function fix_file_path($file_path) { if (!is_remote_file($file_path) && !file_exists($file_path)) { $file_path = preg_replace("/\\/{2,}/", "/", get_document_root() . "/" . $file_path); } return $file_path; }
function clean_source($src) { $host = str_replace('www.', '', $_SERVER['HTTP_HOST']); $regex = "/^((ht|f)tp(s|):\\/\\/)(www\\.|)" . $host . "/i"; $src = preg_replace($regex, '', $src); $src = strip_tags($src); $src = check_external($src); // remove slash from start of string if (strpos($src, '/') === 0) { $src = substr($src, -(strlen($src) - 1)); } // don't allow users the ability to use '../' // in order to gain access to files below document root $src = preg_replace("/\\.\\.+\\//", "", $src); // get path to image on file system $src = get_document_root($src) . '/' . $src; return $src; }
/** * tidy up the image source url * * @param <type> $src * @return string */ function clean_source($src) { $host = str_replace('www.', '', $_SERVER['HTTP_HOST']); $regex = "/^(http(s|):\\/\\/)(www\\.|)" . $host . "\\//i"; $src = preg_replace($regex, '', $src); $src = strip_tags($src); $src = str_replace(' ', '%20', $src); $src = check_external($src); // remove slash from start of string if (strpos($src, '/') === 0) { $src = substr($src, -(strlen($src) - 1)); } // don't allow users the ability to use '../' // in order to gain access to files below document root $src = preg_replace("/\\.\\.+\\//", "", $src); // get path to image on file system $src = get_document_root($src) . '/' . $src; if (!is_file($src)) { display_error('source is not a valid file'); } if (filesize($src) > MAX_FILE_SIZE) { display_error('source file is too big (filesize > MAX_FILE_SIZE)'); } if (filesize($src) <= 0) { display_error('source file <= 0 bytes. Possible external file download error (file is too large)'); } return realpath($src); }
/** * tidy up the image source url */ function cleanSource($src) { // remove slash from start of string if(strpos($src, "/") == 0) { $src = substr($src, -(strlen($src) - 1)); } // remove http/ https/ ftp $src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src); // remove domain name from the source url $host = $_SERVER["HTTP_HOST"]; $src = str_replace($host, "", $src); $host = str_replace("www.", "", $host); $src = str_replace($host, "", $src); // don't allow users the ability to use '../' // in order to gain access to files below document root // src should be specified relative to document root like: // src=images/img.jpg or src=/images/img.jpg // not like: // src=../images/img.jpg $src = preg_replace("/\.\.+\//", "", $src); // get path to image on file system $src = get_document_root($src) . '/' . $src; return $src; }
// http://code.google.com/p/timthumb/ // MIT License: http://www.opensource.org/licenses/mit-license.php /* Parameters allowed: */ // w: width // h: height // zc: zoom crop (0 or 1) // q: quality (default is 75 and max is 100) // HTML example: <img src="/scripts/timthumb.php?src=/images/whatever.jpg&w=150&h=200&zc=1" alt="" /> error_reporting(E_ALL); if (!isset($_REQUEST["src"])) { die("no image specified"); } // clean params before use $src = clean_source($_REQUEST["src"]); // set document root $doc_root = get_document_root($src); // get path to image on file system $src = $doc_root . '/' . $src; $new_width = preg_replace("/[^0-9]+/", "", get_request('w', 100)); $new_height = preg_replace("/[^0-9]+/", "", get_request('h', 100)); $zoom_crop = preg_replace("/[^0-9]+/", "", get_request('zc', 1)); $quality = preg_replace("/[^0-9]+/", "", get_request('9', 80)); // set path to cache directory (default is ./cache) // this can be changed to a different location $cache_dir = './cache'; // get mime type of src $mime_type = mime_type($src); // check to see if this image is in the cache already //check_cache($cache_dir, $mime_type); // make sure that the src is gif/jpg/png if (!valid_src_mime_type($mime_type)) {
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0) { global $site_template, $site_sess, $lang, $mode; if (!get_file_path($media_file_name, "media", $cat_id, 0, 0)) { $media = "<img src=\"" . ICON_PATH . "/404.gif\" border=\"0\" alt=\"\" />"; $site_template->register_vars("iptc_info", ""); $site_template->register_vars("exif_info", ""); } else { $media_src = get_file_path($media_file_name, "media", $cat_id, 0, 1); $file_extension = get_file_extension($media_file_name); $media_icon = "<img src=\"" . ICON_PATH . "/" . $file_extension . ".gif\" border=\"0\" alt=\"" . format_text($image_name, 2) . "\" />"; if ($show_link) { $media_icon = "<a href=\"" . $site_sess->url(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $image_id . (!empty($mode) ? "&mode=" . $mode : "")) . "\">" . $media_icon . "</a>"; } $width_height = ""; $width = ""; $height = ""; $iptc_info = ""; $exif_info = ""; if (!is_remote($media_src)) { $src = !file_exists($media_src) && file_exists(preg_replace("/\\/{2,}/", "/", get_document_root() . "/" . $media_src)) ? preg_replace("/\\/{2,}/", "/", get_document_root() . "/" . $media_src) : $media_src; if (in_array(strtolower($file_extension), array('gif', 'jpg', 'jpeg', 'png', 'swf')) && ($image_info = @getimagesize($src, $info))) { $width_height = " " . $image_info[3]; $width = $image_info[0]; $height = $image_info[1]; if ($detailed_view && isset($info['APP13'])) { $iptc_array = get_iptc_info($info['APP13']); $bgcounter = 0; foreach ($iptc_array as $key => $val) { $row_bg_number = $bgcounter++ % 2 == 0 ? 1 : 2; $site_template->register_vars(array("iptc_value" => format_text($val), "iptc_name" => $lang['iptc_' . $key], "row_bg_number" => $row_bg_number)); $iptc_info .= $site_template->parse_template("iptc_bit"); } } if ($detailed_view && $image_info[2] == 2 && function_exists('exif_read_data') && ($exif_data = @exif_read_data($src, 'EXIF'))) { $exif_array = get_exif_info($exif_data); $bgcounter = 0; foreach ($exif_array as $key => $val) { $row_bg_number = $bgcounter++ % 2 == 0 ? 1 : 2; $site_template->register_vars(array("exif_value" => format_text($val), "exif_name" => $lang['exif_' . $key], "row_bg_number" => $row_bg_number)); $exif_info .= $site_template->parse_template("exif_bit"); } } } } $site_template->register_vars(array("media_src" => $media_src, "media_icon" => $media_icon, "image_name" => format_text($image_name, 2), "width_height" => $width_height, "width" => $width, "height" => $height, "iptc_info" => $iptc_info, "exif_info" => $exif_info)); $media = $site_template->parse_template("media/" . $file_extension); } return $media; }