1 | <?php |
---|
2 | /** |
---|
3 | * TimThumb script created by Ben Gillbanks, originally created by Tim McDaniels and Darren Hoyt |
---|
4 | * http://code.google.com/p/timthumb/ |
---|
5 | * |
---|
6 | * GNU General Public License, version 2 |
---|
7 | * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html |
---|
8 | * |
---|
9 | * Examples and documentation available on the project homepage |
---|
10 | * http://www.binarymoon.co.uk/projects/timthumb/ |
---|
11 | */ |
---|
12 | |
---|
13 | define ('CACHE_SIZE', 1000); // number of files to store before clearing cache |
---|
14 | define ('CACHE_CLEAR', 20); // maximum number of files to delete on each cache clear |
---|
15 | define ('CACHE_USE', TRUE); // use the cache files? (mostly for testing) |
---|
16 | define ('CACHE_MAX_AGE', 864000); // time to cache in the browser |
---|
17 | define ('VERSION', '1.35'); // version number (to force a cache refresh) |
---|
18 | define ('DIRECTORY_CACHE', './cache'); // cache directory |
---|
19 | define ('MAX_WIDTH', 1500); // maximum image width |
---|
20 | define ('MAX_HEIGHT', 1500); // maximum image height |
---|
21 | define ('MEMORY_LIMIT', '30M'); // set PHP memory limit |
---|
22 | define ('MAX_FILE_SIZE', 1500000); // file size limit to prevent possible DOS attacks (roughly 1.5 megabytes) |
---|
23 | define ('CURL_TIMEOUT', 10); // timeout duration. Tweak as you require (lower = better) |
---|
24 | |
---|
25 | // external domains that are allowed to be displayed on your website |
---|
26 | $allowedSites = array ( |
---|
27 | ); |
---|
28 | |
---|
29 | // STOP MODIFYING HERE! |
---|
30 | // -------------------- |
---|
31 | |
---|
32 | // sort out image source |
---|
33 | $src = get_request ('src', ''); |
---|
34 | if ($src == '' || strlen ($src) <= 3) { |
---|
35 | display_error ('no image specified'); |
---|
36 | } |
---|
37 | |
---|
38 | // clean params before use |
---|
39 | $src = clean_source ($src); |
---|
40 | |
---|
41 | // get mime type of src |
---|
42 | $mime_type = mime_type ($src); |
---|
43 | |
---|
44 | // used for external websites only |
---|
45 | $external_data_string = 0; |
---|
46 | |
---|
47 | // generic file handle for reading and writing to files |
---|
48 | $fh = ''; |
---|
49 | |
---|
50 | // check to see if this image is in the cache already |
---|
51 | // if already cached then display the image and die |
---|
52 | check_cache ($mime_type); |
---|
53 | |
---|
54 | // cache doesn't exist and then process everything |
---|
55 | // check to see if GD function exist |
---|
56 | if (!function_exists ('imagecreatetruecolor')) { |
---|
57 | display_error ('GD Library Error: imagecreatetruecolor does not exist - please contact your webhost and ask them to install the GD library'); |
---|
58 | } |
---|
59 | |
---|
60 | if (function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { |
---|
61 | $imageFilters = array ( |
---|
62 | 1 => array (IMG_FILTER_NEGATE, 0), |
---|
63 | 2 => array (IMG_FILTER_GRAYSCALE, 0), |
---|
64 | 3 => array (IMG_FILTER_BRIGHTNESS, 1), |
---|
65 | 4 => array (IMG_FILTER_CONTRAST, 1), |
---|
66 | 5 => array (IMG_FILTER_COLORIZE, 4), |
---|
67 | 6 => array (IMG_FILTER_EDGEDETECT, 0), |
---|
68 | 7 => array (IMG_FILTER_EMBOSS, 0), |
---|
69 | 8 => array (IMG_FILTER_GAUSSIAN_BLUR, 0), |
---|
70 | 9 => array (IMG_FILTER_SELECTIVE_BLUR, 0), |
---|
71 | 10 => array (IMG_FILTER_MEAN_REMOVAL, 0), |
---|
72 | 11 => array (IMG_FILTER_SMOOTH, 0), |
---|
73 | ); |
---|
74 | } |
---|
75 | |
---|
76 | // get standard input properties |
---|
77 | $new_width = (int) abs (get_request ('w', 0)); |
---|
78 | $new_height = (int) abs (get_request ('h', 0)); |
---|
79 | $zoom_crop = (int) get_request ('zc', 1); |
---|
80 | $quality = (int) abs (get_request ('q', 90)); |
---|
81 | $align = get_request ('a', 'c'); |
---|
82 | $filters = get_request ('f', ''); |
---|
83 | $sharpen = (bool) get_request ('s', 0); |
---|
84 | $canvas_color = get_request ('cc', 'ffffff'); |
---|
85 | |
---|
86 | // set default width and height if neither are set already |
---|
87 | if ($new_width == 0 && $new_height == 0) { |
---|
88 | $new_width = 100; |
---|
89 | $new_height = 100; |
---|
90 | } |
---|
91 | |
---|
92 | // ensure size limits can not be abused |
---|
93 | $new_width = min ($new_width, MAX_WIDTH); |
---|
94 | $new_height = min ($new_height, MAX_HEIGHT); |
---|
95 | |
---|
96 | // set memory limit to be able to have enough space to resize larger images |
---|
97 | ini_set ('memory_limit', MEMORY_LIMIT); |
---|
98 | |
---|
99 | if (file_exists ($src)) { |
---|
100 | |
---|
101 | // open the existing image |
---|
102 | $image = open_image ($mime_type, $src); |
---|
103 | if ($image === false) { |
---|
104 | display_error ('Unable to open image : ' . $src); |
---|
105 | } |
---|
106 | |
---|
107 | // Get original width and height |
---|
108 | $width = imagesx ($image); |
---|
109 | $height = imagesy ($image); |
---|
110 | $origin_x = 0; |
---|
111 | $origin_y = 0; |
---|
112 | |
---|
113 | // generate new w/h if not provided |
---|
114 | if ($new_width && !$new_height) { |
---|
115 | $new_height = floor ($height * ($new_width / $width)); |
---|
116 | } else if ($new_height && !$new_width) { |
---|
117 | $new_width = floor ($width * ($new_height / $height)); |
---|
118 | } |
---|
119 | |
---|
120 | // scale down and add borders |
---|
121 | if ($zoom_crop == 3) { |
---|
122 | |
---|
123 | $final_height = $height * ($new_width / $width); |
---|
124 | |
---|
125 | if ($final_height > $new_height) { |
---|
126 | $new_width = $width * ($new_height / $height); |
---|
127 | } else { |
---|
128 | $new_height = $final_height; |
---|
129 | } |
---|
130 | |
---|
131 | } |
---|
132 | |
---|
133 | // create a new true color image |
---|
134 | $canvas = imagecreatetruecolor ($new_width, $new_height); |
---|
135 | imagealphablending ($canvas, false); |
---|
136 | |
---|
137 | if (strlen ($canvas_color) < 6) { |
---|
138 | $canvas_color = 'ffffff'; |
---|
139 | } |
---|
140 | |
---|
141 | $canvas_color_R = hexdec (substr ($canvas_color, 0, 2)); |
---|
142 | $canvas_color_G = hexdec (substr ($canvas_color, 2, 2)); |
---|
143 | $canvas_color_B = hexdec (substr ($canvas_color, 2, 2)); |
---|
144 | |
---|
145 | // Create a new transparent color for image |
---|
146 | $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127); |
---|
147 | |
---|
148 | // Completely fill the background of the new image with allocated color. |
---|
149 | imagefill ($canvas, 0, 0, $color); |
---|
150 | |
---|
151 | // scale down and add borders |
---|
152 | if ($zoom_crop == 2) { |
---|
153 | |
---|
154 | $final_height = $height * ($new_width / $width); |
---|
155 | |
---|
156 | if ($final_height > $new_height) { |
---|
157 | |
---|
158 | $origin_x = $new_width / 2; |
---|
159 | $new_width = $width * ($new_height / $height); |
---|
160 | $origin_x = round ($origin_x - ($new_width / 2)); |
---|
161 | |
---|
162 | } else { |
---|
163 | |
---|
164 | $origin_y = $new_height / 2; |
---|
165 | $new_height = $final_height; |
---|
166 | $origin_y = round ($origin_y - ($new_height / 2)); |
---|
167 | |
---|
168 | } |
---|
169 | |
---|
170 | } |
---|
171 | |
---|
172 | // Restore transparency blending |
---|
173 | imagesavealpha ($canvas, true); |
---|
174 | |
---|
175 | if ($zoom_crop > 0) { |
---|
176 | |
---|
177 | $src_x = $src_y = 0; |
---|
178 | $src_w = $width; |
---|
179 | $src_h = $height; |
---|
180 | |
---|
181 | $cmp_x = $width / $new_width; |
---|
182 | $cmp_y = $height / $new_height; |
---|
183 | |
---|
184 | // calculate x or y coordinate and width or height of source |
---|
185 | if ($cmp_x > $cmp_y) { |
---|
186 | |
---|
187 | $src_w = round ($width / $cmp_x * $cmp_y); |
---|
188 | $src_x = round (($width - ($width / $cmp_x * $cmp_y)) / 2); |
---|
189 | |
---|
190 | } else if ($cmp_y > $cmp_x) { |
---|
191 | |
---|
192 | $src_h = round ($height / $cmp_y * $cmp_x); |
---|
193 | $src_y = round (($height - ($height / $cmp_y * $cmp_x)) / 2); |
---|
194 | |
---|
195 | } |
---|
196 | |
---|
197 | // positional cropping! |
---|
198 | if ($align) { |
---|
199 | if (strpos ($align, 't') !== false) { |
---|
200 | $src_y = 0; |
---|
201 | } |
---|
202 | if (strpos ($align, 'b') !== false) { |
---|
203 | $src_y = $height - $src_h; |
---|
204 | } |
---|
205 | if (strpos ($align, 'l') !== false) { |
---|
206 | $src_x = 0; |
---|
207 | } |
---|
208 | if (strpos ($align, 'r') !== false) { |
---|
209 | $src_x = $width - $src_w; |
---|
210 | } |
---|
211 | } |
---|
212 | |
---|
213 | imagecopyresampled ($canvas, $image, $origin_x, $origin_y, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h); |
---|
214 | |
---|
215 | } else { |
---|
216 | |
---|
217 | // copy and resize part of an image with resampling |
---|
218 | imagecopyresampled ($canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); |
---|
219 | |
---|
220 | } |
---|
221 | |
---|
222 | if ($filters != '' && function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { |
---|
223 | // apply filters to image |
---|
224 | $filterList = explode ('|', $filters); |
---|
225 | foreach ($filterList as $fl) { |
---|
226 | |
---|
227 | $filterSettings = explode (',', $fl); |
---|
228 | if (isset ($imageFilters[$filterSettings[0]])) { |
---|
229 | |
---|
230 | for ($i = 0; $i < 4; $i ++) { |
---|
231 | if (!isset ($filterSettings[$i])) { |
---|
232 | $filterSettings[$i] = null; |
---|
233 | } else { |
---|
234 | $filterSettings[$i] = (int) $filterSettings[$i]; |
---|
235 | } |
---|
236 | } |
---|
237 | |
---|
238 | switch ($imageFilters[$filterSettings[0]][1]) { |
---|
239 | |
---|
240 | case 1: |
---|
241 | |
---|
242 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]); |
---|
243 | break; |
---|
244 | |
---|
245 | case 2: |
---|
246 | |
---|
247 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]); |
---|
248 | break; |
---|
249 | |
---|
250 | case 3: |
---|
251 | |
---|
252 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]); |
---|
253 | break; |
---|
254 | |
---|
255 | case 4: |
---|
256 | |
---|
257 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3], $filterSettings[4]); |
---|
258 | break; |
---|
259 | |
---|
260 | default: |
---|
261 | |
---|
262 | imagefilter ($canvas, $imageFilters[$filterSettings[0]][0]); |
---|
263 | break; |
---|
264 | |
---|
265 | } |
---|
266 | } |
---|
267 | } |
---|
268 | } |
---|
269 | |
---|
270 | // sharpen image |
---|
271 | if ($sharpen && function_exists ('imageconvolution')) { |
---|
272 | |
---|
273 | $sharpenMatrix = array ( |
---|
274 | array (-1,-1,-1), |
---|
275 | array (-1,16,-1), |
---|
276 | array (-1,-1,-1), |
---|
277 | ); |
---|
278 | |
---|
279 | $divisor = 8; |
---|
280 | $offset = 0; |
---|
281 | |
---|
282 | imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset); |
---|
283 | |
---|
284 | } |
---|
285 | |
---|
286 | // output image to browser based on mime type |
---|
287 | show_image ($mime_type, $canvas); |
---|
288 | |
---|
289 | } else { |
---|
290 | |
---|
291 | if (strlen ($src)) { |
---|
292 | display_error ('image ' . $src . ' not found'); |
---|
293 | } else { |
---|
294 | display_error ('no source specified'); |
---|
295 | } |
---|
296 | |
---|
297 | } |
---|
298 | |
---|
299 | |
---|
300 | /** |
---|
301 | * |
---|
302 | * @global <type> $quality |
---|
303 | * @param <type> $mime_type |
---|
304 | * @param <type> $image_resized |
---|
305 | */ |
---|
306 | function show_image ($mime_type, $canvas) { |
---|
307 | |
---|
308 | global $quality; |
---|
309 | |
---|
310 | $cache_file = get_cache_file (); |
---|
311 | |
---|
312 | switch ($mime_type) { |
---|
313 | case 'jpg': |
---|
314 | imagejpeg ($canvas, $cache_file, $quality); |
---|
315 | break; |
---|
316 | |
---|
317 | default: |
---|
318 | case 'png': |
---|
319 | imagepng ($canvas, $cache_file, floor ($quality * 0.09)); |
---|
320 | break; |
---|
321 | |
---|
322 | } |
---|
323 | |
---|
324 | // remove image from memory |
---|
325 | imagedestroy ($canvas); |
---|
326 | |
---|
327 | // if not in cache then clear some space and generate a new file |
---|
328 | clean_cache (); |
---|
329 | |
---|
330 | show_cache_file ($mime_type); |
---|
331 | |
---|
332 | } |
---|
333 | |
---|
334 | |
---|
335 | /** |
---|
336 | * |
---|
337 | * @param <type> $property |
---|
338 | * @param <type> $default |
---|
339 | * @return <type> |
---|
340 | */ |
---|
341 | function get_request ($property, $default = 0) { |
---|
342 | |
---|
343 | if (isset ($_GET[$property])) { |
---|
344 | return $_GET[$property]; |
---|
345 | } else { |
---|
346 | return $default; |
---|
347 | } |
---|
348 | |
---|
349 | } |
---|
350 | |
---|
351 | |
---|
352 | /** |
---|
353 | * |
---|
354 | * @param <type> $mime_type |
---|
355 | * @param <type> $src |
---|
356 | * @return <type> |
---|
357 | */ |
---|
358 | function open_image ($mime_type, $src) { |
---|
359 | |
---|
360 | switch ($mime_type) { |
---|
361 | case 'jpg': |
---|
362 | $image = imagecreatefromjpeg ($src); |
---|
363 | break; |
---|
364 | |
---|
365 | case 'png': |
---|
366 | $image = imagecreatefrompng ($src); |
---|
367 | break; |
---|
368 | |
---|
369 | case 'gif': |
---|
370 | $image = imagecreatefromgif ($src); |
---|
371 | break; |
---|
372 | } |
---|
373 | |
---|
374 | return $image; |
---|
375 | |
---|
376 | } |
---|
377 | |
---|
378 | /** |
---|
379 | * clean out old files from the cache |
---|
380 | * you can change the number of files to store and to delete per loop in the defines at the top of the code |
---|
381 | * |
---|
382 | * @return <type> |
---|
383 | */ |
---|
384 | function clean_cache () { |
---|
385 | |
---|
386 | if (!file_exists (DIRECTORY_CACHE . '/index.php')) { |
---|
387 | touch (DIRECTORY_CACHE . '/index.php'); |
---|
388 | } |
---|
389 | |
---|
390 | // add an escape |
---|
391 | // Reduces the amount of cache clearing to save some processor speed |
---|
392 | if (rand (1, 50) > 10) { |
---|
393 | return true; |
---|
394 | } |
---|
395 | |
---|
396 | flush (); |
---|
397 | |
---|
398 | $files = glob (DIRECTORY_CACHE . '/*', GLOB_BRACE); |
---|
399 | |
---|
400 | if (count ($files) > CACHE_SIZE) { |
---|
401 | |
---|
402 | $yesterday = time () - (24 * 60 * 60); |
---|
403 | |
---|
404 | usort ($files, 'filemtime_compare'); |
---|
405 | $i = 0; |
---|
406 | |
---|
407 | foreach ($files as $file) { |
---|
408 | |
---|
409 | $i ++; |
---|
410 | |
---|
411 | if ($i >= CACHE_CLEAR) { |
---|
412 | return; |
---|
413 | } |
---|
414 | |
---|
415 | if (@filemtime ($file) > $yesterday) { |
---|
416 | return; |
---|
417 | } |
---|
418 | |
---|
419 | if (file_exists ($file)) { |
---|
420 | unlink ($file); |
---|
421 | } |
---|
422 | |
---|
423 | } |
---|
424 | |
---|
425 | } |
---|
426 | |
---|
427 | } |
---|
428 | |
---|
429 | |
---|
430 | /** |
---|
431 | * compare the file time of two files |
---|
432 | * |
---|
433 | * @param <type> $a |
---|
434 | * @param <type> $b |
---|
435 | * @return <type> |
---|
436 | */ |
---|
437 | function filemtime_compare ($a, $b) { |
---|
438 | |
---|
439 | $break = explode ('/', $_SERVER['SCRIPT_FILENAME']); |
---|
440 | $filename = $break[count ($break) - 1]; |
---|
441 | $filepath = str_replace ($filename, '', $_SERVER['SCRIPT_FILENAME']); |
---|
442 | |
---|
443 | $file_a = realpath ($filepath . $a); |
---|
444 | $file_b = realpath ($filepath . $b); |
---|
445 | |
---|
446 | return filemtime ($file_a) - filemtime ($file_b); |
---|
447 | |
---|
448 | } |
---|
449 | |
---|
450 | |
---|
451 | /** |
---|
452 | * determine the file mime type |
---|
453 | * |
---|
454 | * @param <type> $file |
---|
455 | * @return <type> |
---|
456 | */ |
---|
457 | function mime_type ($file) { |
---|
458 | |
---|
459 | $file_infos = getimagesize ($file); |
---|
460 | |
---|
461 | // no mime type |
---|
462 | if (empty ($file_infos['mime'])) { |
---|
463 | display_error ('no mime type specified in image'); |
---|
464 | } |
---|
465 | |
---|
466 | $mime_type = $file_infos['mime']; |
---|
467 | |
---|
468 | // use mime_type to determine mime type |
---|
469 | if (!preg_match ("/jpg|jpeg|gif|png/i", $mime_type)) { |
---|
470 | display_error ('Invalid src mime type: ' . $mime_type); |
---|
471 | } |
---|
472 | |
---|
473 | $mime_type = strtolower ($mime_type); |
---|
474 | $mime_type = str_replace ('image/', '', $mime_type); |
---|
475 | |
---|
476 | if ($mime_type == 'jpeg') { |
---|
477 | $mime_type = 'jpg'; |
---|
478 | } |
---|
479 | |
---|
480 | return $mime_type; |
---|
481 | |
---|
482 | } |
---|
483 | |
---|
484 | |
---|
485 | /** |
---|
486 | * |
---|
487 | * @param <type> $mime_type |
---|
488 | */ |
---|
489 | function check_cache ($mime_type) { |
---|
490 | |
---|
491 | if (CACHE_USE) { |
---|
492 | |
---|
493 | if (!show_cache_file ($mime_type)) { |
---|
494 | // make sure cache dir exists |
---|
495 | if (!file_exists (DIRECTORY_CACHE)) { |
---|
496 | // give 777 permissions so that developer can overwrite |
---|
497 | // files created by web server user |
---|
498 | mkdir (DIRECTORY_CACHE); |
---|
499 | chmod (DIRECTORY_CACHE, 0777); |
---|
500 | } |
---|
501 | } |
---|
502 | |
---|
503 | } |
---|
504 | |
---|
505 | } |
---|
506 | |
---|
507 | |
---|
508 | /** |
---|
509 | * |
---|
510 | * @param <type> $mime_type |
---|
511 | * @return <type> |
---|
512 | */ |
---|
513 | function show_cache_file ($mime_type) { |
---|
514 | |
---|
515 | // use browser cache if available to speed up page load |
---|
516 | if (!empty ($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { |
---|
517 | if (strtotime ($_SERVER['HTTP_IF_MODIFIED_SINCE']) < strtotime ('now')) { |
---|
518 | header ('HTTP/1.1 304 Not Modified'); |
---|
519 | die (); |
---|
520 | } |
---|
521 | } |
---|
522 | |
---|
523 | $cache_file = get_cache_file (); |
---|
524 | |
---|
525 | if (file_exists ($cache_file)) { |
---|
526 | |
---|
527 | // change the modified headers |
---|
528 | $gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT'; |
---|
529 | $gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT'; |
---|
530 | |
---|
531 | // send content headers then display image |
---|
532 | header ('Content-Type: image/' . get_file_type ($mime_type)); |
---|
533 | header ('Accept-Ranges: none'); |
---|
534 | header ('Last-Modified: ' . $gmdate_modified); |
---|
535 | header ('Content-Length: ' . filesize ($cache_file)); |
---|
536 | header ('Cache-Control: max-age=' . CACHE_MAX_AGE . ', must-revalidate'); |
---|
537 | header ('Expires: ' . $gmdate_expires); |
---|
538 | |
---|
539 | if (!@readfile ($cache_file)) { |
---|
540 | $content = file_get_contents ($cache_file); |
---|
541 | if ($content != FALSE) { |
---|
542 | echo $content; |
---|
543 | } else { |
---|
544 | display_error ('cache file could not be loaded'); |
---|
545 | } |
---|
546 | } |
---|
547 | |
---|
548 | die (); |
---|
549 | |
---|
550 | } |
---|
551 | |
---|
552 | return FALSE; |
---|
553 | |
---|
554 | } |
---|
555 | |
---|
556 | |
---|
557 | /** |
---|
558 | * |
---|
559 | * @param type $extension |
---|
560 | * @return type |
---|
561 | */ |
---|
562 | function get_file_type ($extension) { |
---|
563 | |
---|
564 | switch ($extension) { |
---|
565 | case 'png': |
---|
566 | case 'gif': |
---|
567 | return 'png'; |
---|
568 | |
---|
569 | case 'jpg': |
---|
570 | case 'jpeg': |
---|
571 | return 'jpeg'; |
---|
572 | |
---|
573 | default: |
---|
574 | display_error ('file type not found : ' . $extension); |
---|
575 | } |
---|
576 | |
---|
577 | } |
---|
578 | |
---|
579 | |
---|
580 | /** |
---|
581 | * |
---|
582 | * @staticvar string $cache_file |
---|
583 | * @return string |
---|
584 | */ |
---|
585 | function get_cache_file () { |
---|
586 | |
---|
587 | static $cache_file; |
---|
588 | global $src; |
---|
589 | |
---|
590 | if (!$cache_file) { |
---|
591 | // filemtime is used to make sure updated files get recached |
---|
592 | $cache_file = DIRECTORY_CACHE . '/' . md5 ($_SERVER ['QUERY_STRING'] . VERSION . filemtime ($src) . $_SERVER['DOCUMENT_ROOT']) . '.txt'; |
---|
593 | } |
---|
594 | |
---|
595 | return $cache_file; |
---|
596 | |
---|
597 | } |
---|
598 | |
---|
599 | |
---|
600 | /** |
---|
601 | * |
---|
602 | * @param <type> $url |
---|
603 | * @return <type> |
---|
604 | */ |
---|
605 | function validate_url ($url) { |
---|
606 | $pattern = "/\b(?:(?:https?):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i"; |
---|
607 | return preg_match ($pattern, $url); |
---|
608 | } |
---|
609 | |
---|
610 | |
---|
611 | /** |
---|
612 | * |
---|
613 | * @global array $allowedSites |
---|
614 | * @param string $src |
---|
615 | * @return string |
---|
616 | */ |
---|
617 | function check_external ($src) { |
---|
618 | |
---|
619 | global $allowedSites; |
---|
620 | |
---|
621 | // work out file details |
---|
622 | $filename = 'external_' . md5 ($src) . '.txt'; |
---|
623 | $local_filepath = DIRECTORY_CACHE . '/' . $filename; |
---|
624 | |
---|
625 | // only do this stuff the file doesn't already exist |
---|
626 | if (!file_exists ($local_filepath)) { |
---|
627 | |
---|
628 | if (strpos (strtolower ($src), 'http://') !== false || strpos (strtolower ($src), 'https://') !== false) { |
---|
629 | |
---|
630 | if (!validate_url ($src)) { |
---|
631 | display_error ('invalid url'); |
---|
632 | } |
---|
633 | |
---|
634 | $url_info = parse_url ($src); |
---|
635 | |
---|
636 | if (count (explode ('.', $url_info['path'])) > 2) { |
---|
637 | display_error ('source filename invalid'); |
---|
638 | } |
---|
639 | |
---|
640 | if (($url_info['host'] == 'www.youtube.com' || $url_info['host'] == 'youtube.com') && preg_match ('/v=([^&]+)/i', $url_info['query'], $matches)) { |
---|
641 | $v = $matches[1]; |
---|
642 | $src = 'http://img.youtube.com/vi/' . $v . '/0.jpg'; |
---|
643 | $url_info['host'] = 'img.youtube.com'; |
---|
644 | } |
---|
645 | |
---|
646 | $isAllowedSite = false; |
---|
647 | |
---|
648 | // check allowed sites (if required) |
---|
649 | foreach ($allowedSites as $site) { |
---|
650 | if (preg_match ('/(?:^|\.)' . $site . '$/i', $url_info['host'])) { |
---|
651 | $isAllowedSite = true; |
---|
652 | } |
---|
653 | } |
---|
654 | |
---|
655 | // if allowed |
---|
656 | if ($isAllowedSite) { |
---|
657 | |
---|
658 | if (function_exists ('curl_init')) { |
---|
659 | |
---|
660 | global $fh; |
---|
661 | |
---|
662 | $fh = fopen ($local_filepath, 'w'); |
---|
663 | $ch = curl_init ($src); |
---|
664 | |
---|
665 | curl_setopt ($ch, CURLOPT_TIMEOUT, CURL_TIMEOUT); |
---|
666 | curl_setopt ($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0'); |
---|
667 | curl_setopt ($ch, CURLOPT_URL, $src); |
---|
668 | curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE); |
---|
669 | curl_setopt ($ch, CURLOPT_HEADER, 0); |
---|
670 | curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); |
---|
671 | curl_setopt ($ch, CURLOPT_WRITEFUNCTION, 'curl_write'); |
---|
672 | |
---|
673 | // error so die |
---|
674 | if (curl_exec ($ch) === FALSE) { |
---|
675 | unlink ($local_filepath); |
---|
676 | touch ($local_filepath); |
---|
677 | display_error ('error reading file ' . $src . ' from remote host: ' . curl_error ($ch)); |
---|
678 | } |
---|
679 | |
---|
680 | curl_close ($ch); |
---|
681 | fclose ($fh); |
---|
682 | |
---|
683 | // check it's actually an image |
---|
684 | $file_infos = getimagesize ($local_filepath); |
---|
685 | |
---|
686 | // no mime type or invalid mime type |
---|
687 | if (empty ($file_infos['mime']) || !preg_match ("/jpg|jpeg|gif|png/i", $file_infos['mime'])) { |
---|
688 | unlink ($local_filepath); |
---|
689 | touch ($local_filepath); |
---|
690 | display_error ('remote file not a valid image'); |
---|
691 | } |
---|
692 | |
---|
693 | } else { |
---|
694 | |
---|
695 | if (!$img = file_get_contents ($src)) { |
---|
696 | display_error ('remote file for ' . $src . ' can not be accessed. It is likely that the file permissions are restricted'); |
---|
697 | } |
---|
698 | |
---|
699 | if (file_put_contents ($local_filepath, $img) == FALSE) { |
---|
700 | display_error ('error writing temporary file'); |
---|
701 | } |
---|
702 | |
---|
703 | } |
---|
704 | |
---|
705 | if (!file_exists ($local_filepath)) { |
---|
706 | display_error ('local file for ' . $src . ' can not be created'); |
---|
707 | } |
---|
708 | |
---|
709 | $src = $local_filepath; |
---|
710 | |
---|
711 | } else { |
---|
712 | |
---|
713 | display_error ('remote host "' . $url_info['host'] . '" not allowed'); |
---|
714 | |
---|
715 | } |
---|
716 | |
---|
717 | } |
---|
718 | |
---|
719 | } else { |
---|
720 | |
---|
721 | $src = $local_filepath; |
---|
722 | |
---|
723 | } |
---|
724 | |
---|
725 | return $src; |
---|
726 | |
---|
727 | } |
---|
728 | |
---|
729 | |
---|
730 | /** |
---|
731 | * callback for curl command to receive external images |
---|
732 | * limit the amount of data downloaded from external servers |
---|
733 | * |
---|
734 | * @global <type> $data_string |
---|
735 | * @param <type> $handle |
---|
736 | * @param <type> $data |
---|
737 | * @return <type> |
---|
738 | */ |
---|
739 | function curl_write ($handle, $data) { |
---|
740 | |
---|
741 | global $external_data_string, $fh; |
---|
742 | |
---|
743 | fwrite ($fh, $data); |
---|
744 | $external_data_string += strlen ($data); |
---|
745 | |
---|
746 | if ($external_data_string > MAX_FILE_SIZE) { |
---|
747 | return 0; |
---|
748 | } else { |
---|
749 | return strlen ($data); |
---|
750 | } |
---|
751 | |
---|
752 | } |
---|
753 | |
---|
754 | |
---|
755 | /** |
---|
756 | * tidy up the image source url |
---|
757 | * |
---|
758 | * @param <type> $src |
---|
759 | * @return string |
---|
760 | */ |
---|
761 | function clean_source ($src) { |
---|
762 | |
---|
763 | $host = str_replace ('www.', '', $_SERVER['HTTP_HOST']); |
---|
764 | $regex = "/^(http(s|):\/\/)(www\.|)" . $host . "\//i"; |
---|
765 | |
---|
766 | $src = preg_replace ($regex, '', $src); |
---|
767 | $src = strip_tags ($src); |
---|
768 | $src = check_external ($src); |
---|
769 | |
---|
770 | // remove slash from start of string |
---|
771 | if (strpos ($src, '/') === 0) { |
---|
772 | $src = substr ($src, -(strlen ($src) - 1)); |
---|
773 | } |
---|
774 | |
---|
775 | // don't allow users the ability to use '../' |
---|
776 | // in order to gain access to files below document root |
---|
777 | $src = preg_replace ("/\.\.+\//", "", $src); |
---|
778 | |
---|
779 | // get path to image on file system |
---|
780 | $src = get_document_root ($src) . '/' . $src; |
---|
781 | |
---|
782 | if (!is_file ($src)) { |
---|
783 | display_error ('source is not a valid file'); |
---|
784 | } |
---|
785 | |
---|
786 | if (filesize ($src) > MAX_FILE_SIZE) { |
---|
787 | display_error ('source file is too big (filesize > MAX_FILE_SIZE)'); |
---|
788 | } |
---|
789 | |
---|
790 | if (filesize ($src) <= 0) { |
---|
791 | display_error ('source file <= 0 bytes. Possible external file download error (file is too large)'); |
---|
792 | } |
---|
793 | |
---|
794 | return realpath ($src); |
---|
795 | |
---|
796 | } |
---|
797 | |
---|
798 | |
---|
799 | /** |
---|
800 | * |
---|
801 | * @param <type> $src |
---|
802 | * @return string |
---|
803 | */ |
---|
804 | function get_document_root ($src) { |
---|
805 | |
---|
806 | // check for unix servers |
---|
807 | if (file_exists ($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) { |
---|
808 | return $_SERVER['DOCUMENT_ROOT']; |
---|
809 | } |
---|
810 | |
---|
811 | // check from script filename (to get all directories to timthumb location) |
---|
812 | $parts = array_diff (explode ('/', $_SERVER['SCRIPT_FILENAME']), explode ('/', $_SERVER['DOCUMENT_ROOT'])); |
---|
813 | |
---|
814 | $path = './'; |
---|
815 | |
---|
816 | foreach ($parts as $part) { |
---|
817 | if (file_exists ($path . '/' . $src)) { |
---|
818 | return realpath ($path); |
---|
819 | } |
---|
820 | $path .= '../'; |
---|
821 | } |
---|
822 | |
---|
823 | // special check for microsoft servers |
---|
824 | if (!isset ($_SERVER['DOCUMENT_ROOT'])) { |
---|
825 | $path = str_replace ("/", "\\", $_SERVER['ORIG_PATH_INFO']); |
---|
826 | $path = str_replace ($path, '', $_SERVER['SCRIPT_FILENAME']); |
---|
827 | |
---|
828 | if (file_exists ($path . '/' . $src)) { |
---|
829 | return realpath ($path); |
---|
830 | } |
---|
831 | } |
---|
832 | |
---|
833 | display_error ('file not found'); |
---|
834 | |
---|
835 | } |
---|
836 | |
---|
837 | |
---|
838 | /** |
---|
839 | * generic error message |
---|
840 | * |
---|
841 | * @param <type> $errorString |
---|
842 | */ |
---|
843 | function display_error ($errorString = '') { |
---|
844 | |
---|
845 | header ('HTTP/1.1 400 Bad Request'); |
---|
846 | echo '<pre>' . htmlentities ($errorString); |
---|
847 | echo '<br />Query String : ' . htmlentities ($_SERVER['QUERY_STRING']); |
---|
848 | die (); |
---|
849 | |
---|
850 | } |
---|