PageRenderTime 45ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 0ms

/thumb/phpThumb.php

https://bitbucket.org/webnroll/cosyx
PHP | 620 lines | 470 code | 72 blank | 78 comment | 144 complexity | 7544372feee61a17b8ffff22978d4fa3 MD5 | raw file
  1. <?php
  2. //////////////////////////////////////////////////////////////
  3. /// phpThumb() by James Heinrich <info@silisoftware.com> //
  4. // available at http://phpthumb.sourceforge.net ///
  5. //////////////////////////////////////////////////////////////
  6. /// //
  7. // See: phpthumb.changelog.txt for recent changes //
  8. // See: phpthumb.readme.txt for usage instructions //
  9. // ///
  10. //////////////////////////////////////////////////////////////
  11. error_reporting(0);
  12. ini_set('display_errors', '0');
  13. ini_set('magic_quotes_runtime', '0');
  14. if (@ini_get('magic_quotes_runtime')) {
  15. die('"magic_quotes_runtime" is set in php.ini, cannot run phpThumb with this enabled');
  16. }
  17. $starttime = array_sum(explode(' ', microtime()));
  18. // this script relies on the superglobal arrays, fake it here for old PHP versions
  19. if (phpversion() < '4.1.0') {
  20. $_SERVER = $HTTP_SERVER_VARS;
  21. $_GET = $HTTP_GET_VARS;
  22. }
  23. // instantiate a new phpThumb() object
  24. ob_start();
  25. if (!include_once(dirname(__FILE__).'/phpthumb.class.php')) {
  26. ob_end_flush();
  27. die('failed to include_once("'.realpath(dirname(__FILE__).'/phpthumb.class.php').'")');
  28. }
  29. ob_end_clean();
  30. $phpThumb = new phpThumb();
  31. $phpThumb->DebugTimingMessage('phpThumb.php start', __FILE__, __LINE__, $starttime);
  32. $phpThumb->SetParameter('config_error_die_on_error', true);
  33. if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
  34. set_time_limit(60); // shouldn't take nearly this long in most cases, but with many filters and/or a slow server...
  35. }
  36. // phpThumbDebug[0] used to be here, but may reveal too much
  37. // info when high_security_mode should be enabled (not set yet)
  38. if (file_exists(dirname(__FILE__).'/phpThumb.config.php')) {
  39. ob_start();
  40. if (include_once(dirname(__FILE__).'/phpThumb.config.php')) {
  41. // great
  42. } else {
  43. ob_end_flush();
  44. $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
  45. }
  46. ob_end_clean();
  47. } elseif (file_exists(dirname(__FILE__).'/phpThumb.config.php.default')) {
  48. $phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
  49. } else {
  50. $phpThumb->ErrorImage('failed to include_once('.dirname(__FILE__).'/phpThumb.config.php) - realpath="'.realpath(dirname(__FILE__).'/phpThumb.config.php').'"');
  51. }
  52. if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
  53. $_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
  54. $args = explode(';', substr($_SERVER['PATH_INFO'], 1));
  55. $phpThumb->DebugMessage('PATH_INFO.$args set to ('.implode(')(', $args).')', __FILE__, __LINE__);
  56. if (!empty($args)) {
  57. $_GET['src'] = @$args[count($args) - 1];
  58. $phpThumb->DebugMessage('PATH_INFO."src" = "'.$_GET['src'].'"', __FILE__, __LINE__);
  59. if (eregi('^new\=([a-z0-9]+)', $_GET['src'], $matches)) {
  60. unset($_GET['src']);
  61. $_GET['new'] = $matches[1];
  62. }
  63. }
  64. if (eregi('^([0-9]*)x?([0-9]*)$', @$args[count($args) - 2], $matches)) {
  65. $_GET['w'] = $matches[1];
  66. $_GET['h'] = $matches[2];
  67. $phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "'.$_GET['w'].'"x"'.$_GET['h'].'"', __FILE__, __LINE__);
  68. }
  69. for ($i = 0; $i < count($args) - 2; $i++) {
  70. @list($key, $value) = explode('=', @$args[$i]);
  71. if (substr($key, -2) == '[]') {
  72. $array_key_name = substr($key, 0, -2);
  73. $_GET[$array_key_name][] = $value;
  74. $phpThumb->DebugMessage('PATH_INFO."'.$array_key_name.'[]" = "'.$value.'"', __FILE__, __LINE__);
  75. } else {
  76. $_GET[$key] = $value;
  77. $phpThumb->DebugMessage('PATH_INFO."'.$key.'" = "'.$value.'"', __FILE__, __LINE__);
  78. }
  79. }
  80. }
  81. if (@$PHPTHUMB_CONFIG['high_security_enabled']) {
  82. if (!@$_GET['hash']) {
  83. $phpThumb->ErrorImage('ERROR: missing hash');
  84. } elseif (strlen($PHPTHUMB_CONFIG['high_security_password']) < 5) {
  85. $phpThumb->ErrorImage('ERROR: strlen($PHPTHUMB_CONFIG[high_security_password]) < 5');
  86. } elseif ($_GET['hash'] != md5(str_replace('&hash='.$_GET['hash'], '', $_SERVER['QUERY_STRING']).$PHPTHUMB_CONFIG['high_security_password'])) {
  87. $phpThumb->ErrorImage('ERROR: invalid hash');
  88. }
  89. }
  90. ////////////////////////////////////////////////////////////////
  91. // Debug output, to try and help me diagnose problems
  92. $phpThumb->DebugTimingMessage('phpThumbDebug[0]', __FILE__, __LINE__);
  93. if (isset($_GET['phpThumbDebug']) && $_GET['phpThumbDebug'] == '0') {
  94. $phpThumb->phpThumbDebug();
  95. }
  96. ////////////////////////////////////////////////////////////////
  97. // returned the fixed string if the evil "magic_quotes_gpc" setting is on
  98. if (get_magic_quotes_gpc()) {
  99. // deprecated: 'err', 'file', 'goto',
  100. $RequestVarsToStripSlashes = array('src', 'wmf', 'down');
  101. foreach ($RequestVarsToStripSlashes as $key) {
  102. if (isset($_GET[$key])) {
  103. if (is_string($_GET[$key])) {
  104. $_GET[$key] = stripslashes($_GET[$key]);
  105. } else {
  106. unset($_GET[$key]);
  107. }
  108. }
  109. }
  110. }
  111. if (!isset($_SERVER['PATH_INFO']) && !isset($_SERVER['QUERY_STRING'])) {
  112. $phpThumb->ErrorImage('phpThumb() v'.$phpThumb->phpthumb_version.'<br><a href="http://phpthumb.sourceforge.net">http://phpthumb.sourceforge.net</a><br><br>ERROR: no parameters specified');
  113. }
  114. if (@$_GET['src'] && isset($_GET['md5s']) && empty($_GET['md5s'])) {
  115. if (eregi('^(f|ht)tps?://', $_GET['src'])) {
  116. if ($rawImageData = phpthumb_functions::SafeURLread($_GET['src'], $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
  117. $md5s = md5($rawImageData);
  118. }
  119. } else {
  120. $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_GET['src']);
  121. if (is_readable($SourceFilename)) {
  122. $md5s = phpthumb_functions::md5_file_safe($SourceFilename);
  123. } else {
  124. $phpThumb->ErrorImage('ERROR: "'.$SourceFilename.'" cannot be read');
  125. }
  126. }
  127. if (@$_SERVER['HTTP_REFERER']) {
  128. $phpThumb->ErrorImage('&md5s='.$md5s);
  129. } else {
  130. die('&md5s='.$md5s);
  131. }
  132. }
  133. if (!empty($PHPTHUMB_CONFIG)) {
  134. foreach ($PHPTHUMB_CONFIG as $key => $value) {
  135. $keyname = 'config_'.$key;
  136. $phpThumb->setParameter($keyname, $value);
  137. if (!eregi('password', $key)) {
  138. $phpThumb->DebugMessage('setParameter('.$keyname.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
  139. }
  140. }
  141. } else {
  142. $phpThumb->DebugMessage('$PHPTHUMB_CONFIG is empty', __FILE__, __LINE__);
  143. }
  144. if (@$_GET['src'] && !@$PHPTHUMB_CONFIG['allow_local_http_src'] && eregi('^http://'.@$_SERVER['HTTP_HOST'].'(.+)', @$_GET['src'], $matches)) {
  145. $phpThumb->ErrorImage('It is MUCH better to specify the "src" parameter as "'.$matches[1].'" instead of "'.$matches[0].'".'."\n\n".'If you really must do it this way, enable "allow_local_http_src" in phpThumb.config.php');
  146. }
  147. ////////////////////////////////////////////////////////////////
  148. // Debug output, to try and help me diagnose problems
  149. $phpThumb->DebugTimingMessage('phpThumbDebug[1]', __FILE__, __LINE__);
  150. if (@$_GET['phpThumbDebug'] == '1') {
  151. $phpThumb->phpThumbDebug();
  152. }
  153. ////////////////////////////////////////////////////////////////
  154. $parsed_url_referer = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
  155. if ($phpThumb->config_nooffsitelink_require_refer && !in_array(@$parsed_url_referer['host'], $phpThumb->config_nohotlink_valid_domains)) {
  156. $phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and '.(@$parsed_url_referer['host'] ? '"'.$parsed_url_referer['host'].'" is not an allowed referer' : 'no HTTP_REFERER exists'));
  157. }
  158. $parsed_url_src = phpthumb_functions::ParseURLbetter(@$_GET['src']);
  159. if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && eregi('^(f|ht)tps?://', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
  160. $phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
  161. }
  162. if ($phpThumb->config_mysql_query) {
  163. if ($cid = @mysql_connect($phpThumb->config_mysql_hostname, $phpThumb->config_mysql_username, $phpThumb->config_mysql_password)) {
  164. if (@mysql_select_db($phpThumb->config_mysql_database, $cid)) {
  165. if ($result = @mysql_query($phpThumb->config_mysql_query, $cid)) {
  166. if ($row = @mysql_fetch_array($result)) {
  167. mysql_free_result($result);
  168. mysql_close($cid);
  169. $phpThumb->setSourceData($row[0]);
  170. unset($row);
  171. } else {
  172. mysql_free_result($result);
  173. mysql_close($cid);
  174. $phpThumb->ErrorImage('no matching data in database.');
  175. }
  176. } else {
  177. mysql_close($cid);
  178. $phpThumb->ErrorImage('Error in MySQL query: "'.mysql_error($cid).'"');
  179. }
  180. } else {
  181. mysql_close($cid);
  182. $phpThumb->ErrorImage('cannot select MySQL database: "'.mysql_error($cid).'"');
  183. }
  184. } else {
  185. $phpThumb->ErrorImage('cannot connect to MySQL server');
  186. }
  187. unset($_GET['id']);
  188. }
  189. ////////////////////////////////////////////////////////////////
  190. // Debug output, to try and help me diagnose problems
  191. $phpThumb->DebugTimingMessage('phpThumbDebug[2]', __FILE__, __LINE__);
  192. if (@$_GET['phpThumbDebug'] == '2') {
  193. $phpThumb->phpThumbDebug();
  194. }
  195. ////////////////////////////////////////////////////////////////
  196. $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = (bool) (@$PHPTHUMB_CONFIG['cache_default_only_suffix'] && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false));
  197. if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
  198. $phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
  199. foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
  200. if ($PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) {
  201. $_GET[$key] = $value;
  202. $phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.$value.') to $_GET['.$key.']', __FILE__, __LINE__);
  203. }
  204. }
  205. }
  206. // deprecated: 'err', 'file', 'goto',
  207. $allowedGETparameters = array('src', 'new', 'w', 'h', 'wp', 'hp', 'wl', 'hl', 'ws', 'hs', 'f', 'q', 'sx', 'sy', 'sw', 'sh', 'zc', 'bc', 'bg', 'bgt', 'fltr', 'xto', 'ra', 'ar', 'aoe', 'far', 'iar', 'maxb', 'down', 'phpThumbDebug', 'hash', 'md5s', 'sfn', 'dpi', 'sia', 'nocache');
  208. foreach ($_GET as $key => $value) {
  209. if (@$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS && ($key != 'src')) {
  210. // disabled, do not set parameter
  211. $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
  212. } elseif (in_array($key, $allowedGETparameters)) {
  213. $phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
  214. $phpThumb->setParameter($key, $value);
  215. } else {
  216. $phpThumb->ErrorImage('Forbidden parameter: '.$key);
  217. }
  218. }
  219. ////////////////////////////////////////////////////////////////
  220. // Debug output, to try and help me diagnose problems
  221. $phpThumb->DebugTimingMessage('phpThumbDebug[3]', __FILE__, __LINE__);
  222. if (@$_GET['phpThumbDebug'] == '3') {
  223. $phpThumb->phpThumbDebug();
  224. }
  225. ////////////////////////////////////////////////////////////////
  226. //if (!@$_GET['phpThumbDebug'] && !is_file($phpThumb->sourceFilename) && !phpthumb_functions::gd_version()) {
  227. // if (!headers_sent()) {
  228. // // base64-encoded error image in GIF format
  229. // $ERROR_NOGD = 'R0lGODlhIAAgALMAAAAAABQUFCQkJDY2NkZGRldXV2ZmZnJycoaGhpSUlKWlpbe3t8XFxdXV1eTk5P7+/iwAAAAAIAAgAAAE/vDJSau9WILtTAACUinDNijZtAHfCojS4W5H+qxD8xibIDE9h0OwWaRWDIljJSkUJYsN4bihMB8th3IToAKs1VtYM75cyV8sZ8vygtOE5yMKmGbO4jRdICQCjHdlZzwzNW4qZSQmKDaNjhUMBX4BBAlmMywFSRWEmAI6b5gAlhNxokGhooAIK5o/pi9vEw4Lfj4OLTAUpj6IabMtCwlSFw0DCKBoFqwAB04AjI54PyZ+yY3TD0ss2YcVmN/gvpcu4TOyFivWqYJlbAHPpOntvxNAACcmGHjZzAZqzSzcq5fNjxFmAFw9iFRunD1epU6tsIPmFCAJnWYE0FURk7wJDA0MTKpEzoWAAskiAAA7';
  230. // header('Content-Type: image/gif');
  231. // echo base64_decode($ERROR_NOGD);
  232. // } else {
  233. // echo '*** ERROR: No PHP-GD support available ***';
  234. // }
  235. // exit;
  236. //}
  237. // check to see if file can be output from source with no processing or caching
  238. $CanPassThroughDirectly = true;
  239. if ($phpThumb->rawImageData) {
  240. // data from SQL, should be fine
  241. } elseif (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
  242. // assume is ok if no other parameters specified
  243. } elseif (!@is_file($phpThumb->sourceFilename)) {
  244. $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_file('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
  245. $CanPassThroughDirectly = false;
  246. } elseif (!@is_readable($phpThumb->sourceFilename)) {
  247. $phpThumb->DebugMessage('$CanPassThroughDirectly=false because !@is_readable('.$phpThumb->sourceFilename.')', __FILE__, __LINE__);
  248. $CanPassThroughDirectly = false;
  249. }
  250. foreach ($_GET as $key => $value) {
  251. switch ($key) {
  252. case 'src':
  253. // allowed
  254. break;
  255. case 'w':
  256. case 'h':
  257. // might be OK if exactly matches original
  258. if (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
  259. // assume it is not ok for direct-passthru of remote image
  260. $CanPassThroughDirectly = false;
  261. }
  262. break;
  263. case 'phpThumbDebug':
  264. // handled in direct-passthru code
  265. break;
  266. default:
  267. // all other parameters will cause some processing,
  268. // therefore cannot pass through original image unmodified
  269. $CanPassThroughDirectly = false;
  270. $UnAllowedGET[] = $key;
  271. break;
  272. }
  273. }
  274. if (!empty($UnAllowedGET)) {
  275. $phpThumb->DebugMessage('$CanPassThroughDirectly=false because $_GET['.implode(';', array_unique($UnAllowedGET)).'] are set', __FILE__, __LINE__);
  276. }
  277. ////////////////////////////////////////////////////////////////
  278. // Debug output, to try and help me diagnose problems
  279. $phpThumb->DebugTimingMessage('phpThumbDebug[4]', __FILE__, __LINE__);
  280. if (@$_GET['phpThumbDebug'] == '4') {
  281. $phpThumb->phpThumbDebug();
  282. }
  283. ////////////////////////////////////////////////////////////////
  284. function SendSaveAsFileHeaderIfNeeded() {
  285. if (headers_sent()) {
  286. return false;
  287. }
  288. global $phpThumb;
  289. $downloadfilename = phpthumb_functions::SanitizeFilename(@$_GET['sia'] ? $_GET['sia'] : (@$_GET['down'] ? $_GET['down'] : 'phpThumb_generated_thumbnail'.(@$_GET['f'] ? $_GET['f'] : 'jpg')));
  290. if (@$downloadfilename) {
  291. $phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
  292. header('Content-Disposition: '.(@$_GET['down'] ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"');
  293. }
  294. return true;
  295. }
  296. $phpThumb->DebugMessage('$CanPassThroughDirectly="'.intval($CanPassThroughDirectly).'" && $phpThumb->src="'.$phpThumb->src.'"', __FILE__, __LINE__);
  297. while ($CanPassThroughDirectly && $phpThumb->src) {
  298. // no parameters set, passthru
  299. if (eregi('^http\://.+\.(jpe?g|gif|png)$', $phpThumb->src)) {
  300. $phpThumb->DebugMessage('Passing HTTP source through directly as Location: redirect ('.$phpThumb->src.')', __FILE__, __LINE__);
  301. header('Location: '.$phpThumb->src);
  302. exit;
  303. }
  304. $SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
  305. // security and size checks
  306. if ($phpThumb->getimagesizeinfo = @GetImageSize($SourceFilename)) {
  307. $phpThumb->DebugMessage('Direct passthru GetImageSize() returned [w='.$phpThumb->getimagesizeinfo[0].';h='.$phpThumb->getimagesizeinfo[1].';t='.$phpThumb->getimagesizeinfo[2].']', __FILE__, __LINE__);
  308. if (!@$_GET['w'] && !@$_GET['wp'] && !@$_GET['wl'] && !@$_GET['ws'] && !@$_GET['h'] && !@$_GET['hp'] && !@$_GET['hl'] && !@$_GET['hs']) {
  309. // no resizing needed
  310. $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'")', __FILE__, __LINE__);
  311. } elseif (($phpThumb->getimagesizeinfo[0] <= @$_GET['w']) && ($phpThumb->getimagesizeinfo[1] <= @$_GET['h']) && ((@$_GET['w'] == $phpThumb->getimagesizeinfo[0]) || (@$_GET['h'] == $phpThumb->getimagesizeinfo[1]))) {
  312. // image fits into 'w'x'h' box, and at least one dimension matches exactly, therefore no resizing needed
  313. $phpThumb->DebugMessage('Passing "'.$SourceFilename.'" through directly, no resizing required ("'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" fits inside "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
  314. } else {
  315. $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because resizing required (from "'.$phpThumb->getimagesizeinfo[0].'"x"'.$phpThumb->getimagesizeinfo[1].'" to "'.@$_GET['w'].'"x"'.@$_GET['h'].'")', __FILE__, __LINE__);
  316. break;
  317. }
  318. switch ($phpThumb->getimagesizeinfo[2]) {
  319. case 1: // GIF
  320. case 2: // JPG
  321. case 3: // PNG
  322. // great, let it through
  323. break;
  324. default:
  325. // browser probably can't handle format, remangle it to JPEG/PNG/GIF
  326. $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because $phpThumb->getimagesizeinfo[2] = "'.$phpThumb->getimagesizeinfo[2].'"', __FILE__, __LINE__);
  327. break 2;
  328. }
  329. $ImageCreateFunctions = array(1=>'ImageCreateFromGIF', 2=>'ImageCreateFromJPEG', 3=>'ImageCreateFromPNG');
  330. $theImageCreateFunction = @$ImageCreateFunctions[$phpThumb->getimagesizeinfo[2]];
  331. if ($phpThumb->config_disable_onlycreateable_passthru || (function_exists($theImageCreateFunction) && ($dummyImage = @$theImageCreateFunction($SourceFilename)))) {
  332. // great
  333. if (@is_resource($dummyImage)) {
  334. unset($dummyImage);
  335. }
  336. if (headers_sent()) {
  337. $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
  338. exit;
  339. }
  340. if (@$_GET['phpThumbDebug']) {
  341. $phpThumb->DebugTimingMessage('skipped direct $SourceFilename passthru', __FILE__, __LINE__);
  342. $phpThumb->DebugMessage('Would have passed "'.$SourceFilename.'" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
  343. break;
  344. }
  345. SendSaveAsFileHeaderIfNeeded();
  346. header('Last-Modified: '.gmdate('D, d M Y H:i:s', @filemtime($SourceFilename)).' GMT');
  347. if ($contentType = phpthumb_functions::ImageTypeToMIMEtype(@$phpThumb->getimagesizeinfo[2])) {
  348. header('Content-Type: '.$contentType);
  349. }
  350. @readfile($SourceFilename);
  351. exit;
  352. } else {
  353. $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because ($phpThumb->config_disable_onlycreateable_passthru = "'.$phpThumb->config_disable_onlycreateable_passthru.'") and '.$theImageCreateFunction.'() failed', __FILE__, __LINE__);
  354. break;
  355. }
  356. } else {
  357. $phpThumb->DebugMessage('Not passing "'.$SourceFilename.'" through directly because GetImageSize() failed', __FILE__, __LINE__);
  358. break;
  359. }
  360. break;
  361. }
  362. ////////////////////////////////////////////////////////////////
  363. // Debug output, to try and help me diagnose problems
  364. $phpThumb->DebugTimingMessage('phpThumbDebug[5]', __FILE__, __LINE__);
  365. if (@$_GET['phpThumbDebug'] == '5') {
  366. $phpThumb->phpThumbDebug();
  367. }
  368. ////////////////////////////////////////////////////////////////
  369. function RedirectToCachedFile() {
  370. global $phpThumb, $PHPTHUMB_CONFIG;
  371. $nice_cachefile = str_replace(DIRECTORY_SEPARATOR, '/', $phpThumb->cache_filename);
  372. $nice_docroot = str_replace(DIRECTORY_SEPARATOR, '/', rtrim($PHPTHUMB_CONFIG['document_root'], '/\\'));
  373. $parsed_url = phpthumb_functions::ParseURLbetter(@$_SERVER['HTTP_REFERER']);
  374. $nModified = filemtime($phpThumb->cache_filename);
  375. if ($phpThumb->config_nooffsitelink_enabled && @$_SERVER['HTTP_REFERER'] && !in_array(@$parsed_url['host'], $phpThumb->config_nooffsitelink_valid_domains)) {
  376. $phpThumb->DebugMessage('Would have used cached (image/'.$phpThumb->thumbnailFormat.') file "'.$phpThumb->cache_filename.'" (Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT), but skipping because $_SERVER[HTTP_REFERER] ('.@$_SERVER['HTTP_REFERER'].') is not in $phpThumb->config_nooffsitelink_valid_domains ('.implode(';', $phpThumb->config_nooffsitelink_valid_domains).')', __FILE__, __LINE__);
  377. } elseif ($phpThumb->phpThumbDebug) {
  378. $phpThumb->DebugTimingMessage('skipped using cached image', __FILE__, __LINE__);
  379. $phpThumb->DebugMessage('Would have used cached file, but skipping due to phpThumbDebug', __FILE__, __LINE__);
  380. $phpThumb->DebugMessage('* Would have sent headers (1): Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT', __FILE__, __LINE__);
  381. if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
  382. $phpThumb->DebugMessage('* Would have sent headers (2): Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]), __FILE__, __LINE__);
  383. }
  384. if (ereg('^'.preg_quote($nice_docroot).'(.*)$', $nice_cachefile, $matches)) {
  385. $phpThumb->DebugMessage('* Would have sent headers (3): Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])), __FILE__, __LINE__);
  386. } else {
  387. $phpThumb->DebugMessage('* Would have sent data: readfile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
  388. }
  389. } else {
  390. if (headers_sent()) {
  391. $phpThumb->ErrorImage('Headers already sent ('.basename(__FILE__).' line '.__LINE__.')');
  392. exit;
  393. }
  394. SendSaveAsFileHeaderIfNeeded();
  395. header('Last-Modified: '.gmdate('D, d M Y H:i:s', $nModified).' GMT');
  396. if (@$_SERVER['HTTP_IF_MODIFIED_SINCE'] && ($nModified == strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE'])) && @$_SERVER['SERVER_PROTOCOL']) {
  397. header($_SERVER['SERVER_PROTOCOL'].' 304 Not Modified');
  398. exit;
  399. }
  400. if ($getimagesize = @GetImageSize($phpThumb->cache_filename)) {
  401. header('Content-Type: '.phpthumb_functions::ImageTypeToMIMEtype($getimagesize[2]));
  402. } elseif (eregi('\.ico$', $phpThumb->cache_filename)) {
  403. header('Content-Type: image/x-icon');
  404. }
  405. if (!@$PHPTHUMB_CONFIG['cache_force_passthru'] && ereg('^'.preg_quote($nice_docroot).'(.*)$', $nice_cachefile, $matches)) {
  406. header('Location: '.dirname($matches[1]).'/'.urlencode(basename($matches[1])));
  407. } else {
  408. @readfile($phpThumb->cache_filename);
  409. }
  410. exit;
  411. }
  412. return true;
  413. }
  414. // check to see if file already exists in cache, and output it with no processing if it does
  415. $phpThumb->SetCacheFilename();
  416. if (@is_file($phpThumb->cache_filename) && !@$_GET['nocache']) {
  417. RedirectToCachedFile();
  418. } else {
  419. $phpThumb->DebugMessage('Cached file "'.$phpThumb->cache_filename.'" does not exist, processing as normal', __FILE__, __LINE__);
  420. }
  421. ////////////////////////////////////////////////////////////////
  422. // Debug output, to try and help me diagnose problems
  423. $phpThumb->DebugTimingMessage('phpThumbDebug[6]', __FILE__, __LINE__);
  424. if (@$_GET['phpThumbDebug'] == '6') {
  425. $phpThumb->phpThumbDebug();
  426. }
  427. ////////////////////////////////////////////////////////////////
  428. if ($phpThumb->rawImageData) {
  429. // great
  430. } elseif (@$_GET['new']) {
  431. // generate a blank image resource of the specified size/background color/opacity
  432. if (($phpThumb->w <= 0) || ($phpThumb->h <= 0)) {
  433. $phpThumb->ErrorImage('"w" and "h" parameters required for "new"');
  434. }
  435. @list($bghexcolor, $opacity) = explode('|', $_GET['new']);
  436. if (!phpthumb_functions::IsHexColor($bghexcolor)) {
  437. $phpThumb->ErrorImage('BGcolor parameter for "new" is not valid');
  438. }
  439. $opacity = (strlen($opacity) ? $opacity : 100);
  440. if ($phpThumb->gdimg_source = phpthumb_functions::ImageCreateFunction($phpThumb->w, $phpThumb->h)) {
  441. $alpha = (100 - min(100, max(0, $opacity))) * 1.27;
  442. if ($alpha) {
  443. $phpThumb->setParameter('is_alpha', true);
  444. ImageAlphaBlending($phpThumb->gdimg_source, false);
  445. ImageSaveAlpha($phpThumb->gdimg_source, true);
  446. }
  447. $new_background_color = phpthumb_functions::ImageHexColorAllocate($phpThumb->gdimg_source, $bghexcolor, false, $alpha);
  448. ImageFilledRectangle($phpThumb->gdimg_source, 0, 0, $phpThumb->w, $phpThumb->h, $new_background_color);
  449. } else {
  450. $phpThumb->ErrorImage('failed to create "new" image ('.$phpThumb->w.'x'.$phpThumb->h.')');
  451. }
  452. } elseif (!$phpThumb->src) {
  453. $phpThumb->ErrorImage('Usage: '.$_SERVER['PHP_SELF'].'?src=/path/and/filename.jpg'."\n".'read Usage comments for details');
  454. } elseif (eregi('^(f|ht)tp\://', $phpThumb->src)) {
  455. $phpThumb->DebugMessage('$phpThumb->src ('.$phpThumb->src.') is remote image, attempting to download', __FILE__, __LINE__);
  456. if ($phpThumb->config_http_user_agent) {
  457. $phpThumb->DebugMessage('Setting "user_agent" to "'.$phpThumb->config_http_user_agent.'"', __FILE__, __LINE__);
  458. ini_set('user_agent', $phpThumb->config_http_user_agent);
  459. }
  460. $cleanedupurl = phpthumb_functions::CleanUpURLencoding($phpThumb->src);
  461. $phpThumb->DebugMessage('CleanUpURLencoding('.$phpThumb->src.') returned "'.$cleanedupurl.'"', __FILE__, __LINE__);
  462. $phpThumb->src = $cleanedupurl;
  463. unset($cleanedupurl);
  464. if ($rawImageData = phpthumb_functions::SafeURLread($phpThumb->src, $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {
  465. $phpThumb->DebugMessage('SafeURLread('.$phpThumb->src.') succeeded'.($error ? ' with messsages: "'.$error.'"' : ''), __FILE__, __LINE__);
  466. $phpThumb->DebugMessage('Setting source data from URL "'.$phpThumb->src.'"', __FILE__, __LINE__);
  467. $phpThumb->setSourceData($rawImageData, urlencode($phpThumb->src));
  468. } else {
  469. $phpThumb->ErrorImage($error);
  470. }
  471. }
  472. ////////////////////////////////////////////////////////////////
  473. // Debug output, to try and help me diagnose problems
  474. $phpThumb->DebugTimingMessage('phpThumbDebug[7]', __FILE__, __LINE__);
  475. if (@$_GET['phpThumbDebug'] == '7') {
  476. $phpThumb->phpThumbDebug();
  477. }
  478. ////////////////////////////////////////////////////////////////
  479. $phpThumb->GenerateThumbnail();
  480. ////////////////////////////////////////////////////////////////
  481. // Debug output, to try and help me diagnose problems
  482. $phpThumb->DebugTimingMessage('phpThumbDebug[8]', __FILE__, __LINE__);
  483. if (@$_GET['phpThumbDebug'] == '8') {
  484. $phpThumb->phpThumbDebug();
  485. }
  486. ////////////////////////////////////////////////////////////////
  487. if ($phpThumb->config_allow_parameter_file && $phpThumb->file) {
  488. $phpThumb->RenderToFile($phpThumb->ResolveFilenameToAbsolute($phpThumb->file));
  489. if ($phpThumb->config_allow_parameter_goto && $phpThumb->goto && eregi('^(f|ht)tps?://', $phpThumb->goto)) {
  490. // redirect to another URL after image has been rendered to file
  491. header('Location: '.$phpThumb->goto);
  492. exit;
  493. }
  494. } elseif (@$PHPTHUMB_CONFIG['high_security_enabled'] && @$_GET['nocache']) {
  495. // cache disabled, don't write cachefile
  496. } else {
  497. phpthumb_functions::EnsureDirectoryExists(dirname($phpThumb->cache_filename));
  498. if ((file_exists($phpThumb->cache_filename) && is_writable($phpThumb->cache_filename)) || is_writable(dirname($phpThumb->cache_filename))) {
  499. // $phpThumb->CleanUpCacheDirectory();
  500. if ($phpThumb->RenderToFile($phpThumb->cache_filename) && is_readable($phpThumb->cache_filename)) {
  501. chmod($phpThumb->cache_filename, 0644);
  502. RedirectToCachedFile();
  503. } else {
  504. $phpThumb->DebugMessage('Failed: RenderToFile('.$phpThumb->cache_filename.')', __FILE__, __LINE__);
  505. }
  506. } else {
  507. $phpThumb->DebugMessage('Cannot write to $phpThumb->cache_filename ('.$phpThumb->cache_filename.') because that directory ('.dirname($phpThumb->cache_filename).') is not writable', __FILE__, __LINE__);
  508. }
  509. }
  510. ////////////////////////////////////////////////////////////////
  511. // Debug output, to try and help me diagnose problems
  512. $phpThumb->DebugTimingMessage('phpThumbDebug[9]', __FILE__, __LINE__);
  513. if (@$_GET['phpThumbDebug'] == '9') {
  514. $phpThumb->phpThumbDebug();
  515. }
  516. ////////////////////////////////////////////////////////////////
  517. if (!$phpThumb->OutputThumbnail()) {
  518. $phpThumb->ErrorImage('Error in OutputThumbnail():'."\n".$phpThumb->debugmessages[(count($phpThumb->debugmessages) - 1)]);
  519. }
  520. ////////////////////////////////////////////////////////////////
  521. // Debug output, to try and help me diagnose problems
  522. $phpThumb->DebugTimingMessage('phpThumbDebug[10]', __FILE__, __LINE__);
  523. if (@$_GET['phpThumbDebug'] == '10') {
  524. $phpThumb->phpThumbDebug();
  525. }
  526. ////////////////////////////////////////////////////////////////
  527. ?>