
- $phpThumb->DebugTimingMessage('skipped using cached image', __FILE__, __LINE__);
- $phpThumb->DebugMessage('Would have used cached file, but skipping due to phpThumbDebug', __FILE__, __LINE__);
- $phpThumb->DebugMessage('* Would have sent headers (1): Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT', __FILE__, __LINE__);
- if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
- $phpThumb->DebugMessage('* Would have sent headers (2): Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]), __FILE__, __LINE__);
- }
- if (preg_match('#^'.preg_quote($nice_docroot).'(.*)$#', $nice_cachefile, $matches)) {
- $phpThumb->DebugMessage('* Would have sent headers (3): Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])), __FILE__, __LINE__);
- } else {
- $phpThumb->DebugMessage('* Would have sent data: readfile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
- }
+ $phpThumb->DebugTimingMessage('skipped using cached image', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('Would have used cached file, but skipping due to phpThumbDebug', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('* Would have sent headers (1): Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT', __FILE__, __LINE__);
+ if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
+ $phpThumb->DebugMessage('* Would have sent headers (2): Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]), __FILE__, __LINE__);
+ }
+ if (preg_match('#^'.preg_quote($nice_docroot).'(.*)$#', $nice_cachefile, $matches)) {
+ $phpThumb->DebugMessage('* Would have sent headers (3): Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])), __FILE__, __LINE__);
+ } else {
+ $phpThumb->DebugMessage('* Would have sent data: readfile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
+ }
- } else {
+ } else {
- if (headers_sent()) {
- $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
- exit;
- }
- SendSaveAsFileHeaderIfNeeded();
+ if (headers_sent()) {
+ $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
+ exit;
+ }
+ SendSaveAsFileHeaderIfNeeded();
- header('Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT');
- if (@$_SERVER['HTTP_IF_MODIFIED_SINCE'] && ($nModified == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) && @$_SERVER['SERVER_PROTOCOL']) {
- header($_SERVER['SERVER_PROTOCOL'].' 304 Not Modified');
- exit;
- }
+ header('Cache-Control: private');
+ header('Pragma: private');
+ header('Expires: '.date(DATE_RFC822, strtotime(' 1 day')));
+ if (!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) && ($nModified == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) && !empty($_SERVER['SERVER_PROTOCOL'])) {
+ header('Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT', true, 304);
+ exit;
+ }
+ if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
+ header('Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]));
+ } elseif (preg_match('#\\.ico$#i', $phpThumb->cache_filename)) {
+ header('Content-Type: image/x-icon');
+ }
+ header('Content-Length: '.filesize($phpThumb->cache_filename));
+ if (empty($phpThumb->config_cache_force_passthru) && preg_match('#^'.preg_quote($nice_docroot).'(.*)$#', $nice_cachefile, $matches)) {
+ header('Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])));
+ } else {
+ @readfile($phpThumb->cache_filename);
+ }
+ exit;
- if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
- header('Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]));
- } elseif (preg_match('#\\.ico$#i', $phpThumb->cache_filename)) {
- header('Content-Type: image/x-icon');
- }
- if (!@$PHPTHUMB_CONFIG['cache_force_passthru'] && preg_match('#^'.preg_quote($nice_docroot).'(.*)$#', $nice_cachefile, $matches)) {
- header('Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])));
- } else {
- @readfile($phpThumb->cache_filename);
- }
- exit;
+ }
+ return true;
+}
- }
- return true;
-}
// instantiate a new phpThumb() object
ob_start();
-if (!include_once(__DIR__.'/phpthumb.class.php')) {
- ob_end_flush();
- die('failed to include_once("'.realpath(__DIR__.'/phpthumb.class.php').'")');
+if (!include_once(dirname(__FILE__).'/phpthumb.class.php')) {
+ ob_end_flush();
+ die('failed to include_once("'.realpath(dirname(__FILE__).'/phpthumb.class.php').'")');
}
ob_end_clean();
-
$phpThumb = new phpThumb();
$phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
$phpThumb->SetParameter('config_error_die_on_error', true);
if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
- set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
+ set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
}
// phpThumbDebug[0] used to be here, but may reveal too much
// info when high_security_mode should be enabled (not set yet)
-if (file_exists(__DIR__.'/phpThumb.config.php')) {
- ob_start();
- if (include_once(__DIR__.'/phpThumb.config.php')) {
- // great
- } else {
- ob_end_flush();
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('failed to include_once('.__DIR__.'/phpThumb.config.php) - realpath="'.realpath(__DIR__.'/phpThumb.config.php').'"');
- }
- ob_end_clean();
-} elseif (file_exists(__DIR__.'/phpThumb.config.php.default')) {
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
+if (file_exists(dirname(__FILE__).'/phpThumb.config.php')) {
+ ob_start();
+ if (include_once(dirname(__FILE__).'/phpThumb.config.php')) {
+ // great
+ } else {
+ ob_end_flush();
+ $phpThumb->config_disable_debug = false; // otherwise error message won't print
+ $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
+ }
+ ob_end_clean();
+} elseif (file_exists(dirname(__FILE__).'/phpThumb.config.php.default')) {
+ $phpThumb->config_disable_debug = false; // otherwise error message won't print
+ $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('failed to include_once('.__DIR__.'/phpThumb.config.php) - realpath="'.realpath(__DIR__.'/phpThumb.config.php').'"');
+ $phpThumb->config_disable_debug = false; // otherwise error message won't print
+ $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
}
-if (empty($PHPTHUMB_CONFIG['disable_pathinfo_parsing']) && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
- $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
+if (!empty($PHPTHUMB_CONFIG)) {
+ foreach ($PHPTHUMB_CONFIG as $key => $value) {
+ $keyname = 'config_'.$key;
+ $phpThumb->setParameter($keyname, $value);
+ if (!preg_match('#(password|mysql)#i', $key)) {
+ $phpThumb->DebugMessage('setParameter('.$keyname.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
+ }
+ }
+ if (!$phpThumb->config_disable_debug) {
+ // if debug mode is enabled, force phpThumbDebug output, do not allow normal thumbnails to be generated
+ $_GET['phpThumbDebug'] = (!empty($_GET['phpThumbDebug']) ? max(1, intval($_GET['phpThumbDebug'])) : 9);
+ $phpThumb->setParameter('phpThumbDebug', $_GET['phpThumbDebug']);
+ }
+} else {
+ $phpThumb->DebugMessage('$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
+}
- $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
- $phpThumb->DebugMessage('PATH_INFO.$args set to ('.implode(')(', $args).')', __FILE__, __LINE__);
- if (!empty($args)) {
- $_GET['src'] = @$args[count($args) - 1];
- $phpThumb->DebugMessage('PATH_INFO."src" = "'.$_GET['src'].'"', __FILE__, __LINE__);
- if (preg_match('#^new\=([a-z0-9]+)#i', $_GET['src'], $matches)) {
- unset($_GET['src']);
- $_GET['new'] = $matches[1];
- }
- }
- if (preg_match('#^([0-9]*)x?([0-9]*)$#i', @$args[count($args) - 2], $matches)) {
- $_GET['w'] = $matches[1];
- $_GET['h'] = $matches[2];
- $phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "'.$_GET['w'].'"x"'.$_GET['h'].'"', __FILE__, __LINE__);
- }
- for ($i = 0; $i < count($args) - 2; $i++) {
- @list($key, $value) = explode('=', @$args[$i]);
- if (substr($key, -2) == '[]') {
- $array_key_name = substr($key, 0, -2);
- $_GET[$array_key_name][] = $value;
- $phpThumb->DebugMessage('PATH_INFO."'.$array_key_name.'[]" = "'.$value.'"', __FILE__, __LINE__);
- } else {
- $_GET[$key] = $value;
- $phpThumb->DebugMessage('PATH_INFO."'.$key.'" = "'.$value.'"', __FILE__, __LINE__);
- }
- }
+if (empty($phpThumb->config_disable_pathinfo_parsing) && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
+ $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
+
+ $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
+ $phpThumb->DebugMessage('PATH_INFO.$args set to ('.implode(')(', $args).')', __FILE__, __LINE__);
+ if (!empty($args)) {
+ $_GET['src'] = @$args[count($args) - 1];
+ $phpThumb->DebugMessage('PATH_INFO."src" = "'.$_GET['src'].'"', __FILE__, __LINE__);
+ if (preg_match('#^new\=([a-z0-9]+)#i', $_GET['src'], $matches)) {
+ unset($_GET['src']);
+ $_GET['new'] = $matches[1];
+ }
+ }
+ if (preg_match('#^([0-9]*)x?([0-9]*)$#i', @$args[count($args) - 2], $matches)) {
+ $_GET['w'] = $matches[1];
+ $_GET['h'] = $matches[2];
+ $phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "'.$_GET['w'].'"x"'.$_GET['h'].'"', __FILE__, __LINE__);
+ }
+ for ($i = 0; $i < count($args) - 2; $i++) {
+ @list($key, $value) = explode('=', @$args[$i]);
+ if (substr($key, -2) == '[]') {
+ $array_key_name = substr($key, 0, -2);
+ $_GET[$array_key_name][] = $value;
+ $phpThumb->DebugMessage('PATH_INFO."'.$array_key_name.'[]" = "'.$value.'"', __FILE__, __LINE__);
+ } else {
+ $_GET[$key] = $value;
+ $phpThumb->DebugMessage('PATH_INFO."'.$key.'" = "'.$value.'"', __FILE__, __LINE__);
+ }
+ }
}
-if (!empty($PHPTHUMB_CONFIG['high_security_enabled'])) {
- if (empty($_GET['hash'])) {
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('ERROR: missing hash');
- } elseif (PasswordStrength($PHPTHUMB_CONFIG['high_security_password']) < 20) {
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
- } elseif ($_GET['hash'] != md5(str_replace('&hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$PHPTHUMB_CONFIG['high_security_password'])) {
- sleep(10); // deliberate delay to discourage password-guessing
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('ERROR: invalid hash');
- }
+if (!empty($phpThumb->config_high_security_enabled)) {
+ if (empty($_GET['hash'])) {
+ $phpThumb->config_disable_debug = false; // otherwise error message won't print
+ $phpThumb->ErrorImage('ERROR: missing hash');
+ } elseif (PasswordStrength($phpThumb->config_high_security_password) < 20) {
+ $phpThumb->config_disable_debug = false; // otherwise error message won't print
+ $phpThumb->ErrorImage('ERROR: $PHPTHUMB_CONFIG[high_security_password] is not complex enough');
+ } elseif ($_GET['hash'] != md5(str_replace($phpThumb->config_high_security_url_separator.'hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$phpThumb->config_high_security_password)) {
+ header('HTTP/1.0 403 Forbidden');
+ sleep(10); // deliberate delay to discourage password-guessing
+ $phpThumb->ErrorImage('ERROR: invalid hash');
+ }
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '0')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
// returned the fixed string if the evil "magic_quotes_gpc" setting is on
if (get_magic_quotes_gpc()) {
- // deprecated: 'err', 'file', 'goto',
- $RequestVarsToStripSlashes = array('src', 'wmf', 'down');
- foreach ($RequestVarsToStripSlashes as $key) {
- if (isset($_GET[$key])) {
- if (is_string($_GET[$key])) {
- $_GET[$key] = stripslashes($_GET[$key]);
- } else {
- unset($_GET[$key]);
- }
- }
- }
+ // deprecated: 'err', 'file', 'goto',
+ $RequestVarsToStripSlashes = array('src', 'wmf', 'down');
+ foreach ($RequestVarsToStripSlashes as $key) {
+ if (isset($_GET[$key])) {
+ if (is_string($_GET[$key])) {
+ $_GET[$key] = stripslashes($_GET[$key]);
+ } else {
+ unset($_GET[$key]);
+ }
+ }
+ }
}
if (empty($_SERVER['PATH_INFO']) && empty($_SERVER['QUERY_STRING'])) {
- $phpThumb->config_disable_debug = false; // otherwise error message won't print
- $phpThumb->ErrorImage('ERROR: no parameters specified');
+ $phpThumb->config_disable_debug = false; // otherwise error message won't print
+ $phpThumb->ErrorImage('ERROR: no parameters specified');
}
-if (@$_GET['src'] && isset($_GET['md5s']) && empty($_GET['md5s'])) {
- if (preg_match('#^(f|ht)tps?://#i', $_GET['src'])) {
- if ($rawImageData = phpthumb_functions::SafeURLread($_GET['src'], $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
- $md5s = md5($rawImageData);
- }
- } else {
- $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_GET['src']);
- if (is_readable($SourceFilename)) {
- $md5s = phpthumb_functions::md5_file_safe($SourceFilename);
- } else {
- $phpThumb->ErrorImage('ERROR: "'.$SourceFilename.'" cannot be read');
- }
- }
- if (@$_SERVER['HTTP_REFERER']) {
- $phpThumb->ErrorImage('&md5s='.$md5s);
- } else {
- die('&md5s='.$md5s);
- }
+if (!empty($_GET['src']) && isset($_GET['md5s']) && empty($_GET['md5s'])) {
+ if (preg_match('#^([a-z0-9]+)://#i', $_GET['src'], $protocol_matches)) {
+ if (preg_match('#^(f|ht)tps?://#i', $_GET['src'])) {
+ if ($rawImageData = phpthumb_functions::SafeURLread($_GET['src'], $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
+ $md5s = md5($rawImageData);
+ }
+ } else {
+ $phpThumb->ErrorImage('only FTP and HTTP/HTTPS protocols are allowed, "'.$protocol_matches[1].'" is not');
+ }
+ } else {
+ $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_GET['src']);
+ if (is_readable($SourceFilename)) {
+ $md5s = phpthumb_functions::md5_file_safe($SourceFilename);
+ } else {
+ $phpThumb->ErrorImage('ERROR: "'.$SourceFilename.'" cannot be read');
+ }
+ }
+ if (!empty($_SERVER['HTTP_REFERER'])) {
+ $phpThumb->ErrorImage('&md5s='.$md5s);
+ } else {
+ die('&md5s='.$md5s);
+ }
}
-if (!empty($PHPTHUMB_CONFIG)) {
- foreach ($PHPTHUMB_CONFIG as $key => $value) {
- $keyname = 'config_'.$key;
- $phpThumb->setParameter($keyname, $value);
- if (!preg_match('#(password|mysql)#i', $key)) {
- $phpThumb->DebugMessage('setParameter('.$keyname.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
- }
- }
-} else {
- $phpThumb->DebugMessage('$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
+if (!empty($_GET['src']) && empty($phpThumb->config_allow_local_http_src) && preg_match('#^http://'.@$_SERVER['HTTP_HOST'].'(.+)#i', $_GET['src'], $matches)) {
+ $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
}
-if (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && preg_match('#^http://'.@$_SERVER['HTTP_HOST'].'(.+)#i', @$_GET['src'], $matches)) {
- $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
-}
-
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[1]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '1')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
$parsed_url_referer = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) {
- $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and '.(@$parsed_url_referer['host'] ? '"'.$parsed_url_referer['host'].'" is not an allowed referer' : 'no HTTP_REFERER exists'));
+ $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and '.(@$parsed_url_referer['host'] ? '"'.$parsed_url_referer['host'].'" is not an allowed referer' : 'no HTTP_REFERER exists'));
}
$parsed_url_src = phpthumb_functions::ParseURLbetter(@$_GET['src']);
if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && preg_match('#^(f|ht)tps?://#i', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
- $phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
+ $phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
}
if ($phpThumb->config_mysql_query) {
- if ($cid = @mysql_connect($phpThumb->config_mysql_hostname, $phpThumb->config_mysql_username, $phpThumb->config_mysql_password)) {
- if (@mysql_select_db($phpThumb->config_mysql_database, $cid)) {
- if ($result = @mysql_query($phpThumb->config_mysql_query, $cid)) {
- if ($row = @mysql_fetch_array($result)) {
+ if ($cid = @mysql_connect($phpThumb->config_mysql_hostname, $phpThumb->config_mysql_username, $phpThumb->config_mysql_password)) {
+ if (@mysql_select_db($phpThumb->config_mysql_database, $cid)) {
+ if ($result = @mysql_query($phpThumb->config_mysql_query, $cid)) {
+ if ($row = @mysql_fetch_array($result)) {
- mysql_free_result($result);
- mysql_close($cid);
- $phpThumb->setSourceData($row[0]);
- unset($row);
+ mysql_free_result($result);
+ mysql_close($cid);
+ $phpThumb->setSourceData($row[0]);
+ unset($row);
- } else {
- mysql_free_result($result);
- mysql_close($cid);
- $phpThumb->ErrorImage('no matching data in database.');
- }
- } else {
- mysql_close($cid);
- $phpThumb->ErrorImage('Error in MySQL query: "'.mysql_error($cid).'"');
- }
- } else {
- mysql_close($cid);
- $phpThumb->ErrorImage('cannot select MySQL database: "'.mysql_error($cid).'"');
- }
- } else {
- $phpThumb->ErrorImage('cannot connect to MySQL server');
- }
- unset($_GET['id']);
+ } else {
+ mysql_free_result($result);
+ mysql_close($cid);
+ $phpThumb->ErrorImage('no matching data in database.');
+ }
+ } else {
+ mysql_close($cid);
+ $phpThumb->ErrorImage('Error in MySQL query: "'.mysql_error($cid).'"');
+ }
+ } else {
+ mysql_close($cid);
+ $phpThumb->ErrorImage('cannot select MySQL database: "'.mysql_error($cid).'"');
+ }
+ } else {
+ $phpThumb->ErrorImage('cannot connect to MySQL server');
+ }
+ unset($_GET['id']);
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[2]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '2')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
-$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = (bool) (@$PHPTHUMB_CONFIG['cache_default_only_suffix'] && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false));
+$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = (bool) ($phpThumb->config_cache_default_only_suffix && (strpos($phpThumb->config_cache_default_only_suffix, '*') !== false));
-if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
- $phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
- foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
- if ($PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) {
- $_GET[$key] = $value;
- $phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.$value.') to $_GET['.$key.']', __FILE__, __LINE__);
- }
- }
-}
-
// deprecated: 'err', 'file', 'goto',
$allowedGETparameters = array('src', 'new', 'w', 'h', 'wp', 'hp', 'wl', 'hl', 'ws', 'hs', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash', 'md5s', 'sfn', 'dpi', 'sia', 'nocache');
foreach ($_GET as $key => $value) {
- if (!empty($PHPTHUMB_DEFAULTS_DISABLEGETPARAMS) && ($key != 'src')) {
- // disabled, do not set parameter
- $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
- } elseif (in_array($key, $allowedGETparameters)) {
- $phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
- $phpThumb->setParameter($key, $value);
- } else {
- $phpThumb->ErrorImage('Forbidden parameter: '.$key);
- }
+ if (!empty($PHPTHUMB_DEFAULTS_DISABLEGETPARAMS) && ($key != 'src')) {
+ // disabled, do not set parameter
+ $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
+ } elseif (in_array($key, $allowedGETparameters)) {
+ $phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
+ $phpThumb->setParameter($key, $value);
+ } else {
+ $phpThumb->ErrorImage('Forbidden parameter: '.$key);
+ }
}
+if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
+ $phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
+ foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
+ if (!$PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) { // set parameter to default value if config is set to allow _GET to override default, OR if no value is passed via _GET for this parameter
+ $_GET[$key] = $value;
+ $phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.(is_array($value) ? print_r($value, true) : $value).') to $_GET['.$key.']', __FILE__, __LINE__);
+ }
+ }
+}
+
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[3]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '3')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
@@ -359,216 +366,221 @@
// check to see if file can be output from source with no processing or caching
$CanPassThroughDirectly = true;
if ($phpThumb->rawImageData) {
- // data from SQL, should be fine
+ // data from SQL, should be fine
} elseif (preg_match('#^http\://[^\\?&]+\\.(jpe?g|gif|png)$#i', $phpThumb->src)) {
- // assume is ok to passthru if no other parameters specified
+ // assume is ok to passthru if no other parameters specified
} elseif (preg_match('#^(f|ht)tp\://#i', $phpThumb->src)) {
- $phpThumb->DebugMessage('$CanPassThroughDirectly=false because preg_match("#^(f|ht)tp\://#i", '.$phpThumb->src.')', __FILE__, __LINE__);
- $CanPassThroughDirectly = false;
+ $phpThumb->DebugMessage('$CanPassThroughDirectly=false because preg_match("#^(f|ht)tp\://#i", '.$phpThumb->src.')', __FILE__, __LINE__);
+ $CanPassThroughDirectly = false;
} elseif (!@is_readable($phpThumb->sourceFilename)) {
- $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_readable('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
- $CanPassThroughDirectly = false;
+ $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_readable('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
+ $CanPassThroughDirectly = false;
} elseif (!@is_file($phpThumb->sourceFilename)) {
- $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_file('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
- $CanPassThroughDirectly = false;
+ $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_file('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
+ $CanPassThroughDirectly = false;
}
foreach ($_GET as $key => $value) {
- switch ($key) {
- case 'src':
- // allowed
- break;
+ switch ($key) {
+ case 'src':
+ // allowed
+ break;
- case 'w':
- case 'h':
- // might be OK if exactly matches original
- if (preg_match('#^http\://[^\\?&]+\\.(jpe?g|gif|png)$#i', $phpThumb->src)) {
- // assume it is not ok for direct-passthru of remote image
- $CanPassThroughDirectly = false;
- }
- break;
+ case 'w':
+ case 'h':
+ // might be OK if exactly matches original
+ if (preg_match('#^http\://[^\\?&]+\\.(jpe?g|gif|png)$#i', $phpThumb->src)) {
+ // assume it is not ok for direct-passthru of remote image
+ $CanPassThroughDirectly = false;
+ }
+ break;
- case 'phpThumbDebug':
- // handled in direct-passthru code
- break;
+ case 'phpThumbDebug':
+ // handled in direct-passthru code
+ break;
- default:
- // all other parameters will cause some processing,
- // therefore cannot pass through original image unmodified
- $CanPassThroughDirectly = false;
- $UnAllowedGET[] = $key;
- break;
- }
+ default:
+ // all other parameters will cause some processing,
+ // therefore cannot pass through original image unmodified
+ $CanPassThroughDirectly = false;
+ $UnAllowedGET[] = $key;
+ break;
+ }
}
if (!empty($UnAllowedGET)) {
- $phpThumb->DebugMessage('$CanPassThroughDirectly=false because $_GET['.implode(';', array_unique($UnAllowedGET)).'] are set', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('$CanPassThroughDirectly=false because $_GET['.implode(';', array_unique($UnAllowedGET)).'] are set', __FILE__, __LINE__);
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[4]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '4')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
$phpThumb->DebugMessage('$CanPassThroughDirectly="'.intval($CanPassThroughDirectly).'" && $phpThumb->src="'.$phpThumb->src.'"', __FILE__, __LINE__);
while ($CanPassThroughDirectly && $phpThumb->src) {
- // no parameters set, passthru
+ // no parameters set, passthru
- if (preg_match('#^http\://[^\\?&]+\.(jpe?g|gif|png)$#i', $phpThumb->src)) {
- $phpThumb->DebugMessage('Passing HTTP source through directly as Location: redirect ('.$phpThumb->src.')', __FILE__, __LINE__);
- header('Location: '.$phpThumb->src);
- exit;
- }
+ if (preg_match('#^http\://[^\\?&]+\.(jpe?g|gif|png)$#i', $phpThumb->src)) {
+ $phpThumb->DebugMessage('Passing HTTP source through directly as Location: redirect ('.$phpThumb->src.')', __FILE__, __LINE__);
+ header('Location: '.$phpThumb->src);
+ exit;
+ }
- $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
+ $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
- // security and size checks
- if ($phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
- $phpThumb->DebugMessage('Direct passthru GetImageSize() returned [w='.$phpThumb->getimagesizeinfo[0].';h='.$phpThumb->getimagesizeinfo[1].';t='.$phpThumb->getimagesizeinfo[2].']', __FILE__, __LINE__);
+ // security and size checks
+ if ($phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
+ $phpThumb->DebugMessage('Direct passthru GetImageSize() returned [w='.$phpThumb->getimagesizeinfo[0].';h='.$phpThumb->getimagesizeinfo[1].';t='.$phpThumb->getimagesizeinfo[2].']', __FILE__, __LINE__);
- if (!@$_GET['w'] && !@$_GET['wp'] && !@$_GET['wl'] && !@$_GET['ws'] && !@$_GET['h'] && !@$_GET['hp'] && !@$_GET['hl'] && !@$_GET['hs']) {
- // no resizing needed
- $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'")', __FILE__, __LINE__);
- } elseif (($phpThumb->getimagesizeinfo[0] <= @$_GET['w']) && ($phpThumb->getimagesizeinfo[1] <= @$_GET['h']) && ((@$_GET['w'] == $phpThumb->getimagesizeinfo[0]) || (@$_GET['h'] == $phpThumb->getimagesizeinfo[1]))) {
- // image fits into 'w'x'h' box, and at least one dimension matches exactly, therefore no resizing needed
- $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" fits inside "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
- } else {
- $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because resizing required (from "'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" to "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
- break;
- }
- switch ($phpThumb->getimagesizeinfo[2]) {
- case 1: // GIF
- case 2: // JPG
- case 3: // PNG
- // great, let it through
- break;
- default:
- // browser probably can't handle format, remangle it to JPEG/PNG/GIF
- $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because $phpThumb->getimagesizeinfo[2] = "'.$phpThumb->getimagesizeinfo[2].'"', __FILE__, __LINE__);
- break 2;
- }
+ if (!@$_GET['w'] && !@$_GET['wp'] && !@$_GET['wl'] && !@$_GET['ws'] && !@$_GET['h'] && !@$_GET['hp'] && !@$_GET['hl'] && !@$_GET['hs']) {
+ // no resizing needed
+ $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'")', __FILE__, __LINE__);
+ } elseif (($phpThumb->getimagesizeinfo[0] <= @$_GET['w']) && ($phpThumb->getimagesizeinfo[1] <= @$_GET['h']) && ((@$_GET['w'] == $phpThumb->getimagesizeinfo[0]) || (@$_GET['h'] == $phpThumb->getimagesizeinfo[1]))) {
+ // image fits into 'w'x'h' box, and at least one dimension matches exactly, therefore no resizing needed
+ $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" fits inside "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
+ } else {
+ $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because resizing required (from "'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" to "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
+ break;
+ }
+ switch ($phpThumb->getimagesizeinfo[2]) {
+ case 1: // GIF
+ case 2: // JPG
+ case 3: // PNG
+ // great, let it through
+ break;
+ default:
+ // browser probably can't handle format, remangle it to JPEG/PNG/GIF
+ $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because $phpThumb->getimagesizeinfo[2] = "'.$phpThumb->getimagesizeinfo[2].'"', __FILE__, __LINE__);
+ break 2;
+ }
- $ImageCreateFunctions = array(1=>'ImageCreateFromGIF', 2=>'ImageCreateFromJPEG', 3=>'ImageCreateFromPNG');
- $theImageCreateFunction = @$ImageCreateFunctions[$phpThumb->getimagesizeinfo[2]];
- if ($phpThumb->config_disable_onlycreateable_passthru || (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
+ $ImageCreateFunctions = array(1=>'ImageCreateFromGIF', 2=>'ImageCreateFromJPEG', 3=>'ImageCreateFromPNG');
+ $theImageCreateFunction = @$ImageCreateFunctions[$phpThumb->getimagesizeinfo[2]];
+ if ($phpThumb->config_disable_onlycreateable_passthru || (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
- // great
- if (@is_resource($dummyImage)) {
- unset($dummyImage);
- }
+ // great
+ if (@is_resource($dummyImage)) {
+ unset($dummyImage);
+ }
- if (headers_sent()) {
- $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
- exit;
- }
- if (@$_GET['phpThumbDebug']) {
- $phpThumb->DebugTimingMessage('skipped direct $SourceFilename passthru', __FILE__, __LINE__);
- $phpThumb->DebugMessage('Would have passed "'.$SourceFilename.'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
- break;
- }
+ if (headers_sent()) {
+ $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
+ exit;
+ }
+ if (@$_GET['phpThumbDebug']) {
+ $phpThumb->DebugTimingMessage('skipped direct $SourceFilename passthru', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('Would have passed "'.$SourceFilename.'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
+ break;
+ }
- SendSaveAsFileHeaderIfNeeded();
- header('Last-Modified: '.gmdate('D, d M Y H:i:s', @filemtime($SourceFilename)).' GMT');
- if ($contentType = phpthumb_functions::ImageTypeToMIMEtype(@$phpThumb->getimagesizeinfo[2])) {
- header('Content-Type: '.$contentType);
- }
- @readfile($SourceFilename);
- exit;
+ SendSaveAsFileHeaderIfNeeded();
+ header('Last-Modified: '.gmdate('D, d M Y H:i:s', @filemtime($SourceFilename)).' GMT');
+ if ($contentType = phpthumb_functions::ImageTypeToMIMEtype(@$phpThumb->getimagesizeinfo[2])) {
+ header('Content-Type: '.$contentType);
+ }
+ @readfile($SourceFilename);
+ exit;
- } else {
- $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because ($phpThumb->config_disable_onlycreateable_passthru = "'.$phpThumb->config_disable_onlycreateable_passthru.'") and '.$theImageCreateFunction.'() failed', __FILE__, __LINE__);
- break;
- }
+ } else {
+ $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because ($phpThumb->config_disable_onlycreateable_passthru = "'.$phpThumb->config_disable_onlycreateable_passthru.'") and '.$theImageCreateFunction.'() failed', __FILE__, __LINE__);
+ break;
+ }
- } else {
- $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because GetImageSize() failed', __FILE__, __LINE__);
- break;
- }
- break;
+ } else {
+ $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because GetImageSize() failed', __FILE__, __LINE__);
+ break;
+ }
+ break;
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[5]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '5')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
// check to see if file already exists in cache, and output it with no processing if it does
$phpThumb->SetCacheFilename();
if (@is_readable($phpThumb->cache_filename)) {
- RedirectToCachedFile();
+ RedirectToCachedFile();
} else {
- $phpThumb->DebugMessage('Cached file "'.$phpThumb->cache_filename.'" does not exist, processing as normal', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('Cached file "'.$phpThumb->cache_filename.'" does not exist, processing as normal', __FILE__, __LINE__);
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[6]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '6')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
if ($phpThumb->rawImageData) {
- // great
+ // great
} elseif (!empty($_GET['new'])) {
- // generate a blank image resource of the specified size/background color/opacity
- if (($phpThumb->w <= 0) || ($phpThumb->h <= 0)) {
- $phpThumb->ErrorImage('"w" and "h" parameters required for "new"');
- }
- @list($bghexcolor, $opacity) = explode('|', $_GET['new']);
- if (!phpthumb_functions::IsHexColor($bghexcolor)) {
- $phpThumb->ErrorImage('BGcolor parameter for "new" is not valid');
- }
- $opacity = (strlen($opacity) ? $opacity : 100);
- if ($phpThumb->gdimg_source = phpthumb_functions::ImageCreateFunction($phpThumb->w, $phpThumb->h)) {
- $alpha = (100 - min(100, max(0, $opacity))) * 1.27;
- if ($alpha) {
- $phpThumb->setParameter('is_alpha', true);
- ImageAlphaBlending($phpThumb->gdimg_source, false);
- ImageSaveAlpha($phpThumb->gdimg_source, true);
- }
- $new_background_color = phpthumb_functions::ImageHexColorAllocate($phpThumb->gdimg_source, $bghexcolor, false, $alpha);
- ImageFilledRectangle($phpThumb->gdimg_source, 0, 0, $phpThumb->w, $phpThumb->h, $new_background_color);
- } else {
- $phpThumb->ErrorImage('failed to create "new" image ('.$phpThumb->w.'x'.$phpThumb->h.')');
- }
+ // generate a blank image resource of the specified size/background color/opacity
+ if (($phpThumb->w <= 0) || ($phpThumb->h <= 0)) {
+ $phpThumb->ErrorImage('"w" and "h" parameters required for "new"');
+ }
+ @list($bghexcolor, $opacity) = explode('|', $_GET['new']);
+ if (!phpthumb_functions::IsHexColor($bghexcolor)) {
+ $phpThumb->ErrorImage('BGcolor parameter for "new" is not valid');
+ }
+ $opacity = (strlen($opacity) ? $opacity : 100);
+ if ($phpThumb->gdimg_source = phpthumb_functions::ImageCreateFunction($phpThumb->w, $phpThumb->h)) {
+ $alpha = (100 - min(100, max(0, $opacity))) * 1.27;
+ if ($alpha) {
+ $phpThumb->setParameter('is_alpha', true);
+ ImageAlphaBlending($phpThumb->gdimg_source, false);
+ ImageSaveAlpha($phpThumb->gdimg_source, true);
+ }
+ $new_background_color = phpthumb_functions::ImageHexColorAllocate($phpThumb->gdimg_source, $bghexcolor, false, $alpha);
+ ImageFilledRectangle($phpThumb->gdimg_source, 0, 0, $phpThumb->w, $phpThumb->h, $new_background_color);
+ } else {
+ $phpThumb->ErrorImage('failed to create "new" image ('.$phpThumb->w.'x'.$phpThumb->h.')');
+ }
} elseif (!$phpThumb->src) {
- $phpThumb->ErrorImage('Usage: '.$_SERVER['PHP_SELF'].'?src=/path/and/filename.jpg'."\n".'read Usage comments for details');
+ $phpThumb->ErrorImage('Usage: '.$_SERVER['PHP_SELF'].'?src=/path/and/filename.jpg'."\n".'read Usage comments for details');
-} elseif (preg_match('#^(f|ht)tp\://#i', $phpThumb->src)) {
+} elseif (preg_match('#^([a-z0-9]+)://#i', $_GET['src'], $protocol_matches)) {
- $phpThumb->DebugMessage('$phpThumb->src ('.$phpThumb->src.') is remote image, attempting to download', __FILE__, __LINE__);
- if ($phpThumb->config_http_user_agent) {
- $phpThumb->DebugMessage('Setting "user_agent" to "'.$phpThumb->config_http_user_agent.'"', __FILE__, __LINE__);
- ini_set('user_agent', $phpThumb->config_http_user_agent);
- }
- $cleanedupurl = phpthumb_functions::CleanUpURLencoding($phpThumb->src);
- $phpThumb->DebugMessage('CleanUpURLencoding('.$phpThumb->src.') returned "'.$cleanedupurl.'"', __FILE__, __LINE__);
- $phpThumb->src = $cleanedupurl;
- unset($cleanedupurl);
- if ($rawImageData = phpthumb_functions::SafeURLread($phpThumb->src, $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
- $phpThumb->DebugMessage('SafeURLread('.$phpThumb->src.') succeeded'.($error ? ' with messsages: "'.$error.'"' : ''), __FILE__, __LINE__);
- $phpThumb->DebugMessage('Setting source data from URL "'.$phpThumb->src.'"', __FILE__, __LINE__);
- $phpThumb->setSourceData($rawImageData, urlencode($phpThumb->src));
- } else {
- $phpThumb->ErrorImage($error);
- }
+ if (preg_match('#^(f|ht)tps?://#i', $_GET['src'])) {
+ $phpThumb->DebugMessage('$phpThumb->src ('.$phpThumb->src.') is remote image, attempting to download', __FILE__, __LINE__);
+ if ($phpThumb->config_http_user_agent) {
+ $phpThumb->DebugMessage('Setting "user_agent" to "'.$phpThumb->config_http_user_agent.'"', __FILE__, __LINE__);
+ ini_set('user_agent', $phpThumb->config_http_user_agent);
+ }
+ $cleanedupurl = phpthumb_functions::CleanUpURLencoding($phpThumb->src);
+ $phpThumb->DebugMessage('CleanUpURLencoding('.$phpThumb->src.') returned "'.$cleanedupurl.'"', __FILE__, __LINE__);
+ $phpThumb->src = $cleanedupurl;
+ unset($cleanedupurl);
+ if ($rawImageData = phpthumb_functions::SafeURLread($phpThumb->src, $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
+ $phpThumb->DebugMessage('SafeURLread('.$phpThumb->src.') succeeded'.($error ? ' with messsages: "'.$error.'"' : ''), __FILE__, __LINE__);
+ $phpThumb->DebugMessage('Setting source data from URL "'.$phpThumb->src.'"', __FILE__, __LINE__);
+ $phpThumb->setSourceData($rawImageData, urlencode($phpThumb->src));
+ } else {
+ $phpThumb->ErrorImage($error);
+ }
+ } else {
+ $phpThumb->ErrorImage('only FTP and HTTP/HTTPS protocols are allowed, "'.$protocol_matches[1].'" is not');
+ }
+
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[7]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '7')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
@@ -578,32 +590,32 @@
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[8]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '8')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
-if (!empty($PHPTHUMB_CONFIG['high_security_enabled']) && !empty($_GET['nocache'])) {
+if (!empty($phpThumb->config_high_security_enabled) && !empty($_GET['nocache'])) {
- // cache disabled, don't write cachefile
+ // cache disabled, don't write cachefile
} else {
- phpthumb_functions::EnsureDirectoryExists(dirname($phpThumb->cache_filename));
- if (is_writable(dirname($phpThumb->cache_filename)) || (file_exists($phpThumb->cache_filename) && is_writable($phpThumb->cache_filename))) {
+ phpthumb_functions::EnsureDirectoryExists(dirname($phpThumb->cache_filename));
+ if (is_writable(dirname($phpThumb->cache_filename)) || (file_exists($phpThumb->cache_filename) && is_writable($phpThumb->cache_filename))) {
- $phpThumb->CleanUpCacheDirectory();
- if ($phpThumb->RenderToFile($phpThumb->cache_filename) && is_readable($phpThumb->cache_filename)) {
- chmod($phpThumb->cache_filename, 0644);
- RedirectToCachedFile();
- } else {
- $phpThumb->DebugMessage('Failed: RenderToFile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
- }
+ $phpThumb->CleanUpCacheDirectory();
+ if ($phpThumb->RenderToFile($phpThumb->cache_filename) && is_readable($phpThumb->cache_filename)) {
+ chmod($phpThumb->cache_filename, 0644);
+ RedirectToCachedFile();
+ } else {
+ $phpThumb->DebugMessage('Failed: RenderToFile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
+ }
- } else {
+ } else {
- $phpThumb->DebugMessage('Cannot write to $phpThumb->cache_filename ('.$phpThumb->cache_filename.') because that directory ('.dirname($phpThumb->cache_filename).') is not writable', __FILE__, __LINE__);
+ $phpThumb->DebugMessage('Cannot write to $phpThumb->cache_filename ('.$phpThumb->cache_filename.') because that directory ('.dirname($phpThumb->cache_filename).') is not writable', __FILE__, __LINE__);
- }
+ }
}
@@ -611,18 +623,20 @@
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[9]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '9')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
if (!$phpThumb->OutputThumbnail()) {
- $phpThumb->ErrorImage('Error in OutputThumbnail():'."\n".$phpThumb->debugmessages[(count($phpThumb->debugmessages) - 1)]);
+ $phpThumb->ErrorImage('Error in OutputThumbnail():'."\n".$phpThumb->debugmessages[(count($phpThumb->debugmessages) - 1)]);
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
$phpThumb->DebugTimingMessage('phpThumbDebug[10]', __FILE__, __LINE__);
if (isset($_GET['phpThumbDebug']) && ($_GET['phpThumbDebug'] == '10')) {
- $phpThumb->phpThumbDebug();
+ $phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
+
+?>
\ No newline at end of file
Modified: XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.bmp.php
===================================================================
--- XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.bmp.php 2014-07-20 20:29:24 UTC (rev 12721)
+++ XoopsCore/branches/2.5.x/2.5.8/htdocs/modules/system/class/thumbs/phpthumb.bmp.php 2014-07-22 12:18:06 UTC (rev 12722)
@@ -17,889 +17,862 @@
// //
/////////////////////////////////////////////////////////////////
-class phpthumb_bmp
-{
- function phpthumb_bmp()
- {
- return true;
- }
- function phpthumb_bmp2gd(&$BMPdata, $truecolor=true)
- {
- $ThisFileInfo = array();
- if ($this->getid3_bmp($BMPdata, $ThisFileInfo, true, true)) {
- $gd = $this->PlotPixelsGD($ThisFileInfo['bmp'], $truecolor);
+class phpthumb_bmp {
- return $gd;
- }
+ function phpthumb_bmp() {
+ return true;
+ }
- return false;
- }
+ function phpthumb_bmp2gd(&$BMPdata, $truecolor=true) {
+ $ThisFileInfo = array();
+ if ($this->getid3_bmp($BMPdata, $ThisFileInfo, true, true)) {
+ $gd = $this->PlotPixelsGD($ThisFileInfo['bmp'], $truecolor);
+ return $gd;
+ }
+ return false;
+ }
- function phpthumb_bmpfile2gd($filename, $truecolor=true)
- {
- if ($fp = @fopen($filename, 'rb')) {
- $BMPdata = fread($fp, filesize($filename));
- fclose($fp);
+ function phpthumb_bmpfile2gd($filename, $truecolor=true) {
+ if ($fp = @fopen($filename, 'rb')) {
+ $BMPdata = fread($fp, filesize($filename));
+ fclose($fp);
+ return $this->phpthumb_bmp2gd($BMPdata, $truecolor);
+ }
+ return false;
+ }
- return $this->phpthumb_bmp2gd($BMPdata, $truecolor);
- }
+ function GD2BMPstring(&$gd_image) {
+ $imageX = ImageSX($gd_image);
+ $imageY = ImageSY($gd_image);
- return false;
- }
+ $BMP = '';
+ for ($y = ($imageY - 1); $y >= 0; $y--) {
+ $thisline = '';
+ for ($x = 0; $x < $imageX; $x++) {
+ $argb = phpthumb_functions::GetPixelColor($gd_image, $x, $y);
+ $thisline .= chr($argb['blue']).chr($argb['green']).chr($argb['red']);
+ }
+ while (strlen($thisline) % 4) {
+ $thisline .= "\x00";
+ }
+ $BMP .= $thisline;
+ }
- function GD2BMPstring(&$gd_image)
- {
- $imageX = ImageSX($gd_image);
- $imageY = ImageSY($gd_image);
+ $bmpSize = strlen($BMP) + 14 + 40;
+ // BITMAPFILEHEADER [14 bytes] - http://msdn.microsoft.com/library/en-us/gdi/bitmaps_62uq.asp
+ $BITMAPFILEHEADER = 'BM'; // WORD bfType;
+ $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String($bmpSize, 4); // DWORD bfSize;
+ $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String( 0, 2); // WORD bfReserved1;
+ $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String( 0, 2); // WORD bfReserved2;
+ $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String( 54, 4); // DWORD bfOffBits;
- $BMP = '';
- for ($y = ($imageY - 1); $y >= 0; $y--) {
- $thisline = '';
- for ($x = 0; $x < $imageX; $x++) {
- $argb = phpthumb_functions::GetPixelColor($gd_image, $x, $y);
- $thisline .= chr($argb['blue']).chr($argb['green']).chr($argb['red']);
- }
- while (strlen($thisline) % 4) {
- $thisline .= "\x00";
- }
- $BMP .= $thisline;
- }
+ // BITMAPINFOHEADER - [40 bytes] http://msdn.microsoft.com/library/en-us/gdi/bitmaps_1rw2.asp
+ $BITMAPINFOHEADER = phpthumb_functions::LittleEndian2String( 40, 4); // DWORD biSize;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( $imageX, 4); // LONG biWidth;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( $imageY, 4); // LONG biHeight;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 1, 2); // WORD biPlanes;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 24, 2); // WORD biBitCount;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 0, 4); // DWORD biCompression;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 0, 4); // DWORD biSizeImage;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 2835, 4); // LONG biXPelsPerMeter;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 2835, 4); // LONG biYPelsPerMeter;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 0, 4); // DWORD biClrUsed;
+ $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( 0, 4); // DWORD biClrImportant;
- $bmpSize = strlen($BMP) + 14 + 40;
- // BITMAPFILEHEADER [14 bytes] - http://msdn.microsoft.com/library/en-us/gdi/bitmaps_62uq.asp
- $BITMAPFILEHEADER = 'BM'; // WORD bfType;
- $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String($bmpSize, 4); // DWORD bfSize;
- $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String( 0, 2); // WORD bfReserved1;
- $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String( 0, 2); // WORD bfReserved2;
- $BITMAPFILEHEADER .= phpthumb_functions::LittleEndian2String( 54, 4); // DWORD bfOffBits;
+ return $BITMAPFILEHEADER.$BITMAPINFOHEADER.$BMP;
+ }
- // BITMAPINFOHEADER - [40 bytes] http://msdn.microsoft.com/library/en-us/gdi/bitmaps_1rw2.asp
- $BITMAPINFOHEADER = phpthumb_functions::LittleEndian2String( 40, 4); // DWORD biSize;
- $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String( $imageX, 4); // LONG biWidth;
- $BITMAPINFOHEADER .= phpthumb_functions::LittleEndian2String...
[truncated message content] |
