[44] | 1 | <?php
|
---|
| 2 | //////////////////////////////////////////////////////////////
|
---|
| 3 | /// phpThumb() by James Heinrich <info@silisoftware.com> //
|
---|
| 4 | // available at http://phpthumb.sourceforge.net ///
|
---|
| 5 | //////////////////////////////////////////////////////////////
|
---|
| 6 | /// //
|
---|
| 7 | // See: phpthumb.changelog.txt for recent changes //
|
---|
| 8 | // See: phpthumb.readme.txt for usage instructions //
|
---|
| 9 | // ///
|
---|
| 10 | //////////////////////////////////////////////////////////////
|
---|
| 11 |
|
---|
| 12 | error_reporting(E_ALL);
|
---|
| 13 | ini_set('display_errors', '1');
|
---|
| 14 | ini_set('magic_quotes_runtime', '0');
|
---|
| 15 | if (@ini_get('magic_quotes_runtime')) {
|
---|
| 16 | die('"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
|
---|
| 17 | }
|
---|
| 18 | $starttime = array_sum(explode(' ', microtime()));
|
---|
| 19 |
|
---|
| 20 | // this script relies on the superglobal arrays, fake it here for old PHP versions
|
---|
| 21 | if (phpversion() < '4.1.0') {
|
---|
| 22 | $_SERVER = $HTTP_SERVER_VARS;
|
---|
| 23 | $_GET = $HTTP_GET_VARS;
|
---|
| 24 | }
|
---|
| 25 |
|
---|
| 26 | // instantiate a new phpThumb() object
|
---|
| 27 | ob_start();
|
---|
| 28 | if (!include_once(dirname(__FILE__).'/phpthumb.class.php')) {
|
---|
| 29 | ob_end_flush();
|
---|
| 30 | die('failed to include_once("'.realpath(dirname(__FILE__).'/phpthumb.class.php').'")');
|
---|
| 31 | }
|
---|
| 32 | ob_end_clean();
|
---|
| 33 |
|
---|
| 34 | $phpThumb = new phpThumb();
|
---|
| 35 | $phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
|
---|
| 36 | $phpThumb->SetParameter('config_error_die_on_error', true);
|
---|
| 37 |
|
---|
| 38 | if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
|
---|
| 39 | set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
|
---|
| 40 | }
|
---|
| 41 |
|
---|
| 42 | // phpThumbDebug[0] used to be here, but may reveal too much
|
---|
| 43 | // info when high_security_mode should be enabled (not set yet)
|
---|
| 44 |
|
---|
| 45 | if (file_exists(dirname(__FILE__).'/phpThumb.config.php')) {
|
---|
| 46 | ob_start();
|
---|
| 47 | if (include_once(dirname(__FILE__).'/phpThumb.config.php')) {
|
---|
| 48 | // great
|
---|
| 49 | } else {
|
---|
| 50 | ob_end_flush();
|
---|
| 51 | $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
|
---|
| 52 | }
|
---|
| 53 | ob_end_clean();
|
---|
| 54 | } elseif (file_exists(dirname(__FILE__).'/phpThumb.config.php.default')) {
|
---|
| 55 | $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
|
---|
| 56 | } else {
|
---|
| 57 | $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
|
---|
| 58 | }
|
---|
| 59 |
|
---|
| 60 | if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
|
---|
| 61 | $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
|
---|
| 62 |
|
---|
| 63 | $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
|
---|
| 64 | $phpThumb->DebugMessage('PATH_INFO.$args set to ('.implode(')(', $args).')', __FILE__, __LINE__);
|
---|
| 65 | if (!empty($args)) {
|
---|
| 66 | $_GET['src'] = @$args[count($args) - 1];
|
---|
| 67 | $phpThumb->DebugMessage('PATH_INFO."src" = "'.$_GET['src'].'"', __FILE__, __LINE__);
|
---|
| 68 | if (eregi('^new\=([a-z0-9]+)', $_GET['src'], $matches)) {
|
---|
| 69 | unset($_GET['src']);
|
---|
| 70 | $_GET['new'] = $matches[1];
|
---|
| 71 | }
|
---|
| 72 | }
|
---|
| 73 | if (eregi('^([0-9]*)x?([0-9]*)$', @$args[count($args) - 2], $matches)) {
|
---|
| 74 | $_GET['w'] = $matches[1];
|
---|
| 75 | $_GET['h'] = $matches[2];
|
---|
| 76 | $phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "'.$_GET['w'].'"x"'.$_GET['h'].'"', __FILE__, __LINE__);
|
---|
| 77 | }
|
---|
| 78 | for ($i = 0; $i < count($args) - 2; $i++) {
|
---|
| 79 | @list($key, $value) = explode('=', @$args[$i]);
|
---|
| 80 | if (substr($key, -2) == '[]') {
|
---|
| 81 | $array_key_name = substr($key, 0, -2);
|
---|
| 82 | $_GET[$array_key_name][] = $value;
|
---|
| 83 | $phpThumb->DebugMessage('PATH_INFO."'.$array_key_name.'[]" = "'.$value.'"', __FILE__, __LINE__);
|
---|
| 84 | } else {
|
---|
| 85 | $_GET[$key] = $value;
|
---|
| 86 | $phpThumb->DebugMessage('PATH_INFO."'.$key.'" = "'.$value.'"', __FILE__, __LINE__);
|
---|
| 87 | }
|
---|
| 88 | }
|
---|
| 89 | }
|
---|
| 90 |
|
---|
| 91 | if (@$PHPTHUMB_CONFIG['high_security_enabled']) {
|
---|
| 92 | if (!@$_GET['hash']) {
|
---|
| 93 | $phpThumb->ErrorImage('ERROR: missing hash');
|
---|
| 94 | } elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
|
---|
| 95 | $phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
|
---|
| 96 | } elseif ($_GET['hash'] != md5(str_replace('&hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$PHPTHUMB_CONFIG['high_security_password'])) {
|
---|
| 97 | $phpThumb->ErrorImage('ERROR: invalid hash');
|
---|
| 98 | }
|
---|
| 99 | }
|
---|
| 100 |
|
---|
| 101 | ////////////////////////////////////////////////////////////////
|
---|
| 102 | // Debug output, to try and help me diagnose problems
|
---|
| 103 | $phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
|
---|
| 104 | if (@$_GET['phpThumbDebug'] == '0') {
|
---|
| 105 | $phpThumb->phpThumbDebug();
|
---|
| 106 | }
|
---|
| 107 | ////////////////////////////////////////////////////////////////
|
---|
| 108 |
|
---|
| 109 | // returned the fixed string if the evil "magic_quotes_gpc" setting is on
|
---|
| 110 | if (get_magic_quotes_gpc()) {
|
---|
| 111 | // deprecated: 'err', 'file', 'goto',
|
---|
| 112 | $RequestVarsToStripSlashes = array('src', 'wmf', 'down');
|
---|
| 113 | foreach ($RequestVarsToStripSlashes as $key) {
|
---|
| 114 | if (isset($_GET[$key])) {
|
---|
| 115 | if (is_string($_GET[$key])) {
|
---|
| 116 | $_GET[$key] = stripslashes($_GET[$key]);
|
---|
| 117 | } else {
|
---|
| 118 | unset($_GET[$key]);
|
---|
| 119 | }
|
---|
| 120 | }
|
---|
| 121 | }
|
---|
| 122 | }
|
---|
| 123 |
|
---|
| 124 | if (!@$_SERVER['PATH_INFO'] && !@$_SERVER['QUERY_STRING']) {
|
---|
| 125 | $phpThumb->ErrorImage('phpThumb() v'.$phpThumb->phpthumb_version.'<br><a href="http://phpthumb.sourceforge.net">http://phpthumb.sourceforge.net</a><br><br>ERROR: no parameters specified');
|
---|
| 126 | }
|
---|
| 127 |
|
---|
| 128 | if (@$_GET['src'] && isset($_GET['md5s']) && empty($_GET['md5s'])) {
|
---|
| 129 | if (eregi('^(f|ht)tps?://', $_GET['src'])) {
|
---|
| 130 | if ($rawImageData = phpthumb_functions::SafeURLread($_GET['src'], $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
|
---|
| 131 | $md5s = md5($rawImageData);
|
---|
| 132 | }
|
---|
| 133 | } else {
|
---|
| 134 | $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_GET['src']);
|
---|
| 135 | if (is_readable($SourceFilename)) {
|
---|
| 136 | $md5s = phpthumb_functions::md5_file_safe($SourceFilename);
|
---|
| 137 | } else {
|
---|
| 138 | $phpThumb->ErrorImage('ERROR: "'.$SourceFilename.'" cannot be read');
|
---|
| 139 | }
|
---|
| 140 | }
|
---|
| 141 | if (@$_SERVER['HTTP_REFERER']) {
|
---|
| 142 | $phpThumb->ErrorImage('&md5s='.$md5s);
|
---|
| 143 | } else {
|
---|
| 144 | die('&md5s='.$md5s);
|
---|
| 145 | }
|
---|
| 146 | }
|
---|
| 147 |
|
---|
| 148 | if (!empty($PHPTHUMB_CONFIG)) {
|
---|
| 149 | foreach ($PHPTHUMB_CONFIG as $key => $value) {
|
---|
| 150 | $keyname = 'config_'.$key;
|
---|
| 151 | $phpThumb->setParameter($keyname, $value);
|
---|
| 152 | if (!eregi('password|mysql', $key)) {
|
---|
| 153 | $phpThumb->DebugMessage('setParameter('.$keyname.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
|
---|
| 154 | }
|
---|
| 155 | }
|
---|
| 156 | } else {
|
---|
| 157 | $phpThumb->DebugMessage('$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
|
---|
| 158 | }
|
---|
| 159 |
|
---|
| 160 | if (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && eregi('^http://'.@$_SERVER['HTTP_HOST'].'(.+)', @$_GET['src'], $matches)) {
|
---|
| 161 | $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
|
---|
| 162 | }
|
---|
| 163 |
|
---|
| 164 | ////////////////////////////////////////////////////////////////
|
---|
| 165 | // Debug output, to try and help me diagnose problems
|
---|
| 166 | $phpThumb->DebugTimingMessage('phpThumbDebug[1]', __FILE__, __LINE__);
|
---|
| 167 | if (@$_GET['phpThumbDebug'] == '1') {
|
---|
| 168 | $phpThumb->phpThumbDebug();
|
---|
| 169 | }
|
---|
| 170 | ////////////////////////////////////////////////////////////////
|
---|
| 171 |
|
---|
| 172 | $parsed_url_referer = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
|
---|
| 173 | if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) {
|
---|
| 174 | $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and '.(@$parsed_url_referer['host'] ? '"'.$parsed_url_referer['host'].'" is not an allowed referer' : 'no HTTP_REFERER exists'));
|
---|
| 175 | }
|
---|
| 176 | $parsed_url_src = phpthumb_functions::ParseURLbetter(@$_GET['src']);
|
---|
| 177 | if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f|ht)tps?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
|
---|
| 178 | $phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
|
---|
| 179 | }
|
---|
| 180 |
|
---|
| 181 | if ($phpThumb->config_mysql_query) {
|
---|
| 182 | if ($cid = @mysql_connect($phpThumb->config_mysql_hostname, $phpThumb->config_mysql_username, $phpThumb->config_mysql_password)) {
|
---|
| 183 | if (@mysql_select_db($phpThumb->config_mysql_database, $cid)) {
|
---|
| 184 | if ($result = @mysql_query($phpThumb->config_mysql_query, $cid)) {
|
---|
| 185 | if ($row = @mysql_fetch_array($result)) {
|
---|
| 186 |
|
---|
| 187 | mysql_free_result($result);
|
---|
| 188 | mysql_close($cid);
|
---|
| 189 | $phpThumb->setSourceData($row[0]);
|
---|
| 190 | unset($row);
|
---|
| 191 |
|
---|
| 192 | } else {
|
---|
| 193 | mysql_free_result($result);
|
---|
| 194 | mysql_close($cid);
|
---|
| 195 | $phpThumb->ErrorImage('no matching data in database.');
|
---|
| 196 | }
|
---|
| 197 | } else {
|
---|
| 198 | mysql_close($cid);
|
---|
| 199 | $phpThumb->ErrorImage('Error in MySQL query: "'.mysql_error($cid).'"');
|
---|
| 200 | }
|
---|
| 201 | } else {
|
---|
| 202 | mysql_close($cid);
|
---|
| 203 | $phpThumb->ErrorImage('cannot select MySQL database: "'.mysql_error($cid).'"');
|
---|
| 204 | }
|
---|
| 205 | } else {
|
---|
| 206 | $phpThumb->ErrorImage('cannot connect to MySQL server');
|
---|
| 207 | }
|
---|
| 208 | unset($_GET['id']);
|
---|
| 209 | }
|
---|
| 210 |
|
---|
| 211 | ////////////////////////////////////////////////////////////////
|
---|
| 212 | // Debug output, to try and help me diagnose problems
|
---|
| 213 | $phpThumb->DebugTimingMessage('phpThumbDebug[2]', __FILE__, __LINE__);
|
---|
| 214 | if (@$_GET['phpThumbDebug'] == '2') {
|
---|
| 215 | $phpThumb->phpThumbDebug();
|
---|
| 216 | }
|
---|
| 217 | ////////////////////////////////////////////////////////////////
|
---|
| 218 |
|
---|
| 219 | $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = (bool) (@$PHPTHUMB_CONFIG['cache_default_only_suffix'] && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false));
|
---|
| 220 |
|
---|
| 221 | if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
|
---|
| 222 | $phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
|
---|
| 223 | foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
|
---|
| 224 | if ($PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) {
|
---|
| 225 | $_GET[$key] = $value;
|
---|
| 226 | $phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.$value.') to $_GET['.$key.']', __FILE__, __LINE__);
|
---|
| 227 | }
|
---|
| 228 | }
|
---|
| 229 | }
|
---|
| 230 |
|
---|
| 231 | // deprecated: 'err', 'file', 'goto',
|
---|
| 232 | $allowedGETparameters = array('src', 'new', 'w', 'h', 'wp', 'hp', 'wl', 'hl', 'ws', 'hs', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash', 'md5s', 'sfn', 'dpi', 'sia', 'nocache');
|
---|
| 233 | foreach ($_GET as $key => $value) {
|
---|
| 234 | if (@$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS && ($key != 'src')) {
|
---|
| 235 | // disabled, do not set parameter
|
---|
| 236 | $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
|
---|
| 237 | } elseif (in_array($key, $allowedGETparameters)) {
|
---|
| 238 | $phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
|
---|
| 239 | $phpThumb->setParameter($key, $value);
|
---|
| 240 | } else {
|
---|
| 241 | $phpThumb->ErrorImage('Forbidden parameter: '.$key);
|
---|
| 242 | }
|
---|
| 243 | }
|
---|
| 244 |
|
---|
| 245 | ////////////////////////////////////////////////////////////////
|
---|
| 246 | // Debug output, to try and help me diagnose problems
|
---|
| 247 | $phpThumb->DebugTimingMessage('phpThumbDebug[3]', __FILE__, __LINE__);
|
---|
| 248 | if (@$_GET['phpThumbDebug'] == '3') {
|
---|
| 249 | $phpThumb->phpThumbDebug();
|
---|
| 250 | }
|
---|
| 251 | ////////////////////////////////////////////////////////////////
|
---|
| 252 |
|
---|
| 253 | //if (!@$_GET['phpThumbDebug'] && !is_file($phpThumb->sourceFilename) && !phpthumb_functions::gd_version()) {
|
---|
| 254 | // if (!headers_sent()) {
|
---|
| 255 | // // base64-encoded error image in GIF format
|
---|
| 256 | // $ERROR_NOGD = 'R0lGODlhIAAgALMAAAAAABQUFCQkJDY2NkZGRldXV2ZmZnJycoaGhpSUlKWlpbe3t8XFxdXV1eTk5P7+/iwAAAAAIAAgAAAE/vDJSau9WILtTAACUinDNijZtAHfCojS4W5H+qxD8xibIDE9h0OwWaRWDIljJSkUJYsN4bihMB8th3IToAKs1VtYM75cyV8sZ8vygtOE5yMKmGbO4jRdICQCjHdlZzwzNW4qZSQmKDaNjhUMBX4BBAlmMywFSRWEmAI6b5gAlhNxokGhooAIK5o/pi9vEw4Lfj4OLTAUpj6IabMtCwlSFw0DCKBoFqwAB04AjI54PyZ+yY3TD0ss2YcVmN/gvpcu4TOyFivWqYJlbAHPpOntvxNAACcmGHjZzAZqzSzcq5fNjxFmAFw9iFRunD1epU6tsIPmFCAJnWYE0FURk7wJDA0MTKpEzoWAAskiAAA7';
|
---|
| 257 | // header('Content-Type: image/gif');
|
---|
| 258 | // echo base64_decode($ERROR_NOGD);
|
---|
| 259 | // } else {
|
---|
| 260 | // echo '*** ERROR: No PHP-GD support available ***';
|
---|
| 261 | // }
|
---|
| 262 | // exit;
|
---|
| 263 | //}
|
---|
| 264 |
|
---|
| 265 | // check to see if file can be output from source with no processing or caching
|
---|
| 266 | $CanPassThroughDirectly = true;
|
---|
| 267 | if ($phpThumb->rawImageData) {
|
---|
| 268 | // data from SQL, should be fine
|
---|
| 269 | } elseif (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
|
---|
| 270 | // assume is ok to passthru if no other parameters specified
|
---|
| 271 | } elseif (!@is_file($phpThumb->sourceFilename)) {
|
---|
| 272 | $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_file('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
|
---|
| 273 | $CanPassThroughDirectly = false;
|
---|
| 274 | } elseif (!@is_readable($phpThumb->sourceFilename)) {
|
---|
| 275 | $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_readable('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
|
---|
| 276 | $CanPassThroughDirectly = false;
|
---|
| 277 | }
|
---|
| 278 | foreach ($_GET as $key => $value) {
|
---|
| 279 | switch ($key) {
|
---|
| 280 | case 'src':
|
---|
| 281 | // allowed
|
---|
| 282 | break;
|
---|
| 283 |
|
---|
| 284 | case 'w':
|
---|
| 285 | case 'h':
|
---|
| 286 | // might be OK if exactly matches original
|
---|
| 287 | if (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
|
---|
| 288 | // assume it is not ok for direct-passthru of remote image
|
---|
| 289 | $CanPassThroughDirectly = false;
|
---|
| 290 | }
|
---|
| 291 | break;
|
---|
| 292 |
|
---|
| 293 | case 'phpThumbDebug':
|
---|
| 294 | // handled in direct-passthru code
|
---|
| 295 | break;
|
---|
| 296 |
|
---|
| 297 | default:
|
---|
| 298 | // all other parameters will cause some processing,
|
---|
| 299 | // therefore cannot pass through original image unmodified
|
---|
| 300 | $CanPassThroughDirectly = false;
|
---|
| 301 | $UnAllowedGET[] = $key;
|
---|
| 302 | break;
|
---|
| 303 | }
|
---|
| 304 | }
|
---|
| 305 | if (!empty($UnAllowedGET)) {
|
---|
| 306 | $phpThumb->DebugMessage('$CanPassThroughDirectly=false because $_GET['.implode(';', array_unique($UnAllowedGET)).'] are set', __FILE__, __LINE__);
|
---|
| 307 | }
|
---|
| 308 |
|
---|
| 309 | ////////////////////////////////////////////////////////////////
|
---|
| 310 | // Debug output, to try and help me diagnose problems
|
---|
| 311 | $phpThumb->DebugTimingMessage('phpThumbDebug[4]', __FILE__, __LINE__);
|
---|
| 312 | if (@$_GET['phpThumbDebug'] == '4') {
|
---|
| 313 | $phpThumb->phpThumbDebug();
|
---|
| 314 | }
|
---|
| 315 | ////////////////////////////////////////////////////////////////
|
---|
| 316 |
|
---|
| 317 | function SendSaveAsFileHeaderIfNeeded() {
|
---|
| 318 | if (headers_sent()) {
|
---|
| 319 | return false;
|
---|
| 320 | }
|
---|
| 321 | global $phpThumb;
|
---|
| 322 | $downloadfilename = phpthumb_functions::SanitizeFilename(@$_GET['sia'] ? $_GET['sia'] : (@$_GET['down'] ? $_GET['down'] : 'phpThumb_generated_thumbnail'.(@$_GET['f'] ? $_GET['f'] : 'jpg')));
|
---|
| 323 | if (@$downloadfilename) {
|
---|
| 324 | $phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
|
---|
| 325 | header('Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"');
|
---|
| 326 | }
|
---|
| 327 | return true;
|
---|
| 328 | }
|
---|
| 329 |
|
---|
| 330 | $phpThumb->DebugMessage('$CanPassThroughDirectly="'.intval($CanPassThroughDirectly).'" && $phpThumb->src="'.$phpThumb->src.'"', __FILE__, __LINE__);
|
---|
| 331 | while ($CanPassThroughDirectly && $phpThumb->src) {
|
---|
| 332 | // no parameters set, passthru
|
---|
| 333 |
|
---|
| 334 | if (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
|
---|
| 335 | $phpThumb->DebugMessage('Passing HTTP source through directly as Location: redirect ('.$phpThumb->src.')', __FILE__, __LINE__);
|
---|
| 336 | header('Location: '.$phpThumb->src);
|
---|
| 337 | exit;
|
---|
| 338 | }
|
---|
| 339 |
|
---|
| 340 | $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
|
---|
| 341 |
|
---|
| 342 | // security and size checks
|
---|
| 343 | if ($phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
|
---|
| 344 | $phpThumb->DebugMessage('Direct passthru GetImageSize() returned [w='.$phpThumb->getimagesizeinfo[0].';h='.$phpThumb->getimagesizeinfo[1].';t='.$phpThumb->getimagesizeinfo[2].']', __FILE__, __LINE__);
|
---|
| 345 |
|
---|
| 346 | if (!@$_GET['w'] && !@$_GET['wp'] && !@$_GET['wl'] && !@$_GET['ws'] && !@$_GET['h'] && !@$_GET['hp'] && !@$_GET['hl'] && !@$_GET['hs']) {
|
---|
| 347 | // no resizing needed
|
---|
| 348 | $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'")', __FILE__, __LINE__);
|
---|
| 349 | } elseif ((($phpThumb->getimagesizeinfo[0] <= @$_GET['w']) || ($phpThumb->getimagesizeinfo[1] <= @$_GET['h'])) && ((@$_GET['w'] == $phpThumb->getimagesizeinfo[0]) || (@$_GET['h'] == $phpThumb->getimagesizeinfo[1]))) {
|
---|
| 350 | // image fits into 'w'x'h' box, and at least one dimension matches exactly, therefore no resizing needed
|
---|
| 351 | $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" fits inside "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
|
---|
| 352 | } else {
|
---|
| 353 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because resizing required (from "'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" to "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
|
---|
| 354 | break;
|
---|
| 355 | }
|
---|
| 356 | switch ($phpThumb->getimagesizeinfo[2]) {
|
---|
| 357 | case 1: // GIF
|
---|
| 358 | case 2: // JPG
|
---|
| 359 | case 3: // PNG
|
---|
| 360 | // great, let it through
|
---|
| 361 | break;
|
---|
| 362 | default:
|
---|
| 363 | // browser probably can't handle format, remangle it to JPEG/PNG/GIF
|
---|
| 364 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because $phpThumb->getimagesizeinfo[2] = "'.$phpThumb->getimagesizeinfo[2].'"', __FILE__, __LINE__);
|
---|
| 365 | break 2;
|
---|
| 366 | }
|
---|
| 367 |
|
---|
| 368 | $ImageCreateFunctions = array(1=>'ImageCreateFromGIF', 2=>'ImageCreateFromJPEG', 3=>'ImageCreateFromPNG');
|
---|
| 369 | $theImageCreateFunction = @$ImageCreateFunctions[$phpThumb->getimagesizeinfo[2]];
|
---|
| 370 | if ($phpThumb->config_disable_onlycreateable_passthru || (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
|
---|
| 371 |
|
---|
| 372 | // great
|
---|
| 373 | if (@is_resource($dummyImage)) {
|
---|
| 374 | unset($dummyImage);
|
---|
| 375 | }
|
---|
| 376 |
|
---|
| 377 | if (headers_sent()) {
|
---|
| 378 | $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
|
---|
| 379 | exit;
|
---|
| 380 | }
|
---|
| 381 | if (@$_GET['phpThumbDebug']) {
|
---|
| 382 | $phpThumb->DebugTimingMessage('skipped direct $SourceFilename passthru', __FILE__, __LINE__);
|
---|
| 383 | $phpThumb->DebugMessage('Would have passed "'.$SourceFilename.'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
|
---|
| 384 | break;
|
---|
| 385 | }
|
---|
| 386 |
|
---|
| 387 | SendSaveAsFileHeaderIfNeeded();
|
---|
| 388 | header('Last-Modified: '.gmdate('D, d M Y H:i:s', @filemtime($SourceFilename)).' GMT');
|
---|
| 389 | if ($contentType = phpthumb_functions::ImageTypeToMIMEtype(@$phpThumb->getimagesizeinfo[2])) {
|
---|
| 390 | header('Content-Type: '.$contentType);
|
---|
| 391 | }
|
---|
| 392 | @readfile($SourceFilename);
|
---|
| 393 | exit;
|
---|
| 394 |
|
---|
| 395 | } else {
|
---|
| 396 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because ($phpThumb->config_disable_onlycreateable_passthru = "'.$phpThumb->config_disable_onlycreateable_passthru.'") and '.$theImageCreateFunction.'() failed', __FILE__, __LINE__);
|
---|
| 397 | break;
|
---|
| 398 | }
|
---|
| 399 |
|
---|
| 400 | } else {
|
---|
| 401 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because GetImageSize() failed', __FILE__, __LINE__);
|
---|
| 402 | break;
|
---|
| 403 | }
|
---|
| 404 | break;
|
---|
| 405 | }
|
---|
| 406 |
|
---|
| 407 | ////////////////////////////////////////////////////////////////
|
---|
| 408 | // Debug output, to try and help me diagnose problems
|
---|
| 409 | $phpThumb->DebugTimingMessage('phpThumbDebug[5]', __FILE__, __LINE__);
|
---|
| 410 | if (@$_GET['phpThumbDebug'] == '5') {
|
---|
| 411 | $phpThumb->phpThumbDebug();
|
---|
| 412 | }
|
---|
| 413 | ////////////////////////////////////////////////////////////////
|
---|
| 414 |
|
---|
| 415 | function RedirectToCachedFile() {
|
---|
| 416 | global $phpThumb, $PHPTHUMB_CONFIG;
|
---|
| 417 |
|
---|
| 418 | $nice_cachefile = str_replace(DIRECTORY_SEPARATOR, '/', $phpThumb->cache_filename);
|
---|
| 419 | $nice_docroot = str_replace(DIRECTORY_SEPARATOR, '/', rtrim($PHPTHUMB_CONFIG['document_root'], '/\\'));
|
---|
| 420 |
|
---|
| 421 | $parsed_url = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
|
---|
| 422 |
|
---|
| 423 | $nModified = filemtime($phpThumb->cache_filename);
|
---|
| 424 |
|
---|
| 425 | if ($phpThumb->config_nooffsitelink_enabled && @$_SERVER['HTTP_REFERER'] && !in_array(@$parsed_url['host'], $phpThumb->config_nooffsitelink_valid_domains)) {
|
---|
| 426 |
|
---|
| 427 | $phpThumb->DebugMessage('Would have used cached (image/'.$phpThumb->thumbnailFormat.') file "'.$phpThumb->cache_filename.'" (Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT), but skipping because $_SERVER[HTTP_REFERER] ('.@$_SERVER['HTTP_REFERER'].') is not in $phpThumb->config_nooffsitelink_valid_domains ('.implode(';', $phpThumb->config_nooffsitelink_valid_domains).')', __FILE__, __LINE__);
|
---|
| 428 |
|
---|
| 429 | } elseif ($phpThumb->phpThumbDebug) {
|
---|
| 430 |
|
---|
| 431 | $phpThumb->DebugTimingMessage('skipped using cached image', __FILE__, __LINE__);
|
---|
| 432 | $phpThumb->DebugMessage('Would have used cached file, but skipping due to phpThumbDebug', __FILE__, __LINE__);
|
---|
| 433 | $phpThumb->DebugMessage('* Would have sent headers (1): Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT', __FILE__, __LINE__);
|
---|
| 434 | if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
|
---|
| 435 | $phpThumb->DebugMessage('* Would have sent headers (2): Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]), __FILE__, __LINE__);
|
---|
| 436 | }
|
---|
| 437 | if (ereg('^'.preg_quote($nice_docroot).'(.*)$', $nice_cachefile, $matches)) {
|
---|
| 438 | $phpThumb->DebugMessage('* Would have sent headers (3): Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])), __FILE__, __LINE__);
|
---|
| 439 | } else {
|
---|
| 440 | $phpThumb->DebugMessage('* Would have sent data: readfile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
|
---|
| 441 | }
|
---|
| 442 |
|
---|
| 443 | } else {
|
---|
| 444 |
|
---|
| 445 | if (headers_sent()) {
|
---|
| 446 | $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
|
---|
| 447 | exit;
|
---|
| 448 | }
|
---|
| 449 | SendSaveAsFileHeaderIfNeeded();
|
---|
| 450 |
|
---|
| 451 | header('Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT');
|
---|
| 452 | if (@$_SERVER['HTTP_IF_MODIFIED_SINCE'] && ($nModified == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) && @$_SERVER['SERVER_PROTOCOL']) {
|
---|
| 453 | header($_SERVER['SERVER_PROTOCOL'].' 304 Not Modified');
|
---|
| 454 | exit;
|
---|
| 455 | }
|
---|
| 456 |
|
---|
| 457 | if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
|
---|
| 458 | header('Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]));
|
---|
| 459 | } elseif (eregi('\.ico$', $phpThumb->cache_filename)) {
|
---|
| 460 | header('Content-Type: image/x-icon');
|
---|
| 461 | }
|
---|
| 462 | if (!@$PHPTHUMB_CONFIG['cache_force_passthru'] && ereg('^'.preg_quote($nice_docroot).'(.*)$', $nice_cachefile, $matches)) {
|
---|
| 463 | header('Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])));
|
---|
| 464 | } else {
|
---|
| 465 | @readfile($phpThumb->cache_filename);
|
---|
| 466 | }
|
---|
| 467 | exit;
|
---|
| 468 |
|
---|
| 469 | }
|
---|
| 470 | return true;
|
---|
| 471 | }
|
---|
| 472 |
|
---|
| 473 | // check to see if file already exists in cache, and output it with no processing if it does
|
---|
| 474 | $phpThumb->SetCacheFilename();
|
---|
| 475 | if (@is_file($phpThumb->cache_filename)) {
|
---|
| 476 | RedirectToCachedFile();
|
---|
| 477 | } else {
|
---|
| 478 | $phpThumb->DebugMessage('Cached file "'.$phpThumb->cache_filename.'" does not exist, processing as normal', __FILE__, __LINE__);
|
---|
| 479 | }
|
---|
| 480 |
|
---|
| 481 | ////////////////////////////////////////////////////////////////
|
---|
| 482 | // Debug output, to try and help me diagnose problems
|
---|
| 483 | $phpThumb->DebugTimingMessage('phpThumbDebug[6]', __FILE__, __LINE__);
|
---|
| 484 | if (@$_GET['phpThumbDebug'] == '6') {
|
---|
| 485 | $phpThumb->phpThumbDebug();
|
---|
| 486 | }
|
---|
| 487 | ////////////////////////////////////////////////////////////////
|
---|
| 488 |
|
---|
| 489 | if ($phpThumb->rawImageData) {
|
---|
| 490 |
|
---|
| 491 | // great
|
---|
| 492 |
|
---|
| 493 | } elseif (@$_GET['new']) {
|
---|
| 494 |
|
---|
| 495 | // generate a blank image resource of the specified size/background color/opacity
|
---|
| 496 | if (($phpThumb->w <= 0) || ($phpThumb->h <= 0)) {
|
---|
| 497 | $phpThumb->ErrorImage('"w" and "h" parameters required for "new"');
|
---|
| 498 | }
|
---|
| 499 | @list($bghexcolor, $opacity) = explode('|', $_GET['new']);
|
---|
| 500 | if (!phpthumb_functions::IsHexColor($bghexcolor)) {
|
---|
| 501 | $phpThumb->ErrorImage('BGcolor parameter for "new" is not valid');
|
---|
| 502 | }
|
---|
| 503 | $opacity = (strlen($opacity) ? $opacity : 100);
|
---|
| 504 | if ($phpThumb->gdimg_source = phpthumb_functions::ImageCreateFunction($phpThumb->w, $phpThumb->h)) {
|
---|
| 505 | $alpha = (100 - min(100, max(0, $opacity))) * 1.27;
|
---|
| 506 | if ($alpha) {
|
---|
| 507 | $phpThumb->setParameter('is_alpha', true);
|
---|
| 508 | ImageAlphaBlending($phpThumb->gdimg_source, false);
|
---|
| 509 | ImageSaveAlpha($phpThumb->gdimg_source, true);
|
---|
| 510 | }
|
---|
| 511 | $new_background_color = phpthumb_functions::ImageHexColorAllocate($phpThumb->gdimg_source, $bghexcolor, false, $alpha);
|
---|
| 512 | ImageFilledRectangle($phpThumb->gdimg_source, 0, 0, $phpThumb->w, $phpThumb->h, $new_background_color);
|
---|
| 513 | } else {
|
---|
| 514 | $phpThumb->ErrorImage('failed to create "new" image ('.$phpThumb->w.'x'.$phpThumb->h.')');
|
---|
| 515 | }
|
---|
| 516 |
|
---|
| 517 | } elseif (!$phpThumb->src) {
|
---|
| 518 |
|
---|
| 519 | $phpThumb->ErrorImage('Usage: '.$_SERVER['PHP_SELF'].'?src=/path/and/filename.jpg'."\n".'read Usage comments for details');
|
---|
| 520 |
|
---|
| 521 | } elseif (eregi('^(f|ht)tp\://', $phpThumb->src)) {
|
---|
| 522 |
|
---|
| 523 | $phpThumb->DebugMessage('$phpThumb->src ('.$phpThumb->src.') is remote image, attempting to download', __FILE__, __LINE__);
|
---|
| 524 | if ($phpThumb->config_http_user_agent) {
|
---|
| 525 | $phpThumb->DebugMessage('Setting "user_agent" to "'.$phpThumb->config_http_user_agent.'"', __FILE__, __LINE__);
|
---|
| 526 | ini_set('user_agent', $phpThumb->config_http_user_agent);
|
---|
| 527 | }
|
---|
| 528 | $cleanedupurl = phpthumb_functions::CleanUpURLencoding($phpThumb->src);
|
---|
| 529 | $phpThumb->DebugMessage('CleanUpURLencoding('.$phpThumb->src.') returned "'.$cleanedupurl.'"', __FILE__, __LINE__);
|
---|
| 530 | $phpThumb->src = $cleanedupurl;
|
---|
| 531 | unset($cleanedupurl);
|
---|
| 532 | if ($rawImageData = phpthumb_functions::SafeURLread($phpThumb->src, $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
|
---|
| 533 | $phpThumb->DebugMessage('SafeURLread('.$phpThumb->src.') succeeded'.($error ? ' with messsages: "'.$error.'"' : ''), __FILE__, __LINE__);
|
---|
| 534 | $phpThumb->DebugMessage('Setting source data from URL "'.$phpThumb->src.'"', __FILE__, __LINE__);
|
---|
| 535 | $phpThumb->setSourceData($rawImageData, urlencode($phpThumb->src));
|
---|
| 536 | } else {
|
---|
| 537 | $phpThumb->ErrorImage($error);
|
---|
| 538 | }
|
---|
| 539 | }
|
---|
| 540 |
|
---|
| 541 | ////////////////////////////////////////////////////////////////
|
---|
| 542 | // Debug output, to try and help me diagnose problems
|
---|
| 543 | $phpThumb->DebugTimingMessage('phpThumbDebug[7]', __FILE__, __LINE__);
|
---|
| 544 | if (@$_GET['phpThumbDebug'] == '7') {
|
---|
| 545 | $phpThumb->phpThumbDebug();
|
---|
| 546 | }
|
---|
| 547 | ////////////////////////////////////////////////////////////////
|
---|
| 548 |
|
---|
| 549 | $phpThumb->GenerateThumbnail();
|
---|
| 550 |
|
---|
| 551 | ////////////////////////////////////////////////////////////////
|
---|
| 552 | // Debug output, to try and help me diagnose problems
|
---|
| 553 | $phpThumb->DebugTimingMessage('phpThumbDebug[8]', __FILE__, __LINE__);
|
---|
| 554 | if (@$_GET['phpThumbDebug'] == '8') {
|
---|
| 555 | $phpThumb->phpThumbDebug();
|
---|
| 556 | }
|
---|
| 557 | ////////////////////////////////////////////////////////////////
|
---|
| 558 |
|
---|
| 559 | if ($phpThumb->config_allow_parameter_file && $phpThumb->file) {
|
---|
| 560 |
|
---|
| 561 | $phpThumb->RenderToFile($phpThumb->ResolveFilenameToAbsolute($phpThumb->file));
|
---|
| 562 | if ($phpThumb->config_allow_parameter_goto && $phpThumb->goto && eregi('^(f|ht)tps?://', $phpThumb->goto)) {
|
---|
| 563 | // redirect to another URL after image has been rendered to file
|
---|
| 564 | header('Location: '.$phpThumb->goto);
|
---|
| 565 | exit;
|
---|
| 566 | }
|
---|
| 567 |
|
---|
| 568 | } elseif (@$PHPTHUMB_CONFIG['high_security_enabled'] && @$_GET['nocache']) {
|
---|
| 569 |
|
---|
| 570 | // cache disabled, don't write cachefile
|
---|
| 571 |
|
---|
| 572 | } else {
|
---|
| 573 |
|
---|
| 574 | phpthumb_functions::EnsureDirectoryExists(dirname($phpThumb->cache_filename));
|
---|
| 575 | if ((file_exists($phpThumb->cache_filename) && is_writable($phpThumb->cache_filename)) || is_writable(dirname($phpThumb->cache_filename))) {
|
---|
| 576 |
|
---|
| 577 | $phpThumb->CleanUpCacheDirectory();
|
---|
| 578 | if ($phpThumb->RenderToFile($phpThumb->cache_filename) && is_readable($phpThumb->cache_filename)) {
|
---|
| 579 | chmod($phpThumb->cache_filename, 0644);
|
---|
| 580 | RedirectToCachedFile();
|
---|
| 581 | } else {
|
---|
| 582 | $phpThumb->DebugMessage('Failed: RenderToFile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
|
---|
| 583 | }
|
---|
| 584 |
|
---|
| 585 | } else {
|
---|
| 586 |
|
---|
| 587 | $phpThumb->DebugMessage('Cannot write to $phpThumb->cache_filename ('.$phpThumb->cache_filename.') because that directory ('.dirname($phpThumb->cache_filename).') is not writable', __FILE__, __LINE__);
|
---|
| 588 |
|
---|
| 589 | }
|
---|
| 590 |
|
---|
| 591 | }
|
---|
| 592 |
|
---|
| 593 | ////////////////////////////////////////////////////////////////
|
---|
| 594 | // Debug output, to try and help me diagnose problems
|
---|
| 595 | $phpThumb->DebugTimingMessage('phpThumbDebug[9]', __FILE__, __LINE__);
|
---|
| 596 | if (@$_GET['phpThumbDebug'] == '9') {
|
---|
| 597 | $phpThumb->phpThumbDebug();
|
---|
| 598 | }
|
---|
| 599 | ////////////////////////////////////////////////////////////////
|
---|
| 600 |
|
---|
| 601 | if (!$phpThumb->OutputThumbnail()) {
|
---|
| 602 | $phpThumb->ErrorImage('Error in OutputThumbnail():'."\n".$phpThumb->debugmessages[(count($phpThumb->debugmessages) - 1)]);
|
---|
| 603 | }
|
---|
| 604 |
|
---|
| 605 | ////////////////////////////////////////////////////////////////
|
---|
| 606 | // Debug output, to try and help me diagnose problems
|
---|
| 607 | $phpThumb->DebugTimingMessage('phpThumbDebug[10]', __FILE__, __LINE__);
|
---|
| 608 | if (@$_GET['phpThumbDebug'] == '10') {
|
---|
| 609 | $phpThumb->phpThumbDebug();
|
---|
| 610 | }
|
---|
| 611 | ////////////////////////////////////////////////////////////////
|
---|
| 612 |
|
---|
| 613 | ?> |
---|