1 | <?php |
---|
2 | /** |
---|
3 | * TimThumb script created by Ben Gillbanks, originally created by Tim McDaniels and Darren Hoyt |
---|
4 | * http://code.google.com/p/timthumb/ |
---|
5 | * |
---|
6 | * GNU General Public License, version 2 |
---|
7 | * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
---|
8 | * |
---|
9 | * Examples and documentation available on the project homepage |
---|
10 | * http://www.binarymoon.co.uk/projects/timthumb/ |
---|
11 | */ |
---|
12 | |
---|
13 | define ('CACHE_SIZE', 1000); // number of files to store before clearing cache |
---|
14 | define ('CACHE_CLEAR', 20); // maximum number of files to delete on each cache clear |
---|
15 | define ('CACHE_USE', TRUE); // use the cache files? (mostly for testing) |
---|
16 | define ('CACHE_MAX_AGE', 864000); // time to cache in the browser |
---|
17 | define ('VERSION', '1.30'); // version number (to force a cache refresh) |
---|
18 | define ('DIRECTORY_CACHE', './cache'); // cache directory |
---|
19 | define ('MAX_WIDTH', 1500); // maximum image width |
---|
20 | define ('MAX_HEIGHT', 1500); // maximum image height |
---|
21 | define ('ALLOW_EXTERNAL', FALSE); // allow external website (override security precaution - not advised!) |
---|
22 | define ('MEMORY_LIMIT', '30M'); // set PHP memory limit |
---|
23 | define ('MAX_FILE_SIZE', 1500000); // file size limit to prevent possible DOS attacks (roughly 1.5 megabytes) |
---|
24 | define ('CURL_TIMEOUT', 10); // timeout duration. Tweak as you require (lower = better) |
---|
25 | |
---|
26 | // external domains that are allowed to be displayed on your website |
---|
27 | $allowedSites = array ( |
---|
28 | 'flickr.com', |
---|
29 | 'picasa.com', |
---|
30 | 'blogger.com', |
---|
31 | 'wordpress.com', |
---|
32 | 'img.youtube.com', |
---|
33 | 'upload.wikimedia.org', |
---|
34 | 'photobucket.com', |
---|
35 | ); |
---|
36 | |
---|
37 | // STOP MODIFYING HERE! |
---|
38 | // -------------------- |
---|
39 | |
---|
40 | // sort out image source |
---|
41 | $src = get_request ('src', ''); |
---|
42 | if ($src == '' || strlen ($src) <= 3) { |
---|
43 | display_error ('no image specified'); |
---|
44 | } |
---|
45 | |
---|
46 | |
---|
47 | // clean params before use |
---|
48 | $src = clean_source ($src); |
---|
49 | |
---|
50 | // get mime type of src |
---|
51 | $mime_type = mime_type ($src); |
---|
52 | |
---|
53 | // used for external websites only |
---|
54 | $external_data_string = ''; |
---|
55 | |
---|
56 | // generic file handle for reading and writing to files |
---|
57 | $fh = ''; |
---|
58 | |
---|
59 | // check to see if this image is in the cache already |
---|
60 | // if already cached then display the image and die |
---|
61 | check_cache ($mime_type); |
---|
62 | |
---|
63 | // cache doesn't exist and then process everything |
---|
64 | // check to see if GD function exist |
---|
65 | if (!function_exists ('imagecreatetruecolor')) { |
---|
66 | display_error ('GD Library Error: imagecreatetruecolor does not exist - please contact your webhost and ask them to install the GD library'); |
---|
67 | } |
---|
68 | |
---|
69 | if (function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { |
---|
70 | $imageFilters = array ( |
---|
71 | 1 => array (IMG_FILTER_NEGATE, 0), |
---|
72 | 2 => array (IMG_FILTER_GRAYSCALE, 0), |
---|
73 | 3 => array (IMG_FILTER_BRIGHTNESS, 1), |
---|
74 | 4 => array (IMG_FILTER_CONTRAST, 1), |
---|
75 | 5 => array (IMG_FILTER_COLORIZE, 4), |
---|
76 | 6 => array (IMG_FILTER_EDGEDETECT, 0), |
---|
77 | 7 => array (IMG_FILTER_EMBOSS, 0), |
---|
78 | 8 => array (IMG_FILTER_GAUSSIAN_BLUR, 0), |
---|
79 | 9 => array (IMG_FILTER_SELECTIVE_BLUR, 0), |
---|
80 | 10 => array (IMG_FILTER_MEAN_REMOVAL, 0), |
---|
81 | 11 => array (IMG_FILTER_SMOOTH, 0), |
---|
82 | ); |
---|
83 | } |
---|
84 | |
---|
85 | // get standard input properties |
---|
86 | $new_width = (int) abs (get_request ('w', 0)); |
---|
87 | $new_height = (int) abs (get_request ('h', 0)); |
---|
88 | $zoom_crop = (int) get_request ('zc', 1); |
---|
89 | $quality = (int) abs (get_request ('q', 90)); |
---|
90 | $align = get_request ('a', 'c'); |
---|
91 | $filters = get_request ('f', ''); |
---|
92 | $sharpen = (bool) get_request ('s', 0); |
---|
93 | |
---|
94 | // set default width and height if neither are set already |
---|
95 | if ($new_width == 0 && $new_height == 0) { |
---|
96 | $new_width = 100; |
---|
97 | $new_height = 100; |
---|
98 | } |
---|
99 | |
---|
100 | // ensure size limits can not be abused |
---|
101 | $new_width = min ($new_width, MAX_WIDTH); |
---|
102 | $new_height = min ($new_height, MAX_HEIGHT); |
---|
103 | |
---|
104 | // set memory limit to be able to have enough space to resize larger images |
---|
105 | ini_set ('memory_limit', MEMORY_LIMIT); |
---|
106 | |
---|
107 | if (file_exists ($src)) { |
---|
108 | |
---|
109 | // open the existing image |
---|
110 | $image = open_image ($mime_type, $src); |
---|
111 | if ($image === false) { |
---|
112 | display_error ('Unable to open image : ' . $src); |
---|
113 | } |
---|
114 | |
---|
115 | // Get original width and height |
---|
116 | $width = imagesx ($image); |
---|
117 | $height = imagesy ($image); |
---|
118 | $origin_x = 0; |
---|
119 | $origin_y = 0; |
---|
120 | |
---|
121 | // generate new w/h if not provided |
---|
122 | if ($new_width && !$new_height) { |
---|
123 | $new_height = floor ($height * ($new_width / $width)); |
---|
124 | } else if ($new_height && !$new_width) { |
---|
125 | $new_width = floor ($width * ($new_height / $height)); |
---|
126 | } |
---|
127 | |
---|
128 | // scale down and add borders |
---|
129 | if ($zoom_crop == 3) { |
---|
130 | |
---|
131 | $final_height = $height * ($new_width / $width); |
---|
132 | |
---|
133 | if ($final_height > $new_height) { |
---|
134 | $new_width = $width * ($new_height / $height); |
---|
135 | } else { |
---|
136 | $new_height = $final_height; |
---|
137 | } |
---|
138 | |
---|
139 | } |
---|
140 | |
---|
141 | // create a new true color image |
---|
142 | $canvas = imagecreatetruecolor ($new_width, $new_height); |
---|
143 | imagealphablending ($canvas, false); |
---|
144 | |
---|
145 | // Create a new transparent color for image |
---|
146 | $color = imagecolorallocatealpha ($canvas, 0, 0, 0, 127); |
---|
147 | |
---|
148 | // Completely fill the background of the new image with allocated color. |
---|
149 | imagefill ($canvas, 0, 0, $color); |
---|
150 | |
---|
151 | // scale down and add borders |
---|
152 | if ($zoom_crop == 2) { |
---|
153 | |
---|
154 | $final_height = $height * ($new_width / $width); |
---|
155 | |
---|
156 | if ($final_height > $new_height) { |
---|
157 | |
---|
158 | $origin_x = $new_width / 2; |
---|
159 | $new_width = $width * ($new_height / $height); |
---|
160 | $origin_x = round ($origin_x - ($new_width / 2)); |
---|
161 | |
---|
162 | } else { |
---|
163 | |
---|
164 | $origin_y = $new_height / 2; |
---|
165 | $new_height = $final_height; |
---|
166 | $origin_y = round ($origin_y - ($new_height / 2)); |
---|
167 | |
---|
168 | } |
---|
169 | |
---|
170 | } |
---|
171 | |
---|
172 | // Restore transparency blending |
---|
173 | imagesavealpha ($canvas, true); |
---|
174 | |
---|
175 | if ($zoom_crop > 0) { |
---|
176 | |
---|
177 | $src_x = $src_y = 0; |
---|
178 | $src_w = $width; |
---|
179 | $src_h = $height; |
---|
180 | |
---|
181 | $cmp_x = $width / $new_width; |
---|
182 | $cmp_y = $height / $new_height; |
---|
183 | |
---|
184 | // calculate x or y coordinate and width or height of source |
---|
185 | if ($cmp_x > $cmp_y) { |
---|
186 | |
---|
187 | $src_w = round ($width / $cmp_x * $cmp_y); |
---|
188 | $src_x = round (($width - ($width / $cmp_x * $cmp_y)) / 2); |
---|
189 | |
---|
190 | } else if ($cmp_y > $cmp_x) { |
---|
191 | |
---|
192 | $src_h = round ($height / $cmp_y * $cmp_x); |
---|
193 | $src_y = round (($height - ($height / $cmp_y * $cmp_x)) / 2); |
---|
194 | |
---|
195 | } |
---|
196 | |
---|
197 | // positional cropping! |
---|
198 | if ($align) { |
---|
199 | if (strpos ($align, 't') !== false) { |
---|
200 | $src_y = 0; |
---|
201 | } |
---|
202 | if (strpos ($align, 'b') !== false) { |
---|
203 | $src_y = $height - $src_h; |
---|
204 | } |
---|
205 | if (strpos ($align, 'l') !== false) { |
---|
206 | $src_x = 0; |
---|
207 | } |
---|
208 | if (strpos ($align, 'r') !== false) { |
---|
209 | $src_x = $width - $src_w; |
---|
210 | } |
---|
211 | } |
---|
212 | |
---|
213 | imagecopyresampled ($canvas, $image, $origin_x, $origin_y, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h); |
---|
214 | |
---|
215 | } else { |
---|
216 | |
---|
217 | // copy and resize part of an image with resampling |
---|
218 | imagecopyresampled ($canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); |
---|
219 | |
---|
220 | } |
---|
221 | |
---|
222 | if ($filters != '' && function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { |
---|
223 | // apply filters to image |
---|
224 | $filterList = explode ('|', $filters); |
---|
225 | foreach ($filterList as $fl) { |
---|
226 | |
---|
227 | $filterSettings = explode (',', $fl); |
---|
228 | if (isset ($imageFilters[$filterSettings[0]])) { |
---|
229 | |
---|
230 | for ($i = 0; $i < 4; $i ++) { |
---|
231 | if (!isset ($filterSettings[$i])) { |
---|
232 | $filterSettings[$i] = null; |
---|
233 | } else { |
---|
234 | $filterSettings[$i] = (int) $filterSettings[$i]; |
---|
235 | } |
---|
236 | } |
---|
237 | |
---|
238 | switch ($imageFilters[$filterSettings[0]][1]) { |
---|
239 | |
---|
240 | case 1: |
---|
241 | |
---|
242 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]); |
---|
243 | break; |
---|
244 | |
---|
245 | case 2: |
---|
246 | |
---|
247 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]); |
---|
248 | break; |
---|
249 | |
---|
250 | case 3: |
---|
251 | |
---|
252 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]); |
---|
253 | break; |
---|
254 | |
---|
255 | case 4: |
---|
256 | |
---|
257 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3], $filterSettings[4]); |
---|
258 | break; |
---|
259 | |
---|
260 | default: |
---|
261 | |
---|
262 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0]); |
---|
263 | break; |
---|
264 | |
---|
265 | } |
---|
266 | } |
---|
267 | } |
---|
268 | } |
---|
269 | |
---|
270 | // sharpen image |
---|
271 | if ($sharpen && function_exists ('imageconvolution')) { |
---|
272 | |
---|
273 | $sharpenMatrix = array ( |
---|
274 | array (-1,-1,-1), |
---|
275 | array (-1,16,-1), |
---|
276 | array (-1,-1,-1), |
---|
277 | ); |
---|
278 | |
---|
279 | $divisor = 8; |
---|
280 | $offset = 0; |
---|
281 | |
---|
282 | imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset); |
---|
283 | |
---|
284 | } |
---|
285 | |
---|
286 | // output image to browser based on mime type |
---|
287 | show_image ($mime_type, $canvas); |
---|
288 | |
---|
289 | // remove image from memory |
---|
290 | imagedestroy ($canvas); |
---|
291 | |
---|
292 | // if not in cache then clear some space and generate a new file |
---|
293 | clean_cache (); |
---|
294 | |
---|
295 | die (); |
---|
296 | |
---|
297 | } else { |
---|
298 | |
---|
299 | if (strlen ($src)) { |
---|
300 | display_error ('image ' . $src . ' not found'); |
---|
301 | } else { |
---|
302 | display_error ('no source specified'); |
---|
303 | } |
---|
304 | |
---|
305 | } |
---|
306 | |
---|
307 | |
---|
308 | /** |
---|
309 | * |
---|
310 | * @global <type> $quality |
---|
311 | * @param <type> $mime_type |
---|
312 | * @param <type> $image_resized |
---|
313 | */ |
---|
314 | function show_image ($mime_type, $image_resized) { |
---|
315 | |
---|
316 | global $quality; |
---|
317 | |
---|
318 | $cache_file = get_cache_file ($mime_type); |
---|
319 | |
---|
320 | switch ($mime_type) { |
---|
321 | case 'jpg': |
---|
322 | imagejpeg ($image_resized, $cache_file, $quality); |
---|
323 | break; |
---|
324 | |
---|
325 | default: |
---|
326 | case 'png': |
---|
327 | imagepng ($image_resized, $cache_file, floor ($quality * 0.09)); |
---|
328 | break; |
---|
329 | |
---|
330 | } |
---|
331 | |
---|
332 | show_cache_file ($mime_type); |
---|
333 | |
---|
334 | } |
---|
335 | |
---|
336 | |
---|
337 | /** |
---|
338 | * |
---|
339 | * @param <type> $property |
---|
340 | * @param <type> $default |
---|
341 | * @return <type> |
---|
342 | */ |
---|
343 | function get_request ($property, $default = 0) { |
---|
344 | |
---|
345 | if (isset ($_GET[$property])) { |
---|
346 | return $_GET[$property]; |
---|
347 | } else { |
---|
348 | return $default; |
---|
349 | } |
---|
350 | |
---|
351 | } |
---|
352 | |
---|
353 | |
---|
354 | /** |
---|
355 | * |
---|
356 | * @param <type> $mime_type |
---|
357 | * @param <type> $src |
---|
358 | * @return <type> |
---|
359 | */ |
---|
360 | function open_image ($mime_type, $src) { |
---|
361 | |
---|
362 | switch ($mime_type) { |
---|
363 | case 'jpg': |
---|
364 | $image = imagecreatefromjpeg ($src); |
---|
365 | break; |
---|
366 | |
---|
367 | case 'png': |
---|
368 | $image = imagecreatefrompng ($src); |
---|
369 | break; |
---|
370 | |
---|
371 | case 'gif': |
---|
372 | $image = imagecreatefromgif ($src); |
---|
373 | break; |
---|
374 | } |
---|
375 | |
---|
376 | return $image; |
---|
377 | |
---|
378 | } |
---|
379 | |
---|
380 | /** |
---|
381 | * clean out old files from the cache |
---|
382 | * you can change the number of files to store and to delete per loop in the defines at the top of the code |
---|
383 | * |
---|
384 | * @return <type> |
---|
385 | */ |
---|
386 | function clean_cache () { |
---|
387 | |
---|
388 | // add an escape |
---|
389 | // Reduces the amount of cache clearing to save some processor speed |
---|
390 | if (rand (1, 50) > 10) { |
---|
391 | return true; |
---|
392 | } |
---|
393 | |
---|
394 | flush (); |
---|
395 | |
---|
396 | $files = glob (DIRECTORY_CACHE . '/*', GLOB_BRACE); |
---|
397 | |
---|
398 | if (count ($files) > CACHE_SIZE) { |
---|
399 | |
---|
400 | $yesterday = time () - (24 * 60 * 60); |
---|
401 | |
---|
402 | usort ($files, 'filemtime_compare'); |
---|
403 | $i = 0; |
---|
404 | |
---|
405 | foreach ($files as $file) { |
---|
406 | |
---|
407 | $i ++; |
---|
408 | |
---|
409 | if ($i >= CACHE_CLEAR) { |
---|
410 | return; |
---|
411 | } |
---|
412 | |
---|
413 | if (@filemtime ($file) > $yesterday) { |
---|
414 | return; |
---|
415 | } |
---|
416 | |
---|
417 | if (file_exists ($file)) { |
---|
418 | unlink ($file); |
---|
419 | } |
---|
420 | |
---|
421 | } |
---|
422 | |
---|
423 | } |
---|
424 | |
---|
425 | } |
---|
426 | |
---|
427 | |
---|
428 | /** |
---|
429 | * compare the file time of two files |
---|
430 | * |
---|
431 | * @param <type> $a |
---|
432 | * @param <type> $b |
---|
433 | * @return <type> |
---|
434 | */ |
---|
435 | function filemtime_compare ($a, $b) { |
---|
436 | |
---|
437 | $break = explode ('/', $_SERVER['SCRIPT_FILENAME']); |
---|
438 | $filename = $break[count ($break) - 1]; |
---|
439 | $filepath = str_replace ($filename, '', $_SERVER['SCRIPT_FILENAME']); |
---|
440 | |
---|
441 | $file_a = realpath ($filepath . $a); |
---|
442 | $file_b = realpath ($filepath . $b); |
---|
443 | |
---|
444 | return filemtime ($file_a) - filemtime ($file_b); |
---|
445 | |
---|
446 | } |
---|
447 | |
---|
448 | |
---|
449 | /** |
---|
450 | * determine the file mime type |
---|
451 | * |
---|
452 | * @param <type> $file |
---|
453 | * @return <type> |
---|
454 | */ |
---|
455 | function mime_type ($file) { |
---|
456 | |
---|
457 | $file_infos = getimagesize ($file); |
---|
458 | |
---|
459 | // no mime type |
---|
460 | if (empty ($file_infos['mime'])) { |
---|
461 | display_error ('no mime type specified in image'); |
---|
462 | } |
---|
463 | |
---|
464 | $mime_type = $file_infos['mime']; |
---|
465 | |
---|
466 | // use mime_type to determine mime type |
---|
467 | if (!preg_match ("/jpg|jpeg|gif|png/i", $mime_type)) { |
---|
468 | display_error ('Invalid src mime type: ' . $mime_type); |
---|
469 | } |
---|
470 | |
---|
471 | $mime_type = strtolower ($mime_type); |
---|
472 | $mime_type = str_replace ('image/', '', $mime_type); |
---|
473 | |
---|
474 | if ($mime_type == 'jpeg') { |
---|
475 | $mime_type = 'jpg'; |
---|
476 | } |
---|
477 | |
---|
478 | return $mime_type; |
---|
479 | |
---|
480 | } |
---|
481 | |
---|
482 | |
---|
483 | /** |
---|
484 | * |
---|
485 | * @param <type> $mime_type |
---|
486 | */ |
---|
487 | function check_cache ($mime_type) { |
---|
488 | |
---|
489 | if (CACHE_USE) { |
---|
490 | |
---|
491 | if (!show_cache_file ($mime_type)) { |
---|
492 | // make sure cache dir exists |
---|
493 | if (!file_exists (DIRECTORY_CACHE)) { |
---|
494 | // give 777 permissions so that developer can overwrite |
---|
495 | // files created by web server user |
---|
496 | mkdir (DIRECTORY_CACHE); |
---|
497 | chmod (DIRECTORY_CACHE, 0777); |
---|
498 | } |
---|
499 | } |
---|
500 | |
---|
501 | } |
---|
502 | |
---|
503 | } |
---|
504 | |
---|
505 | |
---|
506 | /** |
---|
507 | * |
---|
508 | * @param <type> $mime_type |
---|
509 | * @return <type> |
---|
510 | */ |
---|
511 | function show_cache_file ($mime_type) { |
---|
512 | |
---|
513 | // use browser cache if available to speed up page load |
---|
514 | if (!empty ($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { |
---|
515 | if (strtotime ($_SERVER['HTTP_IF_MODIFIED_SINCE']) < strtotime ('now')) { |
---|
516 | header ('HTTP/1.1 304 Not Modified'); |
---|
517 | die (); |
---|
518 | } |
---|
519 | } |
---|
520 | |
---|
521 | $cache_file = get_cache_file ($mime_type); |
---|
522 | |
---|
523 | if (file_exists ($cache_file)) { |
---|
524 | |
---|
525 | // change the modified headers |
---|
526 | $gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT'; |
---|
527 | $gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT'; |
---|
528 | |
---|
529 | // send content headers then display image |
---|
530 | header ('Content-Type: image/' . get_file_type ($mime_type)); |
---|
531 | header ('Accept-Ranges: bytes'); |
---|
532 | header ('Last-Modified: ' . $gmdate_modified); |
---|
533 | header ('Content-Length: ' . filesize ($cache_file)); |
---|
534 | header ('Cache-Control: max-age=' . CACHE_MAX_AGE . ', must-revalidate'); |
---|
535 | header ('Expires: ' . $gmdate_expires); |
---|
536 | |
---|
537 | if (!@readfile ($cache_file)) { |
---|
538 | $content = file_get_contents ($cache_file); |
---|
539 | if ($content != FALSE) { |
---|
540 | echo $content; |
---|
541 | } else { |
---|
542 | display_error ('cache file could not be loaded'); |
---|
543 | } |
---|
544 | } |
---|
545 | |
---|
546 | die (); |
---|
547 | |
---|
548 | } |
---|
549 | |
---|
550 | return FALSE; |
---|
551 | |
---|
552 | } |
---|
553 | |
---|
554 | |
---|
555 | /** |
---|
556 | * |
---|
557 | * @param type $extension |
---|
558 | * @return type |
---|
559 | */ |
---|
560 | function get_file_type ($extension) { |
---|
561 | |
---|
562 | switch ($extension) { |
---|
563 | case 'png': |
---|
564 | case 'gif': |
---|
565 | return 'png'; |
---|
566 | |
---|
567 | case 'jpg': |
---|
568 | case 'jpeg': |
---|
569 | return 'jpeg'; |
---|
570 | |
---|
571 | default: |
---|
572 | display_error ('file type not found : ' . $extension); |
---|
573 | } |
---|
574 | |
---|
575 | } |
---|
576 | |
---|
577 | |
---|
578 | /** |
---|
579 | * |
---|
580 | * @staticvar string $cache_file |
---|
581 | * @param <type> $mime_type |
---|
582 | * @return string |
---|
583 | */ |
---|
584 | function get_cache_file ($mime_type) { |
---|
585 | |
---|
586 | static $cache_file; |
---|
587 | global $src; |
---|
588 | |
---|
589 | if (!$cache_file) { |
---|
590 | // filemtime is used to make sure updated files get recached |
---|
591 | $cache_file = DIRECTORY_CACHE . '/' . md5 ($_SERVER ['QUERY_STRING'] . VERSION . filemtime ($src)) . '.' . $mime_type; |
---|
592 | } |
---|
593 | |
---|
594 | return $cache_file; |
---|
595 | |
---|
596 | } |
---|
597 | |
---|
598 | |
---|
599 | /** |
---|
600 | * |
---|
601 | * @param <type> $url |
---|
602 | * @return <type> |
---|
603 | */ |
---|
604 | function validate_url ($url) { |
---|
605 | $pattern = "/\b(?:(?:https?):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i"; |
---|
606 | return preg_match ($pattern, $url); |
---|
607 | } |
---|
608 | |
---|
609 | |
---|
610 | /** |
---|
611 | * |
---|
612 | * @global array $allowedSites |
---|
613 | * @param string $src |
---|
614 | * @return string |
---|
615 | */ |
---|
616 | function check_external ($src) { |
---|
617 | |
---|
618 | global $allowedSites; |
---|
619 | |
---|
620 | // work out file details |
---|
621 | $file_details = pathinfo ($src); |
---|
622 | $filename = 'external_' . md5 ($src); |
---|
623 | $local_filepath = DIRECTORY_CACHE . '/' . $filename . '.' . $file_details['extension']; |
---|
624 | |
---|
625 | // only do this stuff the file doesn't already exist |
---|
626 | if (!file_exists ($local_filepath)) { |
---|
627 | |
---|
628 | if (strpos (strtolower ($src), 'http://') !== false || strpos (strtolower ($src), 'https://') !== false) { |
---|
629 | |
---|
630 | if (!validate_url ($src)) { |
---|
631 | display_error ('invalid url'); |
---|
632 | } |
---|
633 | |
---|
634 | $url_info = parse_url ($src); |
---|
635 | |
---|
636 | if (count (explode ('.', $url_info['path'])) > 2) { |
---|
637 | display_error ('source filename invalid'); |
---|
638 | } |
---|
639 | |
---|
640 | // convert youtube video urls |
---|
641 | // need to tidy up the code |
---|
642 | |
---|
643 | if ($url_info['host'] == 'www.youtube.com' || $url_info['host'] == 'youtube.com') { |
---|
644 | parse_str ($url_info['query']); |
---|
645 | |
---|
646 | if (isset ($v)) { |
---|
647 | $src = 'http://img.youtube.com/vi/' . $v . '/0.jpg'; |
---|
648 | $url_info['host'] = 'img.youtube.com'; |
---|
649 | } |
---|
650 | } |
---|
651 | |
---|
652 | // check allowed sites (if required) |
---|
653 | if (ALLOW_EXTERNAL) { |
---|
654 | |
---|
655 | $isAllowedSite = true; |
---|
656 | |
---|
657 | } else { |
---|
658 | |
---|
659 | $isAllowedSite = false; |
---|
660 | foreach ($allowedSites as $site) { |
---|
661 | if (strpos (strtolower ($url_info['host']), $site) !== false) { |
---|
662 | $isAllowedSite = true; |
---|
663 | } |
---|
664 | } |
---|
665 | |
---|
666 | } |
---|
667 | |
---|
668 | // if allowed |
---|
669 | if ($isAllowedSite) { |
---|
670 | |
---|
671 | if (function_exists ('curl_init')) { |
---|
672 | |
---|
673 | global $fh; |
---|
674 | |
---|
675 | $fh = fopen ($local_filepath, 'w'); |
---|
676 | $ch = curl_init ($src); |
---|
677 | |
---|
678 | curl_setopt ($ch, CURLOPT_TIMEOUT, CURL_TIMEOUT); |
---|
679 | curl_setopt ($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0'); |
---|
680 | curl_setopt ($ch, CURLOPT_URL, $src); |
---|
681 | curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE); |
---|
682 | curl_setopt ($ch, CURLOPT_HEADER, 0); |
---|
683 | curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); |
---|
684 | curl_setopt ($ch, CURLOPT_FILE, $fh); |
---|
685 | curl_setopt ($ch, CURLOPT_WRITEFUNCTION, 'curl_write'); |
---|
686 | |
---|
687 | // error so die |
---|
688 | if (curl_exec ($ch) === FALSE) { |
---|
689 | unlink ($local_filepath); |
---|
690 | touch ($local_filepath); |
---|
691 | display_error ('error reading file ' . $src . ' from remote host: ' . curl_error ($ch)); |
---|
692 | } |
---|
693 | |
---|
694 | curl_close ($ch); |
---|
695 | fclose ($fh); |
---|
696 | |
---|
697 | } else { |
---|
698 | |
---|
699 | if (!$img = file_get_contents ($src)) { |
---|
700 | display_error ('remote file for ' . $src . ' can not be accessed. It is likely that the file permissions are restricted'); |
---|
701 | } |
---|
702 | |
---|
703 | if (file_put_contents ($local_filepath, $img) == FALSE) { |
---|
704 | display_error ('error writing temporary file'); |
---|
705 | } |
---|
706 | |
---|
707 | } |
---|
708 | |
---|
709 | if (!file_exists ($local_filepath)) { |
---|
710 | display_error ('local file for ' . $src . ' can not be created'); |
---|
711 | } |
---|
712 | |
---|
713 | $src = $local_filepath; |
---|
714 | |
---|
715 | } else { |
---|
716 | |
---|
717 | display_error ('remote host "' . $url_info['host'] . '" not allowed'); |
---|
718 | |
---|
719 | } |
---|
720 | |
---|
721 | } |
---|
722 | |
---|
723 | } else { |
---|
724 | |
---|
725 | $src = $local_filepath; |
---|
726 | |
---|
727 | } |
---|
728 | |
---|
729 | return $src; |
---|
730 | |
---|
731 | } |
---|
732 | |
---|
733 | |
---|
734 | /** |
---|
735 | * callback for curl command to receive external images |
---|
736 | * limit the amount of data downloaded from external servers |
---|
737 | * |
---|
738 | * @global <type> $data_string |
---|
739 | * @param <type> $handle |
---|
740 | * @param <type> $data |
---|
741 | * @return <type> |
---|
742 | */ |
---|
743 | function curl_write ($handle, $data) { |
---|
744 | |
---|
745 | global $external_data_string, $fh; |
---|
746 | |
---|
747 | fwrite ($fh, $data); |
---|
748 | $external_data_string .= $data; |
---|
749 | |
---|
750 | if (strlen ($external_data_string) > MAX_FILE_SIZE) { |
---|
751 | return 0; |
---|
752 | } else { |
---|
753 | return strlen ($data); |
---|
754 | } |
---|
755 | |
---|
756 | } |
---|
757 | |
---|
758 | |
---|
759 | /** |
---|
760 | * tidy up the image source url |
---|
761 | * |
---|
762 | * @param <type> $src |
---|
763 | * @return string |
---|
764 | */ |
---|
765 | function clean_source ($src) { |
---|
766 | |
---|
767 | $host = str_replace ('www.', '', $_SERVER['HTTP_HOST']); |
---|
768 | $regex = "/^(http(s|):\/\/)(www\.|)" . $host . "\//i"; |
---|
769 | |
---|
770 | $src = preg_replace ($regex, '', $src); |
---|
771 | $src = strip_tags ($src); |
---|
772 | $src = check_external ($src); |
---|
773 | |
---|
774 | // remove slash from start of string |
---|
775 | if (strpos ($src, '/') === 0) { |
---|
776 | $src = substr ($src, -(strlen ($src) - 1)); |
---|
777 | } |
---|
778 | |
---|
779 | // don't allow users the ability to use '../' |
---|
780 | // in order to gain access to files below document root |
---|
781 | $src = preg_replace ("/\.\.+\//", "", $src); |
---|
782 | |
---|
783 | // get path to image on file system |
---|
784 | $src = get_document_root ($src) . '/' . $src; |
---|
785 | |
---|
786 | if (!is_file ($src)) { |
---|
787 | display_error ('source is not a valid file'); |
---|
788 | } |
---|
789 | |
---|
790 | if (filesize ($src) > MAX_FILE_SIZE) { |
---|
791 | display_error ('source file is too big (filesize > MAX_FILE_SIZE)'); |
---|
792 | } |
---|
793 | |
---|
794 | if (filesize ($src) <= 0) { |
---|
795 | display_error ('source file <= 0 bytes. Possible external file download error (file is too large)'); |
---|
796 | } |
---|
797 | |
---|
798 | return realpath ($src); |
---|
799 | |
---|
800 | } |
---|
801 | |
---|
802 | |
---|
803 | /** |
---|
804 | * |
---|
805 | * @param <type> $src |
---|
806 | * @return string |
---|
807 | */ |
---|
808 | function get_document_root ($src) { |
---|
809 | |
---|
810 | // check for unix servers |
---|
811 | if (file_exists ($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) { |
---|
812 | return $_SERVER['DOCUMENT_ROOT']; |
---|
813 | } |
---|
814 | |
---|
815 | // check from script filename (to get all directories to timthumb location) |
---|
816 | $parts = array_diff (explode ('/', $_SERVER['SCRIPT_FILENAME']), explode ('/', $_SERVER['DOCUMENT_ROOT'])); |
---|
817 | |
---|
818 | $path = './'; |
---|
819 | |
---|
820 | foreach ($parts as $part) { |
---|
821 | if (file_exists ($path . '/' . $src)) { |
---|
822 | return realpath ($path); |
---|
823 | } |
---|
824 | $path .= '../'; |
---|
825 | } |
---|
826 | |
---|
827 | // special check for microsoft servers |
---|
828 | if (!isset ($_SERVER['DOCUMENT_ROOT'])) { |
---|
829 | $path = str_replace ("/", "\\", $_SERVER['ORIG_PATH_INFO']); |
---|
830 | $path = str_replace ($path, '', $_SERVER['SCRIPT_FILENAME']); |
---|
831 | |
---|
832 | if (file_exists ($path . '/' . $src)) { |
---|
833 | return realpath ($path); |
---|
834 | } |
---|
835 | } |
---|
836 | |
---|
837 | display_error ('file not found'); |
---|
838 | |
---|
839 | } |
---|
840 | |
---|
841 | |
---|
842 | /** |
---|
843 | * generic error message |
---|
844 | * |
---|
845 | * @param <type> $errorString |
---|
846 | */ |
---|
847 | function display_error ($errorString = '') { |
---|
848 | |
---|
849 | header ('HTTP/1.1 400 Bad Request'); |
---|
850 | echo '<pre>' . htmlentities ($errorString); |
---|
851 | echo '<br />Query String : ' . htmlentities ($_SERVER['QUERY_STRING']); |
---|
852 | echo '<br />TimThumb version : ' . VERSION . '</pre>'; |
---|
853 | die (); |
---|
854 | |
---|
855 | } |
---|