function clean_source($src)
{
$host = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$regex = "/^((ht|f)tp(s|):\\/\\/)(www\\.|)" . $host . "/i";
$src = preg_replace($regex, '', $src);
$src = strip_tags($src);
$src = check_external($src);
// remove slash from start of string
if (strpos($src, '/') === 0) {
$src = substr($src, -(strlen($src) - 1));
}
// don't allow users the ability to use '../'
// in order to gain access to files below document root
$src = preg_replace("/\\.\\.+\\//", "", $src);
// get path to image on file system
$src = get_document_root($src) . '/' . $src;
return $src;
}
/**
* tidy up the image source url
*
* @param <type> $src
* @return string
*/
function clean_source($src)
{
$host = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$regex = "/^(http(s|):\\/\\/)(www\\.|)" . $host . "\\//i";
$src = preg_replace($regex, '', $src);
$src = strip_tags($src);
$src = str_replace(' ', '%20', $src);
$src = check_external($src);
// remove slash from start of string
if (strpos($src, '/') === 0) {
$src = substr($src, -(strlen($src) - 1));
}
// don't allow users the ability to use '../'
// in order to gain access to files below document root
$src = preg_replace("/\\.\\.+\\//", "", $src);
// get path to image on file system
$src = get_document_root($src) . '/' . $src;
if (!is_file($src)) {
display_error('source is not a valid file');
}
if (filesize($src) > MAX_FILE_SIZE) {
display_error('source file is too big (filesize > MAX_FILE_SIZE)');
}
if (filesize($src) <= 0) {
display_error('source file <= 0 bytes. Possible external file download error (file is too large)');
}
return realpath($src);
}
