Navigation

← Previous Changeset
Next Changeset →

Changeset 421

Timestamp:

07/02/06 21:58:39 (2 years ago)

Author:

sven

Message:

icons: upgrade phpthumb to 1.7.2 and move it to lib/
change icons to be output through a function rather than the bundled phpThumb.php, to allow greater control over security

Files:

devel/_files/icon.php (modified) (2 diffs)
devel/_icons/icon.php (modified) (1 diff)
devel/lib/filelib.php (modified) (1 diff)
devel/lib/iconslib.php (added)
devel/lib/phpthumb (moved) (moved from devel/units/phpthumb)
devel/lib/phpthumb/index.php (added)
devel/lib/phpthumb/phpThumb.config.php (modified) (11 diffs)
devel/lib/phpthumb/phpThumb.config.php.default (added)
devel/lib/phpthumb/phpThumb.php (modified) (21 diffs)
devel/lib/phpthumb/phpthumb.bmp.php (modified) (1 diff)
devel/lib/phpthumb/phpthumb.changelog.txt (modified) (3 diffs)
devel/lib/phpthumb/phpthumb.class.php (modified) (92 diffs)
devel/lib/phpthumb/phpthumb.faq.txt (added)
devel/lib/phpthumb/phpthumb.filters.php (modified) (1 diff)
devel/lib/phpthumb/phpthumb.functions.php (modified) (1 diff)
devel/lib/phpthumb/phpthumb.gif.php (modified) (12 diffs)
devel/lib/phpthumb/phpthumb.ico.php (added)
devel/lib/phpthumb/phpthumb.readme.txt (modified) (23 diffs)
devel/lib/phpthumb/phpthumb.unsharp.php (modified) (1 diff)
devel/units/icons/function_actions.php (modified) (1 diff)
devel/units/phpthumb/phpThumb.demo.cacheconvert.php (deleted)
devel/units/phpthumb/phpThumb.demo.demo1.php (deleted)
devel/units/phpthumb/phpThumb.demo.demo2.php (deleted)
devel/units/phpthumb/phpThumb.demo.showpic.php (deleted)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

devel/_files/icon.php

r420	r421
17	17	if ($file = get_record('files','ident',$id)) {
18	18	if (run("users:access_level_check",$file->access) == true) {
19		~~// Send 304s where possible, rather than spitting out the file each time~~
20		~~$if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);~~
21	19
22		~~$tstamp = filemtime($CFG->dataroot . $file->location);~~
23		~~$lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";~~
24
25		~~if ($if_modified_since == $lm) {~~
26		~~header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");~~
27		~~exit;~~
28		}
29
30		~~// Send last-modified header to enable if-modified-since requests~~
31		~~if ($tstamp < time()) {~~
32		~~header("Last-Modified: " . $lm);~~
33		}
34
35		~~// Then output some appropriate headers and send the file data!~~
36	20	require_once($CFG->dirroot . 'lib/filelib.php');
37		$mimetype = mimeinfo('type',$file->originalname);
38		if ($mimetype == "image/jpeg" \|\| $mimetype == "image/png") {
39		$icon = url . "units/phpthumb/phpThumb.php?w=90&src=" . urlencode($CFG->dataroot . $file->location);
40		$mimetype = "image/jpeg";
41		} else {
42		$mimetype = "image/png";
43		$icon = path . "_files/file.png";
44		}
	21	require_once($CFG->dirroot . 'lib/iconslib.php');
45	22
46	23	// "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
…	…
48	25	header("Cache-Control: private");
49	26
50		header("Content-type: $mimetype");
51		readfile($icon);
	27	// Then output some appropriate headers and send the file data!
	28	$mimetype = mimeinfo('type',$file->originalname);
	29	if ($mimetype == "image/jpeg" \|\| $mimetype == "image/png") {
	30	// file is an image
	31	$phpthumbconfig['w'] = 90;
	32	spit_phpthumb_image($CFG->dataroot . $file->location, $phpthumbconfig);
	33
	34	} else {
	35	// file is a file
	36	spitfile_with_mtime_check ($CFG->dirroot . "_files/file.png", "image/png");
	37	}
52	38
53	39	}

devel/_icons/icon.php

r381	r421
30	30	}
31	31
	32	require_once($CFG->dirroot . 'lib/filelib.php');
	33	require_once($CFG->dirroot . 'lib/iconslib.php');
	34
32	35	if (!empty($default)) {
33	36	$filepath = $CFG->dirroot.'_icons/data/default.png';
34		}
35
36		$tstamp = filemtime($filepath);
37		$lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";
38
39		// Send 304s where possible, rather than spitting out the file each time
40		if (array_key_exists('HTTP_IF_MODIFIED_SINCE',$_SERVER)) {
41		$if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
42		if ($if_modified_since == $lm) {
43		header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");
44		exit;
45		}
46		}
47
48		// Send last-modified header to enable if-modified-since requests
49		if ($tstamp < time()) {
50		header("Last-Modified: " . $lm);
	37	$mimetype = 'image/png';
	38	header("Cache-Control: public");
	39	} else {
	40	$mimetype = mimeinfo('type', $file->filename);
	41	// "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy
	42	// Also to override PHP's default "DON'T EVER CACHE THIS EVER" header
	43	header("Cache-Control: private");
51	44	}
52	45
53	46	// Then output some appropriate headers and send the file data!
54		~~require_once($CFG->dirroot.'lib/filelib.php');~~
55		~~$mimetype = mimeinfo('type',$file->filename);~~
56	47
57	48	// see if we must resize it.
58	49	$constraint1 = strtolower(optional_param('constraint1'));
59		$size1 = optional_param('size1');
	50	$size1 = optional_param('size1', PARAM_INT);
60	51	$constraint2 = strtolower(optional_param('constraint2'));
61		$size2 = optional_param('size2');
	52	$size2 = optional_param('size2', PARAM_INT);
62	53
63		~~$url = $CFG->wwwroot.'units/phpthumb/phpThumb.php?src='.(urlencode($filepath));~~
64	54	// if size == 100, leave it.
	55	$phpthumbconfig = array();
65	56	if (!empty($constraint1) && !empty($size1) && ($constraint1 == 'h' \|\| $constraint1 == 'w') && $size1 != 100) {
66		~~$url .= '&'.$constraint1.'='.$size1;~~
67	57	$phpthumb = true;
	58	$phpthumbconfig[$constraint1] = $size1;
68	59	}
69	60	if (!empty($constraint2) && !empty($size2) && ($constraint2 == 'h' \|\| $constraint2 == 'w') && $size2 != 100) {
70		~~$url .= '&'.$constraint2.'='.$size2;~~
71	61	$phpthumb = true;
	62	$phpthumbconfig[$constraint2] = $size2;
72	63	}
73	64
74
75		~~// "Cache-Control: private" to allow a user's browser to cache the file, but not a shared proxy~~
76		~~// Also to override PHP's default "DON'T EVER CACHE THIS EVER" header~~
77		~~header("Cache-Control: private");~~
78		~~header("Content-type: $mimetype");~~
79
80	65	if (!empty($phpthumb)) {
81		// header("Location: $url");
82		readfile($url);
83		exit;
	66	// let phpthumb manipulate the image
	67	spit_phpthumb_image($filepath, $phpthumbconfig);
	68	} else {
	69	// output the image directly
	70	spitfile_with_mtime_check ($filepath, $mimetype);
84	71	}
85	72
86		~~readfile($filepath);~~
87
88	73	?>

devel/lib/filelib.php

r420	r421
468	468
469	469
	470	// outputs a file or 304 response to the browser, and exits
	471	// NB: does not make any security checks, and is meant only as the final output stage
	472	function spitfile_with_mtime_check ($filepath, $mimetype) {
	473
	474	if (is_file($filepath)) {
	475	$tstamp = filemtime($filepath);
	476	$lm = gmdate("D, d M Y H:i:s", $tstamp) . " GMT";
	477
	478	// Send 304s where possible, rather than spitting out the file each time
	479	if (array_key_exists('HTTP_IF_MODIFIED_SINCE',$_SERVER)) {
	480	$if_modified_since = preg_replace('/;.*$/', '', $_SERVER['HTTP_IF_MODIFIED_SINCE']);
	481	if ($if_modified_since == $lm) {
	482	header("{$_SERVER['SERVER_PROTOCOL']} 304 Not Modified");
	483	exit;
	484	}
	485	}
	486
	487	// Send last-modified header to enable if-modified-since requests
	488	if ($tstamp < time()) {
	489	header("Last-Modified: " . $lm);
	490	}
	491
	492	if ($mimetype) {
	493	header("Content-type: $mimetype");
	494	}
	495	readfile($filepath);
	496	}
	497	exit;
	498	}
	499
	500
	501
470	502	?>

devel/lib/phpthumb/phpThumb.config.php

r269	r421
1	1	<?php
2
3		~~require("../../includes.php");~~
4
5	2	//////////////////////////////////////////////////////////////
6	3	/// phpThumb() by James Heinrich <info@silisoftware.com> //
…	…
12	9	//////////////////////////////////////////////////////////////
13	10
14		if (!file_exists('phpthumb.functions.php') \|\| !include_once('phpthumb.functions.php')) {
15		die('failed to include_once(phpthumb.functions.php) - realpath="'.realpath('phpthumb.functions.php').'"');
16		}
	11	ob_start();
	12	if (!file_exists(dirname(__FILE__).'/phpthumb.functions.php') \|\| !include_once(dirname(__FILE__).'/phpthumb.functions.php')) {
	13	ob_end_flush();
	14	die('failed to include_once(phpthumb.functions.php) - realpath="'.realpath(dirname(__FILE__).'/phpthumb.functions.php').'"');
	15	}
	16	ob_end_clean();
17	17
18	18	// START USER CONFIGURATION SECTION:
19	19
20	20	// * DocumentRoot configuration
21		// phpThumb() depends on $_SERVER['DOCUMENT_ROOT'] to resolve path/filenames. This value is ~~almost always~~ correct,
22		// but has been known to be broken on ~~rare occasion~~. This value allows you to override the default value.
23		// Do not modify from the ~~default value of $_SERVER['DOCUMENT_ROOT']~~ unless you are having problems.
	21	// phpThumb() depends on $_SERVER['DOCUMENT_ROOT'] to resolve path/filenames. This value is usually correct,
	22	// but has been known to be broken on some servers. This value allows you to override the default value.
	23	// Do not modify from the auto-detect default value unless you are having problems.
24	24	//$PHPTHUMB_CONFIG['document_root'] = '/home/httpd/httpdocs';
25	25	//$PHPTHUMB_CONFIG['document_root'] = 'c:\\webroot\\example.com\\www';
26		//~~echo @$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'].' = '.md5_file(@$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF']).'<br>'~~;
27		//~~echo realpath('.').'/'.basename($_SERVER['PHP_SELF']).' = '.md5_file(realpath('.').'/'.basename($_SERVER['PHP_SELF'])).'<br>'~~;
28		//~~exit~~;
	26	//$PHPTHUMB_CONFIG['document_root'] = $_SERVER['DOCUMENT_ROOT'];
	27	//$PHPTHUMB_CONFIG['document_root'] = realpath((@$_SERVER['DOCUMENT_ROOT'] && file_exists(@$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])) ? $_SERVER['DOCUMENT_ROOT'] : str_replace(dirname(@$_SERVER['PHP_SELF']), '', str_replace(DIRECTORY_SEPARATOR, '/', realpath('.'))));
	28	//$PHPTHUMB_CONFIG['document_root'] = realpath((getenv('DOCUMENT_ROOT') && ereg('^'.preg_quote(realpath(getenv('DOCUMENT_ROOT'))), realpath(__FILE__))) ? getenv('DOCUMENT_ROOT') : str_replace(dirname(@$_SERVER['PHP_SELF']), '', str_replace(DIRECTORY_SEPARATOR, '/', dirname(__FILE__))));
29	29	$PHPTHUMB_CONFIG['document_root'] = path;
30	30
…	…
33	33	// Note: this directory must be writable (usually chmod 777 is neccesary) for caching to work.
34	34	// If the directory is not writable no error will be generated but caching will be disabled.
35		~~$PHPTHUMB_CONFIG['cache_directory'] = $CFG->dataroot.'cache/phpThumb~~'; // set the cache directory relative to the phpThumb() installation
	35	//$PHPTHUMB_CONFIG['cache_directory'] = dirname(__FILE__).'/cache/'; // set the cache directory relative to the phpThumb() installation
36	36	//$PHPTHUMB_CONFIG['cache_directory'] = $PHPTHUMB_CONFIG['document_root'].'/phpthumb/cache/'; // set the cache directory to an absolute directory for all source images
37	37	//$PHPTHUMB_CONFIG['cache_directory'] = './cache/'; // set the cache directory relative to the source image - must start with '.' (will not work to cache URL- or database-sourced images, please use an absolute directory name)
38	38	//$PHPTHUMB_CONFIG['cache_directory'] = null; // disable thumbnail caching (not recommended)
	39	$PHPTHUMB_CONFIG['cache_directory'] = $CFG->dataroot . 'cache/phpThumb/';
39	40
40	41	$PHPTHUMB_CONFIG['cache_disable_warning'] = false; // If [cache_directory] is non-existant or not writable, and [cache_disable_warning] is false, an error image will be generated warning to either set the cache directory or disable the warning (to avoid people not knowing about the cache)
41	42
	43
42	44	// * Cache culling: phpThumb can automatically limit the contents of the cache directory
43		// based on last-access date and/or number of files and/or total filesize.
44		$PHPTHUMB_CONFIG['cache_maxage'] = null; // never delete cached thumbnails based on last-access time
45		//$PHPTHUMB_CONFIG['cache_maxage'] = 86400 * 30; // delete cached thumbnails that haven't been accessed in more than [30 days] (value is maximum time since last access in seconds to avoid deletion)
46
47		//$PHPTHUMB_CONFIG['cache_maxsize'] = null; // never delete cached thumbnails based on byte size of cache directory
48		$PHPTHUMB_CONFIG['cache_maxsize'] = 1048576000; // delete least-recently-accessed cached thumbnails when more than [10MB] of cached files are present (value is maximum bytesize of all cached files)
49
50		$PHPTHUMB_CONFIG['cache_maxfiles'] = null; // never delete cached thumbnails based on number of cached files
51		//$PHPTHUMB_CONFIG['cache_maxfiles'] = 500; // delete least-recently-accessed cached thumbnails when more than [500] cached files are present (value is maximum number of cached files to keep)
	45	// based on last-access date and/or number of files and/or total filesize.
	46
	47	$PHPTHUMB_CONFIG['cache_maxage'] = null; // never delete cached thumbnails based on last-access time
	48	//$PHPTHUMB_CONFIG['cache_maxage'] = 86400 * 90; // delete cached thumbnails that haven't been accessed in more than [90 days] (value is maximum time since last access in seconds to avoid deletion)
	49
	50	//$PHPTHUMB_CONFIG['cache_maxsize'] = null; // never delete cached thumbnails based on byte size of cache directory
	51	$PHPTHUMB_CONFIG['cache_maxsize'] = 10 * 1024 * 1024; // delete least-recently-accessed cached thumbnails when more than [10MB] of cached files are present (value is maximum bytesize of all cached files)
	52
	53	//$PHPTHUMB_CONFIG['cache_maxfiles'] = null; // never delete cached thumbnails based on number of cached files
	54	$PHPTHUMB_CONFIG['cache_maxfiles'] = 1000; // delete least-recently-accessed cached thumbnails when more than [500] cached files are present (value is maximum number of cached files to keep)
52	55
53	56
…	…
55	58	$PHPTHUMB_CONFIG['cache_source_enabled'] = false; // if true, source images obtained via HTTP are cached to $PHPTHUMB_CONFIG['cache_source_directory']
56	59	$PHPTHUMB_CONFIG['cache_source_directory'] = dirname(__FILE__).'/cache/source/'; // set the cache directory for unprocessed source images
	60
	61	// * cache source modification date configuration
	62	$PHPTHUMB_CONFIG['cache_source_filemtime_ignore_local'] = false; // if true, local source images will not be checked for modification date and cached image will be used if available, even if source image is changed or removed
	63	$PHPTHUMB_CONFIG['cache_source_filemtime_ignore_remote'] = true; // if true, remote source images will not be checked for modification date and cached image will be used if available, even if source image is changed or removed. WARNING: cached performance MUCH slower if this is set to false.
	64
	65
	66	// * Simplified cache filename configuration
	67	// Instead of creating unique cache filenames for all parameter combinations, create "simple" cache files (eg: "pic_thumb.jpg")
	68	// If cache_default_only_suffix is non-empty, GETstring parameters (except 'src') are ignored and only $PHPTHUMB_DEFAULTS
	69	// parameters (set at the bottom of phpThumb.config.php) are used for processing.
	70	// The '*' character MUST be used to represent the source image name
	71	$PHPTHUMB_CONFIG['cache_default_only_suffix'] = ''; // cached in normal phpThumb manner
	72	//$PHPTHUMB_CONFIG['cache_default_only_suffix'] = '*_thumb'; // cache 'pic.jpg' becomes 'pic_thumb.jpg' (or 'pic_thumb.png' if PNG output is selected, etc)
	73	//$PHPTHUMB_CONFIG['cache_default_only_suffix'] = 'small-*'; // cache 'pic.jpg' becomes 'small-pic.jpg' (or 'small-pic.png' if PNG output is selected, etc)
	74
	75	//$PHPTHUMB_CONFIG['cache_prefix'] = 'phpThumb_cache_'.str_replace('www.', '', @$_SERVER['SERVER_NAME']);
	76	$PHPTHUMB_CONFIG['cache_prefix'] = ''; // allow phpThumb to share 1 set of cached files even if accessed under different servername/domains on same server
	77
	78	$PHPTHUMB_CONFIG['cache_force_passthru'] = true; // if true, cached image data will always be passed to browser; if false, HTTP redirect will be used instead
	79
57	80
58	81
…	…
97	120	if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
98	121	// Windows: set absolute pathname
99		$PHPTHUMB_CONFIG['imagemagick_path'] = 'C:\\Program Files\\ImageMagick-6.0.6-Q16\\convert.exe';
	122	//$PHPTHUMB_CONFIG['imagemagick_path'] = 'C:/ImageMagick-6.2.5-Q16/convert.exe';
	123	$PHPTHUMB_CONFIG['imagemagick_path'] = null;
100	124	} else {
101	125	// *nix: set absolute pathname to "convert", or leave as null if "convert" is in the path
…	…
118	142	$PHPTHUMB_CONFIG['error_textcolor'] = 'FF0000'; // color of text in error messages
119	143	$PHPTHUMB_CONFIG['error_fontsize'] = 1; // size of text in error messages, from 1 (smallest) to 5 (largest)
120		$PHPTHUMB_CONFIG['error_die_on_error'] = ~~tru~~e; // die with error message on any fatal error (recommended with standalone phpThumb.php)
	144	$PHPTHUMB_CONFIG['error_die_on_error'] = false; // die with error message on any fatal error (recommended with standalone phpThumb.php)
121	145	$PHPTHUMB_CONFIG['error_silent_die_on_error'] = false; // simply die with no output of any kind on fatal errors (not recommended)
122		$PHPTHUMB_CONFIG['error_die_on_source_failure'] = false; // die with error message if source image cannot be processed by phpThumb() (usually because source image is corrupt in some way). If false ~~(default) the source image will be passed through unprocessed, if true~~ an error message will be displayed.
	146	$PHPTHUMB_CONFIG['error_die_on_source_failure'] = false; // die with error message if source image cannot be processed by phpThumb() (usually because source image is corrupt in some way). If false the source image will be passed through unprocessed, if true (default) an error message will be displayed.
123	147
124	148	// * Off-server Thumbnailing Configuration:
…	…
127	151	$PHPTHUMB_CONFIG['nohotlink_erase_image'] = true; // if true thumbnail is covered up with $PHPTHUMB_CONFIG['nohotlink_fill_color'] before text is applied, if false text is written over top of thumbnail
128	152	$PHPTHUMB_CONFIG['nohotlink_text_message'] = 'Off-server thumbnailing is not allowed'; // text of error message
	153
129	154	// * Off-server Linking Configuration:
130	155	$PHPTHUMB_CONFIG['nooffsitelink_enabled'] = true; // If false will allow thumbnails to be linked to from any domain, if true only domains listed below in 'nooffsitelink_valid_domains' will be allowed.
…	…
134	159	$PHPTHUMB_CONFIG['nooffsitelink_text_message'] = 'Image taken from '.@$_SERVER['HTTP_HOST']; // text of error message
135	160
	161
136	162	// * Border & Background default colors
137	163	$PHPTHUMB_CONFIG['border_hexcolor'] = '000000'; // Default border color - usual HTML-style hex color notation (overidden with 'bc' parameter)
…	…
139	165
140	166	// * Watermark configuration
141		$PHPTHUMB_CONFIG['ttf_directory'] = '.'; // Base directory for TTF font files
	167	$PHPTHUMB_CONFIG['ttf_directory'] = dirname(__FILE__).'/fonts'; // Base directory for TTF font files
142	168	//$PHPTHUMB_CONFIG['ttf_directory'] = 'c:/windows/fonts';
143	169
144	170
145		$PHPTHUMB_CONFIG['high_security_enabled'] = false; // if enabled, requires 'high_security_password' set to at least 5 characters, and requires the use of phpThumbURL() function (at the bottom of phpThumb.config.php) to generate hashed URLs
146		$PHPTHUMB_CONFIG['high_security_password'] = ''; // required if 'high_security_enabled' is true, must be at least 5 characters long
147		$PHPTHUMB_CONFIG['disable_debug'] = false; // Prevent phpThumb from displaying any information about your system. If true, phpThumbDebug and error messages will be disabled
148
149
	171	// * MySQL configuration
	172	// You may want to pull data from a database rather than a physical file
	173	// If so, modify the $PHPTHUMB_CONFIG['mysql_query'] line to suit your database structure
	174	// Note: the data retrieved must be the actual binary data of the image, not a URL or filename
	175	// see http://www.billy-corgan.com/blog/archive/000143.php for a brief tutorial on this section
	176
	177	$PHPTHUMB_CONFIG['mysql_query'] = '';
	178	//$PHPTHUMB_CONFIG['mysql_query'] = 'SELECT `picture` FROM `products` WHERE (`id` = \''.mysql_escape_string(@$_GET['id']).'\')';
	179
	180	// These 4 values must be modified if $PHPTHUMB_CONFIG['mysql_query'] is not empty, but may be ignored if $PHPTHUMB_CONFIG['mysql_query'] is blank.
	181	$PHPTHUMB_CONFIG['mysql_hostname'] = 'localhost';
	182	$PHPTHUMB_CONFIG['mysql_username'] = '';
	183	$PHPTHUMB_CONFIG['mysql_password'] = '';
	184	$PHPTHUMB_CONFIG['mysql_database'] = '';
	185
	186
	187	// * Security configuration
	188	$PHPTHUMB_CONFIG['high_security_enabled'] = false; // if enabled, requires 'high_security_password' set to at least 5 characters, and requires the use of phpThumbURL() function (at the bottom of phpThumb.config.php) to generate hashed URLs
	189	$PHPTHUMB_CONFIG['high_security_password'] = ''; // required if 'high_security_enabled' is true, must be at least 5 characters long
	190	$PHPTHUMB_CONFIG['disable_debug'] = false; // prevent phpThumb from displaying any information about your system. If true, phpThumbDebug and error messages will be disabled
	191	$PHPTHUMB_CONFIG['allow_src_above_docroot'] = false; // if true, allow src to be anywhere in filesystem; if false (default) only allow src within document_root
	192	$PHPTHUMB_CONFIG['allow_src_above_phpthumb'] = true; // if true (default), allow src to be anywhere in filesystem; if false only allow src within sub-directory of phpThumb installation
	193	$PHPTHUMB_CONFIG['allow_parameter_file'] = false; // if true, allow use of 'file' parameter; if false (default) the 'file' parameter is disabled/ignored
	194	$PHPTHUMB_CONFIG['allow_parameter_goto'] = false; // if true, allow use of 'goto' parameter; if false (default) the 'goto' parameter is disabled/ignored
	195
	196
	197	// * HTTP UserAgent configuration
	198	//$PHPTHUMB_CONFIG['http_user_agent'] = ''; // PHP default: none
	199	//$PHPTHUMB_CONFIG['http_user_agent'] = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)'; // Windows XP, Internet Explorer
	200	$PHPTHUMB_CONFIG['http_user_agent'] = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7'; // Windows XP, Firefox
	201
	202
	203	// * Compatability settings
	204	$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] = false; // if true, $_SERVER[PATH_INFO] is not parsed. May be needed on some server configurations to allow normal behavior.
	205	$PHPTHUMB_CONFIG['disable_imagecopyresampled'] = false; // if true, ImageCopyResampled is replaced with ImageCopyResampleBicubic. May be needed for buggy versions of PHP-GD.
	206	$PHPTHUMB_CONFIG['disable_onlycreateable_passthru'] = true; // if true, any image that can be parsed by GetImageSize() can be passed through; if false, only images that can be converted to GD by ImageCreateFrom(JPEG\|GIF\|PNG) functions are allowed
	207
	208
	209	// * Speed optimizations configuration
	210	$PHPTHUMB_CONFIG['prefer_imagemagick'] = false; // If true, use ImageMagick to resize thumbnails if possible, since it is usually faster than GD functions; if false only use ImageMagick if PHP memory limit is too low.
150	211	$PHPTHUMB_CONFIG['use_exif_thumbnail_for_speed'] = true; // If true, and EXIF thumbnail is available, and is larger or equal to output image dimensions, use EXIF thumbnail rather than actual source image for generating thumbnail. Benefit is only speed, avoiding resizing large image.
151
152		// if true, and source image is smaller than 'w' & 'h' parameters or $PHPTHUMB_CONFIG['output_maxheight'] / $PHPTHUMB_CONFIG['output_maxwidth']
153		// will be enlarged to that size. If false then small images will not be enlarged beyond their original dimensions
154		$PHPTHUMB_CONFIG['output_allow_enlarging'] = (isset($_REQUEST['aoe']) ? (bool) $_REQUEST['aoe'] : false);
	212	$PHPTHUMB_CONFIG['allow_local_http_src'] = true; // If true, 'src' parameter can be "http://<thishostname>/path/image.ext" instead of just "/path/image.ext"; if false then display warning message to encourage more efficient local-filename calling.
155	213
156	214	// END USER CONFIGURATION SECTION
…	…
161	219	// If any parameters are constant across ALL images, you can set them here
162	220
163		// If true, any parameters in the URL will override the defaults set here
164		// If false, any parameters set here cannot be overridden in the URL
165		$PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE = true;
166
167		//$PHPTHUMB_DEFAULTS['w'] = 200;
168		//$PHPTHUMB_DEFAULTS['fltr'] = array('wmi\|/images/watermark.png');
	221	$PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE = true; // if true, any parameters in the URL will override the defaults set here; if false, any parameters set here cannot be overridden in the URL
	222	$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = false; // if true, GETstring parameters will be ignored (except for 'src') and only below default parameters will be used; if false, both default and GETstring parameters will be used (depending on $PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE). Will be auto-set true if !empty($PHPTHUMB_CONFIG['cache_default_only_suffix'])
	223
	224	//$PHPTHUMB_DEFAULTS['w'] = 100;
	225	//$PHPTHUMB_DEFAULTS['fltr'] = array('blur\|10');
169	226	//$PHPTHUMB_DEFAULTS['q'] = 90;
170	227
…	…
175	232
176	233	///////////////////////////////////////////////////////////////////////////////
177		// function for generating hashed calls to phpThumb if 'high_security_enabled'
178		// echo '<img src="'.phpThumbURL('src=pic.jpg&w=50').'">';
	234	// Function for generating hashed calls to phpThumb if 'high_security_enabled'
	235	// example:
	236	// require_once('phpThumb.config.php');
	237	// echo '<img src="'.phpThumbURL('src=pic.jpg&w=50').'">';
179	238
180	239	function phpThumbURL($ParameterString) {
181	240	global $PHPTHUMB_CONFIG;
182		return ~~'phpThumb.php?'.$ParameterString.'&hash='.md5($ParameterString.~~$PHPTHUMB_CONFIG['high_security_password']);
	241	return str_replace(@$PHPTHUMB_CONFIG['document_root'], '', dirname(__FILE__)).DIRECTORY_SEPARATOR.'phpThumb.php?'.$ParameterString.'&hash='.md5($ParameterString.@$PHPTHUMB_CONFIG['high_security_password']);
183	242	}
184	243

devel/lib/phpthumb/phpThumb.php

r406	r421
1	1	<?php
	2
	3	die("no");
	4
2	5	//////////////////////////////////////////////////////////////
3	6	/// phpThumb() by James Heinrich <info@silisoftware.com> //
…	…
10	13	//////////////////////////////////////////////////////////////
11	14
12		/*
13	15	error_reporting(E_ALL);
14	16	ini_set('display_errors', '1');
15		*/
16	17	if (!@ini_get('safe_mode')) {
17	18	set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filter and/or a slow server...
18	19	}
19
20		function SendSaveAsFileHeaderIfNeeded() {
21		if (!empty($_GET['down'])) {
22		$downloadfilename = ereg_replace('[/\\:\*\?"<>\|]', '_', $_GET['down']);
23		if (phpthumb_functions::version_compare_replacement(phpversion(), '4.1.0', '>=')) {
24		$downloadfilename = trim($downloadfilename, '.');
25		}
26		if (!empty($downloadfilename)) {
27		header('Content-Disposition: attachment; filename="'.$downloadfilename.'"');
28		}
29		}
30		return true;
31		}
	20	ini_set('magic_quotes_runtime', '0');
	21	if (@ini_get('magic_quotes_runtime')) {
	22	die('"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
	23	}
	24	$starttime = array_sum(explode(' ', microtime()));
32	25
33	26	// this script relies on the superglobal arrays, fake it here for old PHP versions
…	…
37	30	}
38	31
39
40		if (file_exists('phpThumb.config.php')) {
41		if (@include_once('phpThumb.config.php')) {
	32	// instantiate a new phpThumb() object
	33	ob_start();
	34	if (!include_once(dirname(__FILE__).'/phpthumb.class.php')) {
	35	ob_end_flush();
	36	die('failed to include_once("'.realpath(dirname(__FILE__).'/phpthumb.class.php').'")');
	37	}
	38	ob_end_clean();
	39	$phpThumb = new phpThumb();
	40	$phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
	41
	42	// phpThumbDebug[0] used to be here, but may reveal too much
	43	// info when high_security_mode should be enabled (not set yet)
	44
	45	if (file_exists(dirname(__FILE__).'/phpThumb.config.php')) {
	46	ob_start();
	47	if (include_once(dirname(__FILE__).'/phpThumb.config.php')) {
42	48	// great
43	49	} else {
44		die('failed to include_once(phpThumb.config.php) - realpath="'.realpath('.').'/phpThumb.config.php"');
45		}
46		} elseif (file_exists('phpThumb.config.php.default')) {
47		die('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
	50	ob_end_flush();
	51	$phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
	52	}
	53	ob_end_clean();
	54	} elseif (file_exists(dirname(__FILE__).'/phpThumb.config.php.default')) {
	55	$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
48	56	} else {
49		die('failed to include_once(phpThumb.config.php) - realpath="'.realpath('.').'/phpThumb.config.php"');
50		}
51
52		if (!@$_SERVER['QUERY_STRING']) {
53		die('$_SERVER[QUERY_STRING] is empty');
54		}
	57	$phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
	58	}
	59
	60	if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) \|\| isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
	61	$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
	62
	63	$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
	64	$phpThumb->DebugMessage('PATH_INFO.$args set to ('.implode(')(', $args).')', __FILE__, __LINE__);
	65	if (!empty($args)) {
	66	$_GET['src'] = @$args[count($args) - 1];
	67	if (eregi('^new\=([a-z0-9]+)', $_GET['src'], $matches)) {
	68	unset($_GET['src']);
	69	$_GET['new'] = $matches[1];
	70	}
	71	}
	72	if (eregi('^([0-9])x?([0-9])$', @$args[count($args) - 2], $matches)) {
	73	$_GET['w'] = $matches[1];
	74	$_GET['h'] = $matches[2];
	75	$phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "'.$_GET['w'].'"x"'.$_GET['h'].'"', __FILE__, __LINE__);
	76	}
	77	for ($i = 0; $i < count($args) - 2; $i++) {
	78	@list($key, $value) = explode('=', @$args[$i]);
	79	if (substr($key, -2) == '[]') {
	80	$array_key_name = substr($key, 0, -2);
	81	$_GET[$array_key_name][] = $value;
	82	$phpThumb->DebugMessage('PATH_INFO."'.$array_key_name.'[]" = "'.$value.'"', __FILE__, __LINE__);
	83	} else {
	84	$_GET[$key] = $value;
	85	$phpThumb->DebugMessage('PATH_INFO."'.$key.'" = "'.$value.'"', __FILE__, __LINE__);
	86	}
	87	}
	88	}
	89
55	90	if (@$PHPTHUMB_CONFIG['high_security_enabled']) {
56	91	if (!@$_GET['hash']) {
57		die('ERROR: missing hash');
58		}
59		if (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
60		die('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
61		}
62		if ($_GET['hash'] != md5(str_replace('&hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$PHPTHUMB_CONFIG['high_security_password'])) {
63		die('ERROR: invalid hash');
64		}
65		}
66
67		if (!function_exists('ImageJPEG') && !function_exists('ImagePNG') && !function_exists('ImageGIF')) {
68		// base64-encoded error image in GIF format
69		$ERROR_NOGD = 'R0lGODlhIAAgALMAAAAAABQUFCQkJDY2NkZGRldXV2ZmZnJycoaGhpSUlKWlpbe3t8XFxdXV1eTk5P7+/iwAAAAAIAAgAAAE/vDJSau9WILtTAACUinDNijZtAHfCojS4W5H+qxD8xibIDE9h0OwWaRWDIljJSkUJYsN4bihMB8th3IToAKs1VtYM75cyV8sZ8vygtOE5yMKmGbO4jRdICQCjHdlZzwzNW4qZSQmKDaNjhUMBX4BBAlmMywFSRWEmAI6b5gAlhNxokGhooAIK5o/pi9vEw4Lfj4OLTAUpj6IabMtCwlSFw0DCKBoFqwAB04AjI54PyZ+yY3TD0ss2YcVmN/gvpcu4TOyFivWqYJlbAHPpOntvxNAACcmGHjZzAZqzSzcq5fNjxFmAFw9iFRunD1epU6tsIPmFCAJnWYE0FURk7wJDA0MTKpEzoWAAskiAAA7';
70		header('Content-type: image/gif');
71		echo base64_decode($ERROR_NOGD);
72		exit;
73		}
	92	$phpThumb->ErrorImage('ERROR: missing hash');
	93	} elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
	94	$phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
	95	} elseif ($_GET['hash'] != md5(str_replace('&hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$PHPTHUMB_CONFIG['high_security_password'])) {
	96	$phpThumb->ErrorImage('ERROR: invalid hash');
	97	}
	98	}
	99
	100	////////////////////////////////////////////////////////////////
	101	// Debug output, to try and help me diagnose problems
	102	$phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
	103	if (@$_GET['phpThumbDebug'] == '0') {
	104	$phpThumb->phpThumbDebug();
	105	}
	106	////////////////////////////////////////////////////////////////
74	107
75	108	// returned the fixed string if the evil "magic_quotes_gpc" setting is on
76	109	if (get_magic_quotes_gpc()) {
77	110	$RequestVarsToStripSlashes = array('src', 'wmf', 'file', 'err', 'goto', 'down');
78		foreach ($RequestVarsToStripSlashes as $key) {
	111	foreach ($RequestVarsToStripSlashes as $dummy => $key) {
79	112	if (isset($_GET[$key])) {
80	113	$_GET[$key] = stripslashes($_GET[$key]);
…	…
83	116	}
84	117
85		// instantiate a new phpThumb() object
86		if (!include_once('phpthumb.class.php')) {
87		die('failed to include_once("'.realpath('phpthumb.class.php').'")');
88		}
89		$phpThumb = new phpThumb();
90
91		foreach ($PHPTHUMB_CONFIG as $key => $value) {
92		$keyname = 'config_'.$key;
93		$phpThumb->$keyname = $value;
94		}
95
96		////////////////////////////////////////////////////////////////
97		// Debug output, to try and help me diagnose problems
	118	if (!@$_SERVER['PATH_INFO'] && !@$_SERVER['QUERY_STRING']) {
	119	echo 'phpThumb() v'.$phpThumb->phpthumb_version.'<br><a href="http://phpthumb.sourceforge.net">http://phpthumb.sourceforge.net</a><br><br>ERROR: no parameters specified';
	120	unset($phpThumb);
	121	exit;
	122	}
	123
	124	if (@$_GET['src'] && isset($_GET['md5s']) && empty($_GET['md5s'])) {
	125	if (eregi('^(f\|ht)tps?://', $_GET['src'])) {
	126	if ($rawImageData = phpthumb_functions::SafeURLread($_GET['src'], $error)) {
	127	$md5s = md5($rawImageData);
	128	}
	129	} else {
	130	$SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_GET['src']);
	131	if (is_readable($SourceFilename)) {
	132	$md5s = phpthumb_functions::md5_file_safe($SourceFilename);
	133	} else {
	134	$phpThumb->ErrorImage('ERROR: "'.$SourceFilename.'" cannot be read');
	135	}
	136	}
	137	if (@$_SERVER['HTTP_REFERER']) {
	138	$phpThumb->ErrorImage('&md5s='.$md5s);
	139	} else {
	140	die('&md5s='.$md5s);
	141	}
	142	}
	143
	144	if (!empty($PHPTHUMB_CONFIG)) {
	145	foreach ($PHPTHUMB_CONFIG as $key => $value) {
	146	$keyname = 'config_'.$key;
	147	$phpThumb->setParameter($keyname, $value);
	148	if (!eregi('password', $key)) {
	149	$phpThumb->DebugMessage('setParameter('.$keyname.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
	150	}
	151	}
	152	} else {
	153	$phpThumb->DebugMessage('$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
	154	}
	155
	156	if (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && eregi('^http://'.@$_SERVER['HTTP_HOST'].'(.+)', @$_GET['src'], $matches)) {
	157	$phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
	158	}
	159
	160	////////////////////////////////////////////////////////////////
	161	// Debug output, to try and help me diagnose problems
	162	$phpThumb->DebugTimingMessage('phpThumbDebug[1]', __FILE__, __LINE__);
98	163	if (@$_GET['phpThumbDebug'] == '1') {
99	164	$phpThumb->phpThumbDebug();
…	…
106	171	}
107	172	$parsed_url_src = parse_url(@$_GET['src']);
108		if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f\|ht)tp~~[s]~~?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
	173	if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f\|ht)tps?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
109	174	$phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
110	175	}
111	176
112
113		////////////////////////////////////////////////////////////////
114		// You may want to pull data from a database rather than a physical file
115		// If so, uncomment the following $SQLquery line (modified to suit your database)
116		// Note: this must be the actual binary data of the image, not a URL or filename
117		// see http://www.billy-corgan.com/blog/archive/000143.php for a brief tutorial on this section
118
119		//$SQLquery = 'SELECT `picture` FROM `products` WHERE (`id` = \''.mysql_escape_string(@$_GET['id']).'\')';
120		if (@$SQLquery) {
121
122		// change this information to match your server
123		$hostname = 'localhost';
124		$username = 'username';
125		$password = 'password';
126		$database = 'database';
127		if ($cid = @mysql_connect($hostname, $username, $password)) {
128		if (@mysql_select_db($database, $cid)) {
129		if ($result = @mysql_query($SQLquery, $cid)) {
	177	if ($phpThumb->config_mysql_query) {
	178	if ($cid = @mysql_connect($phpThumb->config_mysql_hostname, $phpThumb->config_mysql_username, $phpThumb->config_mysql_password)) {
	179	if (@mysql_select_db($phpThumb->config_mysql_database, $cid)) {
	180	if ($result = @mysql_query($phpThumb->config_mysql_query, $cid)) {
130	181	if ($row = @mysql_fetch_array($result)) {
131	182
…	…
139	190	mysql_close($cid);
140	191	$phpThumb->ErrorImage('no matching data in database.');
141		~~//$phpThumb->ErrorImage('no matching data in database. MySQL said: "'.mysql_error($cid).'"');~~
142	192	}
143	193	} else {
…	…
157	207	////////////////////////////////////////////////////////////////
158	208	// Debug output, to try and help me diagnose problems
	209	$phpThumb->DebugTimingMessage('phpThumbDebug[2]', __FILE__, __LINE__);
159	210	if (@$_GET['phpThumbDebug'] == '2') {
160	211	$phpThumb->phpThumbDebug();
…	…
162	213	////////////////////////////////////////////////////////////////
163	214
164		$allowedGETparameters = array('src', 'new', 'w', 'h', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'file', 'goto', 'err', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash');
165		foreach ($_GET as $key => $value) {
166		if (in_array($key, $allowedGETparameters)) {
167		$phpThumb->$key = $value;
168		} else {
169		$phpThumb->ErrorImage('Forbidden parameter: '.$key);
170		}
171		}
172
173		if (!empty($PHPTHUMB_DEFAULTS)) {
	215	if (@$PHPTHUMB_CONFIG['cache_default_only_suffix'] && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false)) {
	216	$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = true;
	217	}
	218	$allowedGETparameters = array('src', 'new', 'w', 'h', 'wp', 'hp', 'wl', 'hl', 'ws', 'hs', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'file', 'goto', 'err', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash', 'md5s');
	219	if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
	220	$phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
174	221	foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
175	222	if ($PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE \|\| !isset($_GET[$key])) {
176		$phpThumb->$key = $value;
177		}
178		}
179		}
180
181		////////////////////////////////////////////////////////////////
182		// Debug output, to try and help me diagnose problems
	223	$_GET[$key] = $value;
	224	$phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.$value.') to $_GET['.$key.']', __FILE__, __LINE__);
	225	//$phpThumb->DebugMessage('PHPTHUMB_DEFAULTS.setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
	226	//$phpThumb->setParameter($key, $value);
	227	}
	228	}
	229	}
	230	foreach ($_GET as $key => $value) {
	231	if (@$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS && ($key != 'src')) {
	232	// disabled, do not set parameter
	233	$phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
	234	} elseif (in_array($key, $allowedGETparameters)) {
	235	$phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
	236	$phpThumb->setParameter($key, $value);
	237	} else {
	238	$phpThumb->ErrorImage('Forbidden parameter: '.$key);
	239	}
	240	}
	241
	242	////////////////////////////////////////////////////////////////
	243	// Debug output, to try and help me diagnose problems
	244	$phpThumb->DebugTimingMessage('phpThumbDebug[3]', __FILE__, __LINE__);
183	245	if (@$_GET['phpThumbDebug'] == '3') {
184	246	$phpThumb->phpThumbDebug();
…	…
186	248	////////////////////////////////////////////////////////////////
187	249
	250	//if (!@$_GET['phpThumbDebug'] && !$phpThumb->sourceFilename && !function_exists('ImageJPEG') && !function_exists('ImagePNG') && !function_exists('ImageGIF')) {
	251	if (!@$_GET['phpThumbDebug'] && !is_file($phpThumb->sourceFilename) && !phpthumb_functions::gd_version()) {
	252	if (!headers_sent()) {
	253	// base64-encoded error image in GIF format
	254	$ERROR_NOGD = 'R0lGODlhIAAgALMAAAAAABQUFCQkJDY2NkZGRldXV2ZmZnJycoaGhpSUlKWlpbe3t8XFxdXV1eTk5P7+/iwAAAAAIAAgAAAE/vDJSau9WILtTAACUinDNijZtAHfCojS4W5H+qxD8xibIDE9h0OwWaRWDIljJSkUJYsN4bihMB8th3IToAKs1VtYM75cyV8sZ8vygtOE5yMKmGbO4jRdICQCjHdlZzwzNW4qZSQmKDaNjhUMBX4BBAlmMywFSRWEmAI6b5gAlhNxokGhooAIK5o/pi9vEw4Lfj4OLTAUpj6IabMtCwlSFw0DCKBoFqwAB04AjI54PyZ+yY3TD0ss2YcVmN/gvpcu4TOyFivWqYJlbAHPpOntvxNAACcmGHjZzAZqzSzcq5fNjxFmAFw9iFRunD1epU6tsIPmFCAJnWYE0FURk7wJDA0MTKpEzoWAAskiAAA7';
	255	header('Content-Type: image/gif');
	256	echo base64_decode($ERROR_NOGD);
	257	} else {
	258	echo '* ERROR: No PHP-GD support available *';
	259	}
	260	exit;
	261	}
188	262
189	263	// check to see if file can be output from source with no processing or caching
190	264	$CanPassThroughDirectly = true;
191		if (~~!empty($phpThumb->rawImageData)~~) {
	265	if ($phpThumb->rawImageData) {
192	266	// data from SQL, should be fine
193		} elseif (!@is_file(@$_GET['src']) \|\| !@is_readable(@$_GET['src'])) {
	267	} elseif (eregi('^(f\|ht)tp\://', $phpThumb->src)) {
	268	$phpThumb->DebugMessage('$CanPassThroughDirectly=false because eregi("^(f\|ht)tp\://", '.$phpThumb->src.')', __FILE__, __LINE__);
	269	$CanPassThroughDirectly = false;
	270	} elseif (!@is_file($phpThumb->sourceFilename)) {
	271	$phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_file('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
	272	$CanPassThroughDirectly = false;
	273	} elseif (!@is_readable($phpThumb->sourceFilename)) {
	274	$phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_readable('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
194	275	$CanPassThroughDirectly = false;
195	276	}
…	…
200	281	break;
201	282
	283	case 'w':
	284	case 'h':
	285	// might be OK if exactly matches original
	286	break;
	287
	288	case 'phpThumbDebug':
	289	// handled in direct-passthru code
	290	break;
	291
202	292	default:
203	293	// all other parameters will cause some processing,
204	294	// therefore cannot pass through original image unmodified
205	295	$CanPassThroughDirectly = false;
206		$phpThumb->DebugMessage('Cannot pass through directly because $_GET['.$key.'] is set', __FILE__, __LINE__);
207		break 2;
208		}
209		}
210
211		////////////////////////////////////////////////////////////////
212		// Debug output, to try and help me diagnose problems
	296	$UnAllowedGET[] = $key;
	297	break;
	298	}
	299	}
	300	if (!empty($UnAllowedGET)) {
	301	$phpThumb->DebugMessage('$CanPassThroughDirectly=false because $_GET['.implode(';', array_unique($UnAllowedGET)).'] are set', __FILE__, __LINE__);
	302	}
	303
	304	////////////////////////////////////////////////////////////////
	305	// Debug output, to try and help me diagnose problems
	306	$phpThumb->DebugTimingMessage('phpThumbDebug[4]', __FILE__, __LINE__);
213	307	if (@$_GET['phpThumbDebug'] == '4') {
214	308	$phpThumb->phpThumbDebug();
…	…
216	310	////////////////////////////////////////////////////////////////
217	311
218		if ($CanPassThroughDirectly && $phpThumb->src) {
	312	function SendSaveAsFileHeaderIfNeeded() {
	313	if (headers_sent()) {
	314	return false;
	315	}
	316	global $phpThumb;
	317	if (@$_GET['down']) {
	318	$downloadfilename = ereg_replace('[/\\:\*\?"<>\|]', '_', $_GET['down']);
	319	if (phpthumb_functions::version_compare_replacement(phpversion(), '4.1.0', '>=')) {
	320	$downloadfilename = trim($downloadfilename, '.');
	321	}
	322	if (@$downloadfilename) {
	323	$phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: attachment; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
	324	header('Content-Disposition: attachment; filename="'.$downloadfilename.'"');
	325	return true;
	326	}
	327	}
	328	$phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: inline', __FILE__, __LINE__);
	329	header('Content-Disposition: inline');
	330	return true;
	331	}
	332
	333	$phpThumb->DebugMessage('$CanPassThroughDirectly="'.intval($CanPassThroughDirectly).'" && $phpThumb->src="'.$phpThumb->src.'"', __FILE__, __LINE__);
	334	while ($CanPassThroughDirectly && $phpThumb->src) {
219	335	// no parameters set, passthru
220	336	$SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
221		if (@$_GET['phpThumbDebug']) {
222		$phpThumb->DebugMessage('Would have passed "'.$SourceFilename.'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
223		} else {
224		SendSaveAsFileHeaderIfNeeded();
225		header('Last-Modified: '.gmdate('D, d M Y H:i:s', @filemtime($SourceFilename)).' GMT');
226		if ($getimagesize = @GetImageSize($SourceFilename)) {
227		header('Content-type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]));
	337
	338	// security and size checks
	339	if ($phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
	340	$phpThumb->DebugMessage('Direct passthru GetImageSize() returned [w='.$phpThumb->getimagesizeinfo[0].';h='.$phpThumb->getimagesizeinfo[1].';t='.$phpThumb->getimagesizeinfo[2].']', __FILE__, __LINE__);
	341
	342	if (!@$_GET['w'] && !@$_GET['wp'] && !@$_GET['wl'] && !@$_GET['ws'] && !@$_GET['h'] && !@$_GET['hp'] && !@$_GET['hl'] && !@$_GET['hs']) {
	343	// no resizing needed
	344	$phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'")', __FILE__, __LINE__);
	345	} elseif (($phpThumb->getimagesizeinfo[0] <= @$_GET['w']) && ($phpThumb->getimagesizeinfo[1] <= @$_GET['h']) && ((@$_GET['w'] == $phpThumb->getimagesizeinfo[0]) \|\| (@$_GET['h'] == $phpThumb->getimagesizeinfo[1]))) {
	346	// image fits into 'w'x'h' box, and at least one dimension matches exactly, therefore no resizing needed
	347	$phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" fits inside "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
	348	} else {
	349	$phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because resizing required (from "'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" to "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
	350	break;
	351	}
	352	switch ($phpThumb->getimagesizeinfo[2]) {
	353	case 1: // GIF
	354	case 2: // JPG
	355	case 3: // PNG
	356	// great, let it through
	357	break;
	358	default:
	359	// browser probably can't handle format, remangle it to JPEG/PNG/GIF
	360	$phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because $phpThumb->getimagesizeinfo[2] = "'.$phpThumb->getimagesizeinfo[2].'"', __FILE__, __LINE__);
	361	break 2;
	362	}
	363
	364	$ImageCreateFunctions = array(1=>'ImageCreateFromGIF', 2=>'ImageCreateFromJPEG', 3=>'ImageCreateFromPNG');
	365	$theImageCreateFunction = @$ImageCreateFunctions[$phpThumb->getimagesizeinfo[2]];
	366	if ($phpThumb->config_disable_onlycreateable_passthru \|\| (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
	367
	368	// great
	369	if (@is_resource($dummyImage)) {
	370	unset($dummyImage);
	371	}
	372
	373	if (he