Changeset 531396
- Timestamp:
- 04/15/2012 02:22:40 PM (14 years ago)
- File:
-
- 1 edited
-
pinterest-rss-widget/trunk/timthumb.php (modified) (22 diffs)
Legend:
- Unmodified
- Added
- Removed
-
pinterest-rss-widget/trunk/timthumb.php
r491497 r531396 21 21 * everytime you download a new version 22 22 */ 23 define ('VERSION', '2.8. 5'); // Version of this script23 define ('VERSION', '2.8.10'); // Version of this script 24 24 //Load a config file if it exists. Otherwise, use the values below 25 25 if( file_exists(dirname(__FILE__) . '/timthumb-config.php')) require_once('timthumb-config.php'); … … 37 37 if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache 38 38 if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them 39 if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the endof all files in the cache directory so we can identify them39 if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the beg of all files in the cache directory so we can identify them 40 40 if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security) 41 41 if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process. … … 52 52 if(! defined('NOT_FOUND_IMAGE') ) define ('NOT_FOUND_IMAGE', ''); // Image to serve if any 404 occurs 53 53 if(! defined('ERROR_IMAGE') ) define ('ERROR_IMAGE', ''); // Image to serve if an error occurs instead of showing error message 54 if(! defined('PNG_IS_TRANSPARENT') ) define ('PNG_IS_TRANSPARENT', FALSE); //42 Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour 54 55 if(! defined('DEFAULT_Q') ) define ('DEFAULT_Q', 90); // Default image quality. Allows overrid in timthumb-config.php 55 56 if(! defined('DEFAULT_ZC') ) define ('DEFAULT_ZC', 1); // Default zoom/crop setting. Allows overrid in timthumb-config.php … … 190 191 $this->cacheDirectory = FILE_CACHE_DIRECTORY; 191 192 if (!touch($this->cacheDirectory . '/index.html')) { 192 $this->error("Could not ecreate the index.html file - to fix this create an empty file named index.html file in the cache directory.");193 $this->error("Could not create the index.html file - to fix this create an empty file named index.html file in the cache directory."); 193 194 } 194 195 } else { … … 201 202 $this->src = $this->param('src'); 202 203 $this->url = parse_url($this->src); 204 $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src); 205 203 206 if(strlen($this->src) <= 3){ 204 207 $this->error("No image specified"); … … 217 220 return false; 218 221 exit(0); 219 }220 if(preg_match('/https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $this->src)){221 $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);222 222 } 223 223 if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){ … … 319 319 } 320 320 } 321 322 321 $this->serveErrors(); 323 322 exit(0); … … 409 408 } 410 409 protected function serveErrors(){ 410 header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); 411 411 $html = '<ul>'; 412 412 foreach($this->errors as $err){ … … 414 414 } 415 415 $html .= '</ul>'; 416 header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');417 416 echo '<h1>A TimThumb error has occured</h1>The following error(s) occured:<br />' . $html . '<br />'; 418 417 echo '<br />Query String : ' . htmlentities ($_SERVER['QUERY_STRING']); … … 453 452 $this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile"); 454 453 if (!touch($lastCleanFile)) { 455 $this->error("Could not ecreate cache clean timestamp file.");454 $this->error("Could not create cache clean timestamp file."); 456 455 } 457 456 return; … … 461 460 // Very slight race condition here, but worst case we'll have 2 or 3 servers cleaning the cache simultaneously once a day. 462 461 if (!touch($lastCleanFile)) { 463 $this->error("Could not ecreate cache clean timestamp file.");462 $this->error("Could not create cache clean timestamp file."); 464 463 } 465 464 $files = glob($this->cacheDirectory . '/*' . FILE_CACHE_SUFFIX); 466 $timeAgo = time() - FILE_CACHE_MAX_FILE_AGE; 467 foreach($files as $file){ 468 if(@filemtime($file) < $timeAgo){ 469 $this->debug(3, "Deleting cache file $file older than max age: " . FILE_CACHE_MAX_FILE_AGE . " seconds"); 470 @unlink($file); 465 if ($files) { 466 $timeAgo = time() - FILE_CACHE_MAX_FILE_AGE; 467 foreach($files as $file){ 468 if(@filemtime($file) < $timeAgo){ 469 $this->debug(3, "Deleting cache file $file older than max age: " . FILE_CACHE_MAX_FILE_AGE . " seconds"); 470 @unlink($file); 471 } 471 472 } 472 473 } … … 516 517 $sharpen = (bool) $this->param('s', DEFAULT_S); 517 518 $canvas_color = $this->param('cc', DEFAULT_CC); 519 $canvas_trans = (bool) $this->param('ct', '1'); 518 520 519 521 // set default width and height if neither are set already … … 566 568 imagealphablending ($canvas, false); 567 569 568 if (strlen ($canvas_color) < 6) { 569 $canvas_color = 'ffffff'; 570 } 570 if (strlen($canvas_color) == 3) { //if is 3-char notation, edit string into 6-char notation 571 $canvas_color = str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2); 572 } else if (strlen($canvas_color) != 6) { 573 $canvas_color = DEFAULT_CC; // on error return default canvas color 574 } 571 575 572 576 $canvas_color_R = hexdec (substr ($canvas_color, 0, 2)); 573 577 $canvas_color_G = hexdec (substr ($canvas_color, 2, 2)); 574 $canvas_color_B = hexdec (substr ($canvas_color, 2, 2));578 $canvas_color_B = hexdec (substr ($canvas_color, 4, 2)); 575 579 576 580 // Create a new transparent color for image 577 $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127); 581 // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency 582 // (and if is set a canvas color show it in the background) 583 if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){ 584 $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127); 585 }else{ 586 $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 0); 587 } 588 578 589 579 590 // Completely fill the background of the new image with allocated color. … … 828 839 } 829 840 protected function getLocalImagePath($src){ 830 $src = preg_replace('/^\//', '', $src); //strip off the leading '/'841 $src = ltrim($src, '/'); //strip off the leading '/' 831 842 if(! $this->docRoot){ 832 843 $this->debug(3, "We have no document root set, so as a last resort, lets check if the image is in the current dir and serve that."); … … 834 845 $file = preg_replace('/^.*?([^\/\\\\]+)$/', '$1', $src); //strip off any path info and just leave the filename. 835 846 if(is_file($file)){ 836 return realpath($file);847 return $this->realpath($file); 837 848 } 838 849 return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons."); … … 842 853 if(file_exists ($this->docRoot . '/' . $src)) { 843 854 $this->debug(3, "Found file as " . $this->docRoot . '/' . $src); 844 $real = realpath($this->docRoot . '/' . $src);845 if(stripos($real, $this->docRoot) == 0){855 $real = $this->realpath($this->docRoot . '/' . $src); 856 if(stripos($real, $this->docRoot) === 0){ 846 857 return $real; 847 858 } else { … … 851 862 } 852 863 //Check absolute paths and then verify the real path is under doc root 853 $absolute = realpath('/' . $src);864 $absolute = $this->realpath('/' . $src); 854 865 if($absolute && file_exists($absolute)){ //realpath does file_exists check, so can probably skip the exists check here 855 866 $this->debug(3, "Found absolute path: $absolute"); 856 867 if(! $this->docRoot){ $this->sanityFail("docRoot not set when checking absolute path."); } 857 if(stripos($absolute, $this->docRoot) == 0){868 if(stripos($absolute, $this->docRoot) === 0){ 858 869 return $absolute; 859 870 } else { … … 871 882 $sub_directories = explode('/', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME'])); 872 883 } 873 884 874 885 foreach ($sub_directories as $sub){ 875 886 $base .= $sub . '/'; … … 877 888 if(file_exists($base . $src)){ 878 889 $this->debug(3, "Found file as: " . $base . $src); 879 $real = realpath($base . $src);880 if(stripos($real, $this-> docRoot) == 0){890 $real = $this->realpath($base . $src); 891 if(stripos($real, $this->realpath($this->docRoot)) === 0){ 881 892 return $real; 882 893 } else { … … 887 898 } 888 899 return false; 900 } 901 protected function realpath($path){ 902 //try to remove any relative paths 903 $remove_relatives = '/\w+\/\.\.\//'; 904 while(preg_match($remove_relatives,$path)){ 905 $path = preg_replace($remove_relatives, '', $path); 906 } 907 //if any remain use PHP realpath to strip them out, otherwise return $path 908 //if using realpath, any symlinks will also be resolved 909 return preg_match('#^\.\./|/\.\./#', $path) ? realpath($path) : $path; 889 910 } 890 911 protected function toDelete($name){ … … 1053 1074 protected function openImage($mimeType, $src){ 1054 1075 switch ($mimeType) { 1055 case 'image/jpg': //This isn't a valid mime type so we should probably remove it1056 1076 case 'image/jpeg': 1057 1077 $image = imagecreatefromjpeg ($src); … … 1065 1085 $image = imagecreatefromgif ($src); 1066 1086 break; 1087 1088 default: 1089 $this->error("Unrecognised mimeType"); 1067 1090 } 1068 1091
Note: See TracChangeset
for help on using the changeset viewer.