1 | <?php
|
---|
2 | //////////////////////////////////////////////////////////////
|
---|
3 | /// phpThumb() by James Heinrich <info@silisoftware.com> //
|
---|
4 | // available at http://phpthumb.sourceforge.net ///
|
---|
5 | //////////////////////////////////////////////////////////////
|
---|
6 | /// //
|
---|
7 | // See: phpthumb.changelog.txt for recent changes //
|
---|
8 | // See: phpthumb.readme.txt for usage instructions //
|
---|
9 | // ///
|
---|
10 | //////////////////////////////////////////////////////////////
|
---|
11 |
|
---|
12 | error_reporting(E_ALL);
|
---|
13 | ini_set('display_errors', '1');
|
---|
14 | ini_set('magic_quotes_runtime', '0');
|
---|
15 | if (@ini_get('magic_quotes_runtime')) {
|
---|
16 | die('"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
|
---|
17 | }
|
---|
18 | $starttime = array_sum(explode(' ', microtime()));
|
---|
19 |
|
---|
20 | // this script relies on the superglobal arrays, fake it here for old PHP versions
|
---|
21 | if (phpversion() < '4.1.0') {
|
---|
22 | $_SERVER = $HTTP_SERVER_VARS;
|
---|
23 | $_GET = $HTTP_GET_VARS;
|
---|
24 | }
|
---|
25 |
|
---|
26 | // instantiate a new phpThumb() object
|
---|
27 | ob_start();
|
---|
28 | if (!include_once(dirname(__FILE__).'/phpthumb.class.php')) {
|
---|
29 | ob_end_flush();
|
---|
30 | die('failed to include_once("'.realpath(dirname(__FILE__).'/phpthumb.class.php').'")');
|
---|
31 | }
|
---|
32 | ob_end_clean();
|
---|
33 |
|
---|
34 | $phpThumb = new phpThumb();
|
---|
35 | $phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
|
---|
36 | $phpThumb->SetParameter('config_error_die_on_error', true);
|
---|
37 |
|
---|
38 | if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
|
---|
39 | set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
|
---|
40 | }
|
---|
41 |
|
---|
42 | // phpThumbDebug[0] used to be here, but may reveal too much
|
---|
43 | // info when high_security_mode should be enabled (not set yet)
|
---|
44 |
|
---|
45 | if (file_exists(dirname(__FILE__).'/phpThumb.config.php')) {
|
---|
46 | ob_start();
|
---|
47 | if (include_once(dirname(__FILE__).'/phpThumb.config.php')) {
|
---|
48 | // great
|
---|
49 | } else {
|
---|
50 | ob_end_flush();
|
---|
51 | $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
|
---|
52 | }
|
---|
53 | ob_end_clean();
|
---|
54 | } elseif (file_exists(dirname(__FILE__).'/phpThumb.config.php.default')) {
|
---|
55 | $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
|
---|
56 | } else {
|
---|
57 | $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
|
---|
58 | }
|
---|
59 |
|
---|
60 | if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
|
---|
61 | $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
|
---|
62 |
|
---|
63 | $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
|
---|
64 | $phpThumb->DebugMessage('PATH_INFO.$args set to ('.implode(')(', $args).')', __FILE__, __LINE__);
|
---|
65 | if (!empty($args)) {
|
---|
66 | $_GET['src'] = @$args[count($args) - 1];
|
---|
67 | $phpThumb->DebugMessage('PATH_INFO."src" = "'.$_GET['src'].'"', __FILE__, __LINE__);
|
---|
68 | if (eregi('^new\=([a-z0-9]+)', $_GET['src'], $matches)) {
|
---|
69 | unset($_GET['src']);
|
---|
70 | $_GET['new'] = $matches[1];
|
---|
71 | }
|
---|
72 | }
|
---|
73 | if (eregi('^([0-9]*)x?([0-9]*)$', @$args[count($args) - 2], $matches)) {
|
---|
74 | $_GET['w'] = $matches[1];
|
---|
75 | $_GET['h'] = $matches[2];
|
---|
76 | $phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "'.$_GET['w'].'"x"'.$_GET['h'].'"', __FILE__, __LINE__);
|
---|
77 | }
|
---|
78 | for ($i = 0; $i < count($args) - 2; $i++) {
|
---|
79 | @list($key, $value) = explode('=', @$args[$i]);
|
---|
80 | if (substr($key, -2) == '[]') {
|
---|
81 | $array_key_name = substr($key, 0, -2);
|
---|
82 | $_GET[$array_key_name][] = $value;
|
---|
83 | $phpThumb->DebugMessage('PATH_INFO."'.$array_key_name.'[]" = "'.$value.'"', __FILE__, __LINE__);
|
---|
84 | } else {
|
---|
85 | $_GET[$key] = $value;
|
---|
86 | $phpThumb->DebugMessage('PATH_INFO."'.$key.'" = "'.$value.'"', __FILE__, __LINE__);
|
---|
87 | }
|
---|
88 | }
|
---|
89 | }
|
---|
90 |
|
---|
91 | if (@$PHPTHUMB_CONFIG['high_security_enabled']) {
|
---|
92 | if (!@$_GET['hash']) {
|
---|
93 | $phpThumb->ErrorImage('ERROR: missing hash');
|
---|
94 | } elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
|
---|
95 | $phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
|
---|
96 | } elseif ($_GET['hash'] != md5(str_replace('&hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$PHPTHUMB_CONFIG['high_security_password'])) {
|
---|
97 | $phpThumb->ErrorImage('ERROR: invalid hash');
|
---|
98 | }
|
---|
99 | }
|
---|
100 |
|
---|
101 | ////////////////////////////////////////////////////////////////
|
---|
102 | // Debug output, to try and help me diagnose problems
|
---|
103 | $phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
|
---|
104 | if (@$_GET['phpThumbDebug'] == '0') {
|
---|
105 | $phpThumb->phpThumbDebug();
|
---|
106 | }
|
---|
107 | ////////////////////////////////////////////////////////////////
|
---|
108 |
|
---|
109 | // returned the fixed string if the evil "magic_quotes_gpc" setting is on
|
---|
110 | if (get_magic_quotes_gpc()) {
|
---|
111 | // deprecated: 'err', 'file', 'goto',
|
---|
112 | $RequestVarsToStripSlashes = array('src', 'wmf', 'down');
|
---|
113 | foreach ($RequestVarsToStripSlashes as $key) {
|
---|
114 | if (isset($_GET[$key])) {
|
---|
115 | if (is_string($_GET[$key])) {
|
---|
116 | $_GET[$key] = stripslashes($_GET[$key]);
|
---|
117 | } else {
|
---|
118 | unset($_GET[$key]);
|
---|
119 | }
|
---|
120 | }
|
---|
121 | }
|
---|
122 | }
|
---|
123 |
|
---|
124 | if (!@$_SERVER['PATH_INFO'] && !@$_SERVER['QUERY_STRING']) {
|
---|
125 | $phpThumb->ErrorImage('phpThumb() v'.$phpThumb->phpthumb_version.'<br><a href="http://phpthumb.sourceforge.net">http://phpthumb.sourceforge.net</a><br><br>ERROR: no parameters specified');
|
---|
126 | }
|
---|
127 |
|
---|
128 | if (@$_GET['src'] && isset($_GET['md5s']) && empty($_GET['md5s'])) {
|
---|
129 | if (eregi('^(f|ht)tps?://', $_GET['src'])) {
|
---|
130 | if ($rawImageData = phpthumb_functions::SafeURLread($_GET['src'], $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
|
---|
131 | $md5s = md5($rawImageData);
|
---|
132 | }
|
---|
133 | } else {
|
---|
134 | $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_GET['src']);
|
---|
135 | if (is_readable($SourceFilename)) {
|
---|
136 | $md5s = phpthumb_functions::md5_file_safe($SourceFilename);
|
---|
137 | } else {
|
---|
138 | $phpThumb->ErrorImage('ERROR: "'.$SourceFilename.'" cannot be read');
|
---|
139 | }
|
---|
140 | }
|
---|
141 | if (@$_SERVER['HTTP_REFERER']) {
|
---|
142 | $phpThumb->ErrorImage('&md5s='.$md5s);
|
---|
143 | } else {
|
---|
144 | die('&md5s='.$md5s);
|
---|
145 | }
|
---|
146 | }
|
---|
147 |
|
---|
148 | if (!empty($PHPTHUMB_CONFIG)) {
|
---|
149 | foreach ($PHPTHUMB_CONFIG as $key => $value) {
|
---|
150 | $keyname = 'config_'.$key;
|
---|
151 | $phpThumb->setParameter($keyname, $value);
|
---|
152 | if (!eregi('password|mysql', $key)) {
|
---|
153 | $phpThumb->DebugMessage('setParameter('.$keyname.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
|
---|
154 | }
|
---|
155 | }
|
---|
156 | } else {
|
---|
157 | $phpThumb->DebugMessage('$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
|
---|
158 | }
|
---|
159 |
|
---|
160 | if (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && eregi('^http://'.@$_SERVER['HTTP_HOST'].'(.+)', @$_GET['src'], $matches)) {
|
---|
161 | $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
|
---|
162 | }
|
---|
163 |
|
---|
164 | ////////////////////////////////////////////////////////////////
|
---|
165 | // Debug output, to try and help me diagnose problems
|
---|
166 | $phpThumb->DebugTimingMessage('phpThumbDebug[1]', __FILE__, __LINE__);
|
---|
167 | if (@$_GET['phpThumbDebug'] == '1') {
|
---|
168 | $phpThumb->phpThumbDebug();
|
---|
169 | }
|
---|
170 | ////////////////////////////////////////////////////////////////
|
---|
171 |
|
---|
172 | $parsed_url_referer = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
|
---|
173 | if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) {
|
---|
174 | $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and '.(@$parsed_url_referer['host'] ? '"'.$parsed_url_referer['host'].'" is not an allowed referer' : 'no HTTP_REFERER exists'));
|
---|
175 | }
|
---|
176 | $parsed_url_src = phpthumb_functions::ParseURLbetter(@$_GET['src']);
|
---|
177 | if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f|ht)tps?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
|
---|
178 | $phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
|
---|
179 | }
|
---|
180 |
|
---|
181 | if ($phpThumb->config_mysql_query) {
|
---|
182 | if ($cid = @mysql_connect($phpThumb->config_mysql_hostname, $phpThumb->config_mysql_username, $phpThumb->config_mysql_password)) {
|
---|
183 | if (@mysql_select_db($phpThumb->config_mysql_database, $cid)) {
|
---|
184 | if ($result = @mysql_query($phpThumb->config_mysql_query, $cid)) {
|
---|
185 | if ($row = @mysql_fetch_array($result)) {
|
---|
186 |
|
---|
187 | mysql_free_result($result);
|
---|
188 | mysql_close($cid);
|
---|
189 | $phpThumb->setSourceData($row[0]);
|
---|
190 | unset($row);
|
---|
191 |
|
---|
192 | } else {
|
---|
193 | mysql_free_result($result);
|
---|
194 | mysql_close($cid);
|
---|
195 | $phpThumb->ErrorImage('no matching data in database.');
|
---|
196 | }
|
---|
197 | } else {
|
---|
198 | mysql_close($cid);
|
---|
199 | $phpThumb->ErrorImage('Error in MySQL query: "'.mysql_error($cid).'"');
|
---|
200 | }
|
---|
201 | } else {
|
---|
202 | mysql_close($cid);
|
---|
203 | $phpThumb->ErrorImage('cannot select MySQL database: "'.mysql_error($cid).'"');
|
---|
204 | }
|
---|
205 | } else {
|
---|
206 | $phpThumb->ErrorImage('cannot connect to MySQL server');
|
---|
207 | }
|
---|
208 | unset($_GET['id']);
|
---|
209 | }
|
---|
210 |
|
---|
211 | ////////////////////////////////////////////////////////////////
|
---|
212 | // Debug output, to try and help me diagnose problems
|
---|
213 | $phpThumb->DebugTimingMessage('phpThumbDebug[2]', __FILE__, __LINE__);
|
---|
214 | if (@$_GET['phpThumbDebug'] == '2') {
|
---|
215 | $phpThumb->phpThumbDebug();
|
---|
216 | }
|
---|
217 | ////////////////////////////////////////////////////////////////
|
---|
218 |
|
---|
219 | $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = (bool) (@$PHPTHUMB_CONFIG['cache_default_only_suffix'] && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false));
|
---|
220 |
|
---|
221 | if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
|
---|
222 | $phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
|
---|
223 | foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
|
---|
224 | if ($PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) {
|
---|
225 | $_GET[$key] = $value;
|
---|
226 | $phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.$value.') to $_GET['.$key.']', __FILE__, __LINE__);
|
---|
227 | }
|
---|
228 | }
|
---|
229 | }
|
---|
230 |
|
---|
231 | // deprecated: 'err', 'file', 'goto',
|
---|
232 | $allowedGETparameters = array('src', 'new', 'w', 'h', 'wp', 'hp', 'wl', 'hl', 'ws', 'hs', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash', 'md5s', 'sfn', 'dpi', 'sia', 'nocache');
|
---|
233 | foreach ($_GET as $key => $value) {
|
---|
234 | if (@$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS && ($key != 'src')) {
|
---|
235 | // disabled, do not set parameter
|
---|
236 | $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
|
---|
237 | } elseif (in_array($key, $allowedGETparameters)) {
|
---|
238 | $phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
|
---|
239 | $phpThumb->setParameter($key, $value);
|
---|
240 | } else {
|
---|
241 | $phpThumb->ErrorImage('Forbidden parameter: '.$key);
|
---|
242 | }
|
---|
243 | }
|
---|
244 |
|
---|
245 | ////////////////////////////////////////////////////////////////
|
---|
246 | // Debug output, to try and help me diagnose problems
|
---|
247 | $phpThumb->DebugTimingMessage('phpThumbDebug[3]', __FILE__, __LINE__);
|
---|
248 | if (@$_GET['phpThumbDebug'] == '3') {
|
---|
249 | $phpThumb->phpThumbDebug();
|
---|
250 | }
|
---|
251 | ////////////////////////////////////////////////////////////////
|
---|
252 |
|
---|
253 | //if (!@$_GET['phpThumbDebug'] && !is_file($phpThumb->sourceFilename) && !phpthumb_functions::gd_version()) {
|
---|
254 | // if (!headers_sent()) {
|
---|
255 | // // base64-encoded error image in GIF format
|
---|
256 | // $ERROR_NOGD = 'R0lGODlhIAAgALMAAAAAABQUFCQkJDY2NkZGRldXV2ZmZnJycoaGhpSUlKWlpbe3t8XFxdXV1eTk5P7+/iwAAAAAIAAgAAAE/vDJSau9WILtTAACUinDNijZtAHfCojS4W5H+qxD8xibIDE9h0OwWaRWDIljJSkUJYsN4bihMB8th3IToAKs1VtYM75cyV8sZ8vygtOE5yMKmGbO4jRdICQCjHdlZzwzNW4qZSQmKDaNjhUMBX4BBAlmMywFSRWEmAI6b5gAlhNxokGhooAIK5o/pi9vEw4Lfj4OLTAUpj6IabMtCwlSFw0DCKBoFqwAB04AjI54PyZ+yY3TD0ss2YcVmN/gvpcu4TOyFivWqYJlbAHPpOntvxNAACcmGHjZzAZqzSzcq5fNjxFmAFw9iFRunD1epU6tsIPmFCAJnWYE0FURk7wJDA0MTKpEzoWAAskiAAA7';
|
---|
257 | // header('Content-Type: image/gif');
|
---|
258 | // echo base64_decode($ERROR_NOGD);
|
---|
259 | // } else {
|
---|
260 | // echo '*** ERROR: No PHP-GD support available ***';
|
---|
261 | // }
|
---|
262 | // exit;
|
---|
263 | //}
|
---|
264 |
|
---|
265 | // check to see if file can be output from source with no processing or caching
|
---|
266 | $CanPassThroughDirectly = true;
|
---|
267 | if ($phpThumb->rawImageData) {
|
---|
268 | // data from SQL, should be fine
|
---|
269 | } elseif (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
|
---|
270 | // assume is ok to passthru if no other parameters specified
|
---|
271 | } elseif (!@is_file($phpThumb->sourceFilename)) {
|
---|
272 | $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_file('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
|
---|
273 | $CanPassThroughDirectly = false;
|
---|
274 | } elseif (!@is_readable($phpThumb->sourceFilename)) {
|
---|
275 | $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_readable('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
|
---|
276 | $CanPassThroughDirectly = false;
|
---|
277 | }
|
---|
278 | foreach ($_GET as $key => $value) {
|
---|
279 | switch ($key) {
|
---|
280 | case 'src':
|
---|
281 | // allowed
|
---|
282 | break;
|
---|
283 |
|
---|
284 | case 'w':
|
---|
285 | case 'h':
|
---|
286 | // might be OK if exactly matches original
|
---|
287 | if (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
|
---|
288 | // assume it is not ok for direct-passthru of remote image
|
---|
289 | $CanPassThroughDirectly = false;
|
---|
290 | }
|
---|
291 | break;
|
---|
292 |
|
---|
293 | case 'phpThumbDebug':
|
---|
294 | // handled in direct-passthru code
|
---|
295 | break;
|
---|
296 |
|
---|
297 | default:
|
---|
298 | // all other parameters will cause some processing,
|
---|
299 | // therefore cannot pass through original image unmodified
|
---|
300 | $CanPassThroughDirectly = false;
|
---|
301 | $UnAllowedGET[] = $key;
|
---|
302 | break;
|
---|
303 | }
|
---|
304 | }
|
---|
305 | if (!empty($UnAllowedGET)) {
|
---|
306 | $phpThumb->DebugMessage('$CanPassThroughDirectly=false because $_GET['.implode(';', array_unique($UnAllowedGET)).'] are set', __FILE__, __LINE__);
|
---|
307 | }
|
---|
308 |
|
---|
309 | ////////////////////////////////////////////////////////////////
|
---|
310 | // Debug output, to try and help me diagnose problems
|
---|
311 | $phpThumb->DebugTimingMessage('phpThumbDebug[4]', __FILE__, __LINE__);
|
---|
312 | if (@$_GET['phpThumbDebug'] == '4') {
|
---|
313 | $phpThumb->phpThumbDebug();
|
---|
314 | }
|
---|
315 | ////////////////////////////////////////////////////////////////
|
---|
316 |
|
---|
317 | function SendSaveAsFileHeaderIfNeeded() {
|
---|
318 | if (headers_sent()) {
|
---|
319 | return false;
|
---|
320 | }
|
---|
321 | global $phpThumb;
|
---|
322 | $downloadfilename = phpthumb_functions::SanitizeFilename(@$_GET['sia'] ? $_GET['sia'] : (@$_GET['down'] ? $_GET['down'] : 'phpThumb_generated_thumbnail'.(@$_GET['f'] ? $_GET['f'] : 'jpg')));
|
---|
323 | if (@$downloadfilename) {
|
---|
324 | $phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
|
---|
325 | header('Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"');
|
---|
326 | }
|
---|
327 | return true;
|
---|
328 | }
|
---|
329 |
|
---|
330 | $phpThumb->DebugMessage('$CanPassThroughDirectly="'.intval($CanPassThroughDirectly).'" && $phpThumb->src="'.$phpThumb->src.'"', __FILE__, __LINE__);
|
---|
331 | while ($CanPassThroughDirectly && $phpThumb->src) {
|
---|
332 | // no parameters set, passthru
|
---|
333 |
|
---|
334 | if (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
|
---|
335 | $phpThumb->DebugMessage('Passing HTTP source through directly as Location: redirect ('.$phpThumb->src.')', __FILE__, __LINE__);
|
---|
336 | header('Location: '.$phpThumb->src);
|
---|
337 | exit;
|
---|
338 | }
|
---|
339 |
|
---|
340 | $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
|
---|
341 |
|
---|
342 | // security and size checks
|
---|
343 | if ($phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
|
---|
344 | $phpThumb->DebugMessage('Direct passthru GetImageSize() returned [w='.$phpThumb->getimagesizeinfo[0].';h='.$phpThumb->getimagesizeinfo[1].';t='.$phpThumb->getimagesizeinfo[2].']', __FILE__, __LINE__);
|
---|
345 |
|
---|
346 | if (!@$_GET['w'] && !@$_GET['wp'] && !@$_GET['wl'] && !@$_GET['ws'] && !@$_GET['h'] && !@$_GET['hp'] && !@$_GET['hl'] && !@$_GET['hs']) {
|
---|
347 | // no resizing needed
|
---|
348 | $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'")', __FILE__, __LINE__);
|
---|
349 | } elseif ((($phpThumb->getimagesizeinfo[0] <= @$_GET['w']) || ($phpThumb->getimagesizeinfo[1] <= @$_GET['h'])) && ((@$_GET['w'] == $phpThumb->getimagesizeinfo[0]) || (@$_GET['h'] == $phpThumb->getimagesizeinfo[1]))) {
|
---|
350 | // image fits into 'w'x'h' box, and at least one dimension matches exactly, therefore no resizing needed
|
---|
351 | $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" fits inside "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
|
---|
352 | } else {
|
---|
353 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because resizing required (from "'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" to "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
|
---|
354 | break;
|
---|
355 | }
|
---|
356 | switch ($phpThumb->getimagesizeinfo[2]) {
|
---|
357 | case 1: // GIF
|
---|
358 | case 2: // JPG
|
---|
359 | case 3: // PNG
|
---|
360 | // great, let it through
|
---|
361 | break;
|
---|
362 | default:
|
---|
363 | // browser probably can't handle format, remangle it to JPEG/PNG/GIF
|
---|
364 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because $phpThumb->getimagesizeinfo[2] = "'.$phpThumb->getimagesizeinfo[2].'"', __FILE__, __LINE__);
|
---|
365 | break 2;
|
---|
366 | }
|
---|
367 |
|
---|
368 | $ImageCreateFunctions = array(1=>'ImageCreateFromGIF', 2=>'ImageCreateFromJPEG', 3=>'ImageCreateFromPNG');
|
---|
369 | $theImageCreateFunction = @$ImageCreateFunctions[$phpThumb->getimagesizeinfo[2]];
|
---|
370 | if ($phpThumb->config_disable_onlycreateable_passthru || (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
|
---|
371 |
|
---|
372 | // great
|
---|
373 | if (@is_resource($dummyImage)) {
|
---|
374 | unset($dummyImage);
|
---|
375 | }
|
---|
376 |
|
---|
377 | if (headers_sent()) {
|
---|
378 | $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
|
---|
379 | exit;
|
---|
380 | }
|
---|
381 | if (@$_GET['phpThumbDebug']) {
|
---|
382 | $phpThumb->DebugTimingMessage('skipped direct $SourceFilename passthru', __FILE__, __LINE__);
|
---|
383 | $phpThumb->DebugMessage('Would have passed "'.$SourceFilename.'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
|
---|
384 | break;
|
---|
385 | }
|
---|
386 |
|
---|
387 | SendSaveAsFileHeaderIfNeeded();
|
---|
388 | header('Last-Modified: '.gmdate('D, d M Y H:i:s', @filemtime($SourceFilename)).' GMT');
|
---|
389 | if ($contentType = phpthumb_functions::ImageTypeToMIMEtype(@$phpThumb->getimagesizeinfo[2])) {
|
---|
390 | header('Content-Type: '.$contentType);
|
---|
391 | }
|
---|
392 | @readfile($SourceFilename);
|
---|
393 | exit;
|
---|
394 |
|
---|
395 | } else {
|
---|
396 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because ($phpThumb->config_disable_onlycreateable_passthru = "'.$phpThumb->config_disable_onlycreateable_passthru.'") and '.$theImageCreateFunction.'() failed', __FILE__, __LINE__);
|
---|
397 | break;
|
---|
398 | }
|
---|
399 |
|
---|
400 | } else {
|
---|
401 | $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because GetImageSize() failed', __FILE__, __LINE__);
|
---|
402 | break;
|
---|
403 | }
|
---|
404 | break;
|
---|
405 | }
|
---|
406 |
|
---|
407 | ////////////////////////////////////////////////////////////////
|
---|
408 | // Debug output, to try and help me diagnose problems
|
---|
409 | $phpThumb->DebugTimingMessage('phpThumbDebug[5]', __FILE__, __LINE__);
|
---|
410 | if (@$_GET['phpThumbDebug'] == '5') {
|
---|
411 | $phpThumb->phpThumbDebug();
|
---|
412 | }
|
---|
413 | ////////////////////////////////////////////////////////////////
|
---|
414 |
|
---|
415 | function RedirectToCachedFile() {
|
---|
416 | global $phpThumb, $PHPTHUMB_CONFIG;
|
---|
417 |
|
---|
418 | $nice_cachefile = str_replace(DIRECTORY_SEPARATOR, '/', $phpThumb->cache_filename);
|
---|
419 | $nice_docroot = str_replace(DIRECTORY_SEPARATOR, '/', rtrim($PHPTHUMB_CONFIG['document_root'], '/\\'));
|
---|
420 |
|
---|
421 | $parsed_url = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
|
---|
422 |
|
---|
423 | $nModified = filemtime($phpThumb->cache_filename);
|
---|
424 |
|
---|
425 | if ($phpThumb->config_nooffsitelink_enabled && @$_SERVER['HTTP_REFERER'] && !in_array(@$parsed_url['host'], $phpThumb->config_nooffsitelink_valid_domains)) {
|
---|
426 |
|
---|
427 | $phpThumb->DebugMessage('Would have used cached (image/'.$phpThumb->thumbnailFormat.') file "'.$phpThumb->cache_filename.'" (Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT), but skipping because $_SERVER[HTTP_REFERER] ('.@$_SERVER['HTTP_REFERER'].') is not in $phpThumb->config_nooffsitelink_valid_domains ('.implode(';', $phpThumb->config_nooffsitelink_valid_domains).')', __FILE__, __LINE__);
|
---|
428 |
|
---|
429 | } elseif ($phpThumb->phpThumbDebug) {
|
---|
430 |
|
---|
431 | $phpThumb->DebugTimingMessage('skipped using cached image', __FILE__, __LINE__);
|
---|
432 | $phpThumb->DebugMessage('Would have used cached file, but skipping due to phpThumbDebug', __FILE__, __LINE__);
|
---|
433 | $phpThumb->DebugMessage('* Would have sent headers (1): Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT', __FILE__, __LINE__);
|
---|
434 | if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
|
---|
435 | $phpThumb->DebugMessage('* Would have sent headers (2): Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]), __FILE__, __LINE__);
|
---|
436 | }
|
---|
437 | if (ereg('^'.preg_quote($nice_docroot).'(.*)$', $nice_cachefile, $matches)) {
|
---|
438 | $phpThumb->DebugMessage('* Would have sent headers (3): Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])), __FILE__, __LINE__);
|
---|
439 | } else {
|
---|
440 | $phpThumb->DebugMessage('* Would have sent data: readfile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
|
---|
441 | }
|
---|
442 |
|
---|
443 | } else {
|
---|
444 |
|
---|
445 | if (headers_sent()) {
|
---|
446 | $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
|
---|
447 | exit;
|
---|
448 | }
|
---|
449 | SendSaveAsFileHeaderIfNeeded();
|
---|
450 |
|
---|
451 | header('Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT');
|
---|
452 | if (@$_SERVER['HTTP_IF_MODIFIED_SINCE'] && ($nModified == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) && @$_SERVER['SERVER_PROTOCOL']) {
|
---|
453 | header($_SERVER['SERVER_PROTOCOL'].' 304 Not Modified');
|
---|
454 | exit;
|
---|
455 | }
|
---|
456 |
|
---|
457 | if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
|
---|
458 | header('Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]));
|
---|
459 | } elseif (eregi('\.ico$', $phpThumb->cache_filename)) {
|
---|
460 | header('Content-Type: image/x-icon');
|
---|
461 | }
|
---|
462 | if (!@$PHPTHUMB_CONFIG['cache_force_passthru'] && ereg('^'.preg_quote($nice_docroot).'(.*)$', $nice_cachefile, $matches)) {
|
---|
463 | header('Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])));
|
---|
464 | } else {
|
---|
465 | @readfile($phpThumb->cache_filename);
|
---|
466 | }
|
---|
467 | exit;
|
---|
468 |
|
---|
469 | }
|
---|
470 | return true;
|
---|
471 | }
|
---|
472 |
|
---|
473 | // check to see if file already exists in cache, and output it with no processing if it does
|
---|
474 | $phpThumb->SetCacheFilename();
|
---|
475 | if (@is_file($phpThumb->cache_filename)) {
|
---|
476 | RedirectToCachedFile();
|
---|
477 | } else {
|
---|
478 | $phpThumb->DebugMessage('Cached file "'.$phpThumb->cache_filename.'" does not exist, processing as normal', __FILE__, __LINE__);
|
---|
479 | }
|
---|
480 |
|
---|
481 | ////////////////////////////////////////////////////////////////
|
---|
482 | // Debug output, to try and help me diagnose problems
|
---|
483 | $phpThumb->DebugTimingMessage('phpThumbDebug[6]', __FILE__, __LINE__);
|
---|
484 | if (@$_GET['phpThumbDebug'] == '6') {
|
---|
485 | $phpThumb->phpThumbDebug();
|
---|
486 | }
|
---|
487 | ////////////////////////////////////////////////////////////////
|
---|
488 |
|
---|
489 | if ($phpThumb->rawImageData) {
|
---|
490 |
|
---|
491 | // great
|
---|
492 |
|
---|
493 | } elseif (@$_GET['new']) {
|
---|
494 |
|
---|
495 | // generate a blank image resource of the specified size/background color/opacity
|
---|
496 | if (($phpThumb->w <= 0) || ($phpThumb->h <= 0)) {
|
---|
497 | $phpThumb->ErrorImage('"w" and "h" parameters required for "new"');
|
---|
498 | }
|
---|
499 | @list($bghexcolor, $opacity) = explode('|', $_GET['new']);
|
---|
500 | if (!phpthumb_functions::IsHexColor($bghexcolor)) {
|
---|
501 | $phpThumb->ErrorImage('BGcolor parameter for "new" is not valid');
|
---|
502 | }
|
---|
503 | $opacity = (strlen($opacity) ? $opacity : 100);
|
---|
504 | if ($phpThumb->gdimg_source = phpthumb_functions::ImageCreateFunction($phpThumb->w, $phpThumb->h)) {
|
---|
505 | $alpha = (100 - min(100, max(0, $opacity))) * 1.27;
|
---|
506 | if ($alpha) {
|
---|
507 | $phpThumb->setParameter('is_alpha', true);
|
---|
508 | ImageAlphaBlending($phpThumb->gdimg_source, false);
|
---|
509 | ImageSaveAlpha($phpThumb->gdimg_source, true);
|
---|
510 | }
|
---|
511 | $new_background_color = phpthumb_functions::ImageHexColorAllocate($phpThumb->gdimg_source, $bghexcolor, false, $alpha);
|
---|
512 | ImageFilledRectangle($phpThumb->gdimg_source, 0, 0, $phpThumb->w, $phpThumb->h, $new_background_color);
|
---|
513 | } else {
|
---|
514 | $phpThumb->ErrorImage('failed to create "new" image ('.$phpThumb->w.'x'.$phpThumb->h.')');
|
---|
515 | }
|
---|
516 |
|
---|
517 | } elseif (!$phpThumb->src) {
|
---|
518 |
|
---|
519 | $phpThumb->ErrorImage('Usage: '.$_SERVER['PHP_SELF'].'?src=/path/and/filename.jpg'."\n".'read Usage comments for details');
|
---|
520 |
|
---|
521 | } elseif (eregi('^(f|ht)tp\://', $phpThumb->src)) {
|
---|
522 |
|
---|
523 | $phpThumb->DebugMessage('$phpThumb->src ('.$phpThumb->src.') is remote image, attempting to download', __FILE__, __LINE__);
|
---|
524 | if ($phpThumb->config_http_user_agent) {
|
---|
525 | $phpThumb->DebugMessage('Setting "user_agent" to "'.$phpThumb->config_http_user_agent.'"', __FILE__, __LINE__);
|
---|
526 | ini_set('user_agent', $phpThumb->config_http_user_agent);
|
---|
527 | }
|
---|
528 | $cleanedupurl = phpthumb_functions::CleanUpURLencoding($phpThumb->src);
|
---|
529 | $phpThumb->DebugMessage('CleanUpURLencoding('.$phpThumb->src.') returned "'.$cleanedupurl.'"', __FILE__, __LINE__);
|
---|
530 | $phpThumb->src = $cleanedupurl;
|
---|
531 | unset($cleanedupurl);
|
---|
532 | if ($rawImageData = phpthumb_functions::SafeURLread($phpThumb->src, $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
|
---|
533 | $phpThumb->DebugMessage('SafeURLread('.$phpThumb->src.') succeeded'.($error ? ' with messsages: "'.$error.'"' : ''), __FILE__, __LINE__);
|
---|
534 | $phpThumb->DebugMessage('Setting source data from URL "'.$phpThumb->src.'"', __FILE__, __LINE__);
|
---|
535 | $phpThumb->setSourceData($rawImageData, urlencode($phpThumb->src));
|
---|
536 | } else {
|
---|
537 | $phpThumb->ErrorImage($error);
|
---|
538 | }
|
---|
539 | }
|
---|
540 |
|
---|
541 | ////////////////////////////////////////////////////////////////
|
---|
542 | // Debug output, to try and help me diagnose problems
|
---|
543 | $phpThumb->DebugTimingMessage('phpThumbDebug[7]', __FILE__, __LINE__);
|
---|
544 | if (@$_GET['phpThumbDebug'] == '7') {
|
---|
545 | $phpThumb->phpThumbDebug();
|
---|
546 | }
|
---|
547 | ////////////////////////////////////////////////////////////////
|
---|
548 |
|
---|
549 | $phpThumb->GenerateThumbnail();
|
---|
550 |
|
---|
551 | ////////////////////////////////////////////////////////////////
|
---|
552 | // Debug output, to try and help me diagnose problems
|
---|
553 | $phpThumb->DebugTimingMessage('phpThumbDebug[8]', __FILE__, __LINE__);
|
---|
554 | if (@$_GET['phpThumbDebug'] == '8') {
|
---|
555 | $phpThumb->phpThumbDebug();
|
---|
556 | }
|
---|
557 | ////////////////////////////////////////////////////////////////
|
---|
558 |
|
---|
559 | if ($phpThumb->config_allow_parameter_file && $phpThumb->file) {
|
---|
560 |
|
---|
561 | $phpThumb->RenderToFile($phpThumb->ResolveFilenameToAbsolute($phpThumb->file));
|
---|
562 | if ($phpThumb->config_allow_parameter_goto && $phpThumb->goto && eregi('^(f|ht)tps?://', $phpThumb->goto)) {
|
---|
563 | // redirect to another URL after image has been rendered to file
|
---|
564 | header('Location: '.$phpThumb->goto);
|
---|
565 | exit;
|
---|
566 | }
|
---|
567 |
|
---|
568 | } elseif (@$PHPTHUMB_CONFIG['high_security_enabled'] && @$_GET['nocache']) {
|
---|
569 |
|
---|
570 | // cache disabled, don't write cachefile
|
---|
571 |
|
---|
572 | } else {
|
---|
573 |
|
---|
574 | phpthumb_functions::EnsureDirectoryExists(dirname($phpThumb->cache_filename));
|
---|
575 | if ((file_exists($phpThumb->cache_filename) && is_writable($phpThumb->cache_filename)) || is_writable(dirname($phpThumb->cache_filename))) {
|
---|
576 |
|
---|
577 | $phpThumb->CleanUpCacheDirectory();
|
---|
578 | if ($phpThumb->RenderToFile($phpThumb->cache_filename) && is_readable($phpThumb->cache_filename)) {
|
---|
579 | chmod($phpThumb->cache_filename, 0644);
|
---|
580 | RedirectToCachedFile();
|
---|
581 | } else {
|
---|
582 | $phpThumb->DebugMessage('Failed: RenderToFile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
|
---|
583 | }
|
---|
584 |
|
---|
585 | } else {
|
---|
586 |
|
---|
587 | $phpThumb->DebugMessage('Cannot write to $phpThumb->cache_filename ('.$phpThumb->cache_filename.') because that directory ('.dirname($phpThumb->cache_filename).') is not writable', __FILE__, __LINE__);
|
---|
588 |
|
---|
589 | }
|
---|
590 |
|
---|
591 | }
|
---|
592 |
|
---|
593 | ////////////////////////////////////////////////////////////////
|
---|
594 | // Debug output, to try and help me diagnose problems
|
---|
595 | $phpThumb->DebugTimingMessage('phpThumbDebug[9]', __FILE__, __LINE__);
|
---|
596 | if (@$_GET['phpThumbDebug'] == '9') {
|
---|
597 | $phpThumb->phpThumbDebug();
|
---|
598 | }
|
---|
599 | ////////////////////////////////////////////////////////////////
|
---|
600 |
|
---|
601 | if (!$phpThumb->OutputThumbnail()) {
|
---|
602 | $phpThumb->ErrorImage('Error in OutputThumbnail():'."\n".$phpThumb->debugmessages[(count($phpThumb->debugmessages) - 1)]);
|
---|
603 | }
|
---|
604 |
|
---|
605 | ////////////////////////////////////////////////////////////////
|
---|
606 | // Debug output, to try and help me diagnose problems
|
---|
607 | $phpThumb->DebugTimingMessage('phpThumbDebug[10]', __FILE__, __LINE__);
|
---|
608 | if (@$_GET['phpThumbDebug'] == '10') {
|
---|
609 | $phpThumb->phpThumbDebug();
|
---|
610 | }
|
---|
611 | ////////////////////////////////////////////////////////////////
|
---|
612 |
|
---|
613 | ?> |
---|