Changeset 531396

Timestamp:

04/15/2012 02:22:40 PM (14 years ago)

Author:

bkmacdaddy

Message:

updating to latest version of timthumb.php

File:

• pinterest-rss-widget/trunk/timthumb.php (modified) (22 diffs)

pinterest-rss-widget/trunk/timthumb.php

@@ -21 +21 @@
  * everytime you download a new version
 */
-define ('VERSION', '2.8.5');                                                                        // Version of this script 
+define ('VERSION', '2.8.10');                                                                       // Version of this script 
 //Load a config file if it exists. Otherwise, use the values below
 if( file_exists(dirname(__FILE__) . '/timthumb-config.php'))    require_once('timthumb-config.php');
@@ -37 +37 @@
 if(! defined('FILE_CACHE_MAX_FILE_AGE') )   define ('FILE_CACHE_MAX_FILE_AGE', 86400);              // How old does a file have to be to be deleted from the cache
 if(! defined('FILE_CACHE_SUFFIX') )         define ('FILE_CACHE_SUFFIX', '.timthumb.txt');          // What to put at the end of all files in the cache directory so we can identify them
-if(! defined('FILE_CACHE_PREFIX') )         define ('FILE_CACHE_PREFIX', 'timthumb');               // What to put at the end of all files in the cache directory so we can identify them
+if(! defined('FILE_CACHE_PREFIX') )         define ('FILE_CACHE_PREFIX', 'timthumb');               // What to put at the beg of all files in the cache directory so we can identify them
 if(! defined('FILE_CACHE_DIRECTORY') )      define ('FILE_CACHE_DIRECTORY', './cache');             // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
 if(! defined('MAX_FILE_SIZE') )             define ('MAX_FILE_SIZE', 10485760);                     // 10 Megs is 10485760. This is the max internal or external file size that we'll process.  
@@ -52 +52 @@
 if(! defined('NOT_FOUND_IMAGE') )       define ('NOT_FOUND_IMAGE', '');                             // Image to serve if any 404 occurs 
 if(! defined('ERROR_IMAGE') )           define ('ERROR_IMAGE', '');                                 // Image to serve if an error occurs instead of showing error message 
+if(! defined('PNG_IS_TRANSPARENT') )    define ('PNG_IS_TRANSPARENT', FALSE);  //42 Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour 
 if(! defined('DEFAULT_Q') )             define ('DEFAULT_Q', 90);                                   // Default image quality. Allows overrid in timthumb-config.php
 if(! defined('DEFAULT_ZC') )            define ('DEFAULT_ZC', 1);                                   // Default zoom/crop setting. Allows overrid in timthumb-config.php
@@ -190 +191 @@
             $this->cacheDirectory = FILE_CACHE_DIRECTORY;
             if (!touch($this->cacheDirectory . '/index.html')) {
-                $this->error("Could note create the index.html file - to fix this create an empty file named index.html file in the cache directory.");
+                $this->error("Could not create the index.html file - to fix this create an empty file named index.html file in the cache directory.");
             }
         } else {
@@ -201 +202 @@
         $this->src = $this->param('src');
         $this->url = parse_url($this->src);
+        $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
+        
         if(strlen($this->src) <= 3){
             $this->error("No image specified");
@@ -217 +220 @@
             return false;
             exit(0);
-        }
-        if(preg_match('/https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $this->src)){
-            $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
         }
         if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
@@ -319 +319 @@
                 }
             }
-                
             $this->serveErrors(); 
             exit(0); 
@@ -409 +408 @@
     }
     protected function serveErrors(){
+        header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
         $html = '<ul>';
         foreach($this->errors as $err){
@@ -414 +414 @@
         }
         $html .= '</ul>';
-        header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
         echo '<h1>A TimThumb error has occured</h1>The following error(s) occured:<br />' . $html . '<br />';
         echo '<br />Query String : ' . htmlentities ($_SERVER['QUERY_STRING']);
@@ -453 +452 @@
             $this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
             if (!touch($lastCleanFile)) {
-                $this->error("Could note create cache clean timestamp file.");
+                $this->error("Could not create cache clean timestamp file.");
             }
             return;
@@ -461 +460 @@
             // Very slight race condition here, but worst case we'll have 2 or 3 servers cleaning the cache simultaneously once a day.
             if (!touch($lastCleanFile)) {
-                $this->error("Could note create cache clean timestamp file.");
+                $this->error("Could not create cache clean timestamp file.");
             }
             $files = glob($this->cacheDirectory . '/*' . FILE_CACHE_SUFFIX);
-            $timeAgo = time() - FILE_CACHE_MAX_FILE_AGE;
-            foreach($files as $file){
-                if(@filemtime($file) < $timeAgo){
-                    $this->debug(3, "Deleting cache file $file older than max age: " . FILE_CACHE_MAX_FILE_AGE . " seconds");
-                    @unlink($file);
+            if ($files) {
+                $timeAgo = time() - FILE_CACHE_MAX_FILE_AGE;
+                foreach($files as $file){
+                    if(@filemtime($file) < $timeAgo){
+                        $this->debug(3, "Deleting cache file $file older than max age: " . FILE_CACHE_MAX_FILE_AGE . " seconds");
+                        @unlink($file);
+                    }
                 }
             }
@@ -516 +517 @@
         $sharpen = (bool) $this->param('s', DEFAULT_S);
         $canvas_color = $this->param('cc', DEFAULT_CC);
+        $canvas_trans = (bool) $this->param('ct', '1');
 
         // set default width and height if neither are set already
@@ -566 +568 @@
         imagealphablending ($canvas, false);
 
-        if (strlen ($canvas_color) < 6) {
-            $canvas_color = 'ffffff';
-        }
+        if (strlen($canvas_color) == 3) { //if is 3-char notation, edit string into 6-char notation
+            $canvas_color =  str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2); 
+        } else if (strlen($canvas_color) != 6) {
+            $canvas_color = DEFAULT_CC; // on error return default canvas color
+        }
 
         $canvas_color_R = hexdec (substr ($canvas_color, 0, 2));
         $canvas_color_G = hexdec (substr ($canvas_color, 2, 2));
-        $canvas_color_B = hexdec (substr ($canvas_color, 2, 2));
+        $canvas_color_B = hexdec (substr ($canvas_color, 4, 2));
 
         // Create a new transparent color for image
-        $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);
+        // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency 
+        // (and if is set a canvas color show it in the background)
+        if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){ 
+            $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);     
+        }else{
+            $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 0);
+        }
+
 
         // Completely fill the background of the new image with allocated color.
@@ -828 +839 @@
     }
     protected function getLocalImagePath($src){
-        $src = preg_replace('/^\//', '', $src); //strip off the leading '/'
+        $src = ltrim($src, '/'); //strip off the leading '/'
         if(! $this->docRoot){
             $this->debug(3, "We have no document root set, so as a last resort, lets check if the image is in the current dir and serve that.");
@@ -834 +845 @@
             $file = preg_replace('/^.*?([^\/\\\\]+)$/', '$1', $src); //strip off any path info and just leave the filename.
             if(is_file($file)){
-                return realpath($file);
+                return $this->realpath($file);
             }
             return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons.");
@@ -842 +853 @@
         if(file_exists ($this->docRoot . '/' . $src)) {
             $this->debug(3, "Found file as " . $this->docRoot . '/' . $src);
-            $real = realpath($this->docRoot . '/' . $src);
-            if(stripos($real, $this->docRoot) == 0){
+            $real = $this->realpath($this->docRoot . '/' . $src);
+            if(stripos($real, $this->docRoot) === 0){
                 return $real;
             } else {
@@ -851 +862 @@
         }
         //Check absolute paths and then verify the real path is under doc root
-        $absolute = realpath('/' . $src);
+        $absolute = $this->realpath('/' . $src);
         if($absolute && file_exists($absolute)){ //realpath does file_exists check, so can probably skip the exists check here
             $this->debug(3, "Found absolute path: $absolute");
             if(! $this->docRoot){ $this->sanityFail("docRoot not set when checking absolute path."); }
-            if(stripos($absolute, $this->docRoot) == 0){
+            if(stripos($absolute, $this->docRoot) === 0){
                 return $absolute;
             } else {
@@ -871 +882 @@
             $sub_directories = explode('/', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));
         }
-        
+
         foreach ($sub_directories as $sub){
             $base .= $sub . '/';
@@ -877 +888 @@
             if(file_exists($base . $src)){
                 $this->debug(3, "Found file as: " . $base . $src);
-                $real = realpath($base . $src);
-                if(stripos($real, $this->docRoot) == 0){ 
+                $real = $this->realpath($base . $src);
+                if(stripos($real, $this->realpath($this->docRoot)) === 0){
                     return $real;
                 } else {
@@ -887 +898 @@
         }
         return false;
+    }
+    protected function realpath($path){
+        //try to remove any relative paths
+        $remove_relatives = '/\w+\/\.\.\//';
+        while(preg_match($remove_relatives,$path)){
+            $path = preg_replace($remove_relatives, '', $path);
+        }
+        //if any remain use PHP realpath to strip them out, otherwise return $path
+        //if using realpath, any symlinks will also be resolved
+        return preg_match('#^\.\./|/\.\./#', $path) ? realpath($path) : $path;
     }
     protected function toDelete($name){
@@ -1053 +1074 @@
     protected function openImage($mimeType, $src){
         switch ($mimeType) {
-            case 'image/jpg': //This isn't a valid mime type so we should probably remove it
             case 'image/jpeg':
                 $image = imagecreatefromjpeg ($src);
@@ -1065 +1085 @@
                 $image = imagecreatefromgif ($src);
                 break;
+            
+            default:
+                $this->error("Unrecognised mimeType");
         }