function thumb() { Configure::write('Security.level', 'medium'); Configure::write('debug', 0); $this->layout = null; $this->autoRender = false; if (empty($this->params['named']['src'])) { die("No source image"); } $this->params['named']['src'] = rawurldecode($this->params['named']['src']); // internet explorer was submitting the "|" characters encoded. note that the "|" is intact with other browsers / email clients $src = str_replace('|', DS, $this->params['named']['src']); if ($this->params['named']['size'] == 'original') { $this->redirect('/' . $src); return; } // sanitize the src name a little $src = str_replace('..', '', $src); // remove any double dots, // this should probably do enough seeing as we're tagging it onto the end of the WWW_ROOT constant // but just in case also filter out other mischievous characters... $src = preg_replace('/(^\\/)|(^\\.\\/)|(~)/', '', $src); // remove any starting / or ./ // width and height disabled in favour of a more secure size matrix // width // $width = (!isset($this->params['named']['w'])) ? null : $this->params['named']['w']; // height // $height = (!isset($this->params['named']['h'])) ? null : $this->params['named']['h']; $sizecode = isset($this->params['named']['size']) ? $this->params['named']['size'] : null; // width $width = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][0] : 100; // height $height = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][1] : 100; $scaleMode = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][2] : 1; $anchor = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][3] : 'C'; $sourceFilename = WWW_ROOT . $src; $maxSrcPixels = 10000000; // images over around 3megapixels seem to exhaust a memory limit of ??MB if (!file_exists($sourceFilename) || !is_file($sourceFilename)) { $sourceFilename = APP . 'plugins' . DS . 'file_library' . DS . 'webroot' . DS . 'img' . DS . 'admin' . DS . 'no-image.png'; } $ext = strtolower(substr(strrchr($sourceFilename, '.'), 1)); // get the file extension if (!in_array($ext, array('jpg', 'jpeg', 'png', 'gif'))) { $sourceFilename = APP . 'plugins' . DS . 'file_library' . DS . 'webroot' . DS . 'img' . DS . 'admin' . DS . 'image-unknown-format.png'; } // this image size check is probably slowing the script down. better to check for ready-made thumbnail first $imgsize = getimagesize($sourceFilename); if (empty($imgsize)) { die("Could not check size of source image with getimagesize()"); } if ($imgsize[0] * $imgsize[1] > $maxSrcPixels) { $sourceFilename = APP . 'plugins' . DS . 'file_library' . DS . 'webroot' . DS . 'img' . DS . 'admin' . DS . 'image-too-large.png'; } if (is_readable($sourceFilename)) { //vendor("imageserver/imageserver.class"); $result = App::import('Vendor', 'FileLibrary.ImageServer', array('file' => 'imageserver' . DS . 'imageserver.1.3.php')); $i = new ImageServer(); $i->src = $sourceFilename; $i->cache_path = CACHE . 'thumbs' . DS; //$i->cache_required = false; $i->h = $height; $i->w = $width; $i->anchor = $anchor; $i->cache_required = true; $i->max_source_pixelcount = $maxSrcPixels; $i->scaleMode = $scaleMode; $i->attempt_memory_increase = 50000000; // false or integer in bytes $i->backgroundColour = array(0xff, 0xff, 0xff); //FFFFFF // only uncomment if debugging /* if (function_exists('memory_get_peak_usage')) { $mem_peak = memory_get_peak_usage(); $this->log('Displayed (and maybe created) a thumbnail, memory use was '.$mem_peak.' bytes',LOG_DEBUG); } else { $this->log('Displayed a thumbnail but unable to log max memory use. Current is '.memory_get_usage().' bytes',LOG_DEBUG); }*/ if (!$i->output()) { echo $i->error; } } else { // Can't read source die("Couldn't read source image " . $sourceFilename); } }