if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
// great
} else {
ob_end_flush();
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
$phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($args)) {
$_GET['src'] = @$args[count($args) - 1];
$phpThumb->DebugMessage('PATH_INFO."src" = "' . $_GET['src'] . '"', __FILE__, __LINE__);
if (preg_match('/^new\\=([a-z0-9]+)/i', $_GET['src'], $matches)) {
unset($_GET['src']);
$_GET['new'] = $matches[1];
}
}
if (preg_match('/^([0-9]*)x?([0-9]*)$/i', @$args[count($args) - 2], $matches)) {
$_GET['w'] = $matches[1];
$_GET['h'] = $matches[2];
$phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "' . $_GET['w'] . '"x"' . $_GET['h'] . '"', __FILE__, __LINE__);
}
for ($i = 0; $i < count($args) - 2; $i++) {
@(list($key, $value) = explode('=', @$args[$i]));
if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
// great
} else {
ob_end_flush();
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
$phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($args)) {
$_GET['src'] = @$args[count($args) - 1];
if (eregi('^new\\=([a-z0-9]+)', $_GET['src'], $matches)) {
unset($_GET['src']);
$_GET['new'] = $matches[1];
}
}
if (eregi('^([0-9]*)x?([0-9]*)$', @$args[count($args) - 2], $matches)) {
$_GET['w'] = $matches[1];
$_GET['h'] = $matches[2];
$phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "' . $_GET['w'] . '"x"' . $_GET['h'] . '"', __FILE__, __LINE__);
}
for ($i = 0; $i < count($args) - 2; $i++) {
@(list($key, $value) = explode('=', @$args[$i]));
if (substr($key, -2) == '[]') {
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->config_disable_debug = false;
// otherwise error message won't print
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (empty($PHPTHUMB_CONFIG['disable_pathinfo_parsing']) && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
$phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($args)) {
$_GET['src'] = @$args[count($args) - 1];
$phpThumb->DebugMessage('PATH_INFO."src" = "' . $_GET['src'] . '"', __FILE__, __LINE__);
if (preg_match('#^new\\=([a-z0-9]+)#i', $_GET['src'], $matches)) {
unset($_GET['src']);
$_GET['new'] = $matches[1];
}
}
if (preg_match('#^([0-9]*)x?([0-9]*)$#i', @$args[count($args) - 2], $matches)) {
$_GET['w'] = $matches[1];
$_GET['h'] = $matches[2];
$phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "' . $_GET['w'] . '"x"' . $_GET['h'] . '"', __FILE__, __LINE__);
}
for ($i = 0; $i < count($args) - 2; $i++) {
@(list($key, $value) = explode('=', @$args[$i]));
if (include_once dirname(__FILE__) . '/phpThumb.config.php') {
// great
} else {
ob_end_flush();
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
ob_end_clean();
} elseif (file_exists(dirname(__FILE__) . '/phpThumb.config.php.default')) {
$phpThumb->ErrorImage('Please rename "phpThumb.config.php.default" to "phpThumb.config.php"');
} else {
$phpThumb->ErrorImage('failed to include_once(' . dirname(__FILE__) . '/phpThumb.config.php) - realpath="' . realpath(dirname(__FILE__) . '/phpThumb.config.php') . '"');
}
if (!@$PHPTHUMB_CONFIG['disable_pathinfo_parsing'] && (empty($_GET) || isset($_GET['phpThumbDebug'])) && !empty($_SERVER['PATH_INFO'])) {
$_SERVER['PHP_SELF'] = str_replace($_SERVER['PATH_INFO'], '', @$_SERVER['PHP_SELF']);
$args = explode(';', substr($_SERVER['PATH_INFO'], 1));
$phpThumb->DebugMessage('PATH_INFO.$args set to (' . implode(')(', $args) . ')', __FILE__, __LINE__);
if (!empty($args)) {
$_GET['src'] = @$args[count($args) - 1];
if (eregi('^new\\=([a-z0-9]+)', $_GET['src'], $matches)) {
unset($_GET['src']);
$_GET['new'] = $matches[1];
}
}
if (eregi('^([0-9]*)x?([0-9]*)$', @$args[count($args) - 2], $matches)) {
$_GET['w'] = $matches[1];
$_GET['h'] = $matches[2];
$phpThumb->DebugMessage('PATH_INFO."w"x"h" set to "' . $_GET['w'] . '"x"' . $_GET['h'] . '"', __FILE__, __LINE__);
}
for ($i = 0; $i < count($args) - 2; $i++) {
@(list($key, $value) = explode('=', @$args[$i]));
if (substr($key, -2) == '[]') {
$CanPassThroughDirectly = true;
if (!empty($phpThumb->rawImageData)) {
// data from SQL, should be fine
} elseif (!@is_file(@$_GET['src']) || !@is_readable(@$_GET['src'])) {
$CanPassThroughDirectly = false;
}
foreach ($_GET as $key => $value) {
switch ($key) {
case 'src':
// allowed
break;
default:
// all other parameters will cause some processing,
// therefore cannot pass through original image unmodified
$CanPassThroughDirectly = false;
$phpThumb->DebugMessage('Cannot pass through directly because $_GET[' . $key . '] is set', __FILE__, __LINE__);
break 2;
}
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
if (@$_GET['phpThumbDebug'] == '4') {
$phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
if ($CanPassThroughDirectly && $phpThumb->src) {
// no parameters set, passthru
$SourceFilename = $phpThumb->ResolveFilenameToAbsolute($phpThumb->src);
if (@$_GET['phpThumbDebug']) {
$phpThumb->DebugMessage('Would have passed "' . $SourceFilename . '" through directly, but skipping due to phpThumbDebug', __FILE__, __LINE__);
} else {
$phpThumb->{$key} = $value;
}
}
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
if (@$_REQUEST['phpThumbDebug'] == '2') {
$phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
// check to see if file can be output from source with no processing or caching
$CanPassThroughDirectly = true;
$FilenameParameters = array('h', 'w', 'sx', 'sy', 'sw', 'sh', 'bw', 'brx', 'bry', 'bg', 'bgt', 'bc', 'usa', 'usr', 'ust', 'wmf', 'wmp', 'wmm', 'wma', 'xto', 'ra', 'ar', 'iar', 'maxb');
foreach ($FilenameParameters as $key) {
if (isset($_REQUEST[$key])) {
$phpThumb->DebugMessage('Cannot pass through directly because $_REQUEST[' . $key . '] is set to "' . $_REQUEST[$key] . '"', __FILE__, __LINE__);
$CanPassThroughDirectly = false;
break;
}
}
////////////////////////////////////////////////////////////////
// Debug output, to try and help me diagnose problems
if (@$_REQUEST['phpThumbDebug'] == '3') {
$phpThumb->phpThumbDebug();
}
////////////////////////////////////////////////////////////////
if ($CanPassThroughDirectly && !empty($_REQUEST['src'])) {
// no parameters set, passthru
$SourceFilename = $phpThumb->ResolveFilenameToAbsolute($_REQUEST['src']);
if ($getimagesize = @GetImageSize($SourceFilename)) {
if (!empty($_REQUEST['phpThumbDebug'])) {