function fix_file_path($file_path)
{
if (!is_remote_file($file_path) && !file_exists($file_path)) {
$file_path = preg_replace("/\\/{2,}/", "/", get_document_root() . "/" . $file_path);
}
return $file_path;
}
function clean_source($src)
{
$host = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$regex = "/^((ht|f)tp(s|):\\/\\/)(www\\.|)" . $host . "/i";
$src = preg_replace($regex, '', $src);
$src = strip_tags($src);
$src = check_external($src);
// remove slash from start of string
if (strpos($src, '/') === 0) {
$src = substr($src, -(strlen($src) - 1));
}
// don't allow users the ability to use '../'
// in order to gain access to files below document root
$src = preg_replace("/\\.\\.+\\//", "", $src);
// get path to image on file system
$src = get_document_root($src) . '/' . $src;
return $src;
}
/**
* tidy up the image source url
*
* @param <type> $src
* @return string
*/
function clean_source($src)
{
$host = str_replace('www.', '', $_SERVER['HTTP_HOST']);
$regex = "/^(http(s|):\\/\\/)(www\\.|)" . $host . "\\//i";
$src = preg_replace($regex, '', $src);
$src = strip_tags($src);
$src = str_replace(' ', '%20', $src);
$src = check_external($src);
// remove slash from start of string
if (strpos($src, '/') === 0) {
$src = substr($src, -(strlen($src) - 1));
}
// don't allow users the ability to use '../'
// in order to gain access to files below document root
$src = preg_replace("/\\.\\.+\\//", "", $src);
// get path to image on file system
$src = get_document_root($src) . '/' . $src;
if (!is_file($src)) {
display_error('source is not a valid file');
}
if (filesize($src) > MAX_FILE_SIZE) {
display_error('source file is too big (filesize > MAX_FILE_SIZE)');
}
if (filesize($src) <= 0) {
display_error('source file <= 0 bytes. Possible external file download error (file is too large)');
}
return realpath($src);
}
/**
* tidy up the image source url
*/
function cleanSource($src) {
// remove slash from start of string
if(strpos($src, "/") == 0) {
$src = substr($src, -(strlen($src) - 1));
}
// remove http/ https/ ftp
$src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src);
// remove domain name from the source url
$host = $_SERVER["HTTP_HOST"];
$src = str_replace($host, "", $src);
$host = str_replace("www.", "", $host);
$src = str_replace($host, "", $src);
// don't allow users the ability to use '../'
// in order to gain access to files below document root
// src should be specified relative to document root like:
// src=images/img.jpg or src=/images/img.jpg
// not like:
// src=../images/img.jpg
$src = preg_replace("/\.\.+\//", "", $src);
// get path to image on file system
$src = get_document_root($src) . '/' . $src;
return $src;
}
// http://code.google.com/p/timthumb/
// MIT License: http://www.opensource.org/licenses/mit-license.php
/* Parameters allowed: */
// w: width
// h: height
// zc: zoom crop (0 or 1)
// q: quality (default is 75 and max is 100)
// HTML example: <img src="/scripts/timthumb.php?src=/images/whatever.jpg&w=150&h=200&zc=1" alt="" />
error_reporting(E_ALL);
if (!isset($_REQUEST["src"])) {
die("no image specified");
}
// clean params before use
$src = clean_source($_REQUEST["src"]);
// set document root
$doc_root = get_document_root($src);
// get path to image on file system
$src = $doc_root . '/' . $src;
$new_width = preg_replace("/[^0-9]+/", "", get_request('w', 100));
$new_height = preg_replace("/[^0-9]+/", "", get_request('h', 100));
$zoom_crop = preg_replace("/[^0-9]+/", "", get_request('zc', 1));
$quality = preg_replace("/[^0-9]+/", "", get_request('9', 80));
// set path to cache directory (default is ./cache)
// this can be changed to a different location
$cache_dir = './cache';
// get mime type of src
$mime_type = mime_type($src);
// check to see if this image is in the cache already
//check_cache($cache_dir, $mime_type);
// make sure that the src is gif/jpg/png
if (!valid_src_mime_type($mime_type)) {
function get_media_code($media_file_name, $image_id = 0, $cat_id = 0, $image_name = "", $mode = "", $show_link = 0, $detailed_view = 0)
{
global $site_template, $site_sess, $lang, $mode;
if (!get_file_path($media_file_name, "media", $cat_id, 0, 0)) {
$media = "<img src=\"" . ICON_PATH . "/404.gif\" border=\"0\" alt=\"\" />";
$site_template->register_vars("iptc_info", "");
$site_template->register_vars("exif_info", "");
} else {
$media_src = get_file_path($media_file_name, "media", $cat_id, 0, 1);
$file_extension = get_file_extension($media_file_name);
$media_icon = "<img src=\"" . ICON_PATH . "/" . $file_extension . ".gif\" border=\"0\" alt=\"" . format_text($image_name, 2) . "\" />";
if ($show_link) {
$media_icon = "<a href=\"" . $site_sess->url(ROOT_PATH . "details.php?" . URL_IMAGE_ID . "=" . $image_id . (!empty($mode) ? "&mode=" . $mode : "")) . "\">" . $media_icon . "</a>";
}
$width_height = "";
$width = "";
$height = "";
$iptc_info = "";
$exif_info = "";
if (!is_remote($media_src)) {
$src = !file_exists($media_src) && file_exists(preg_replace("/\\/{2,}/", "/", get_document_root() . "/" . $media_src)) ? preg_replace("/\\/{2,}/", "/", get_document_root() . "/" . $media_src) : $media_src;
if (in_array(strtolower($file_extension), array('gif', 'jpg', 'jpeg', 'png', 'swf')) && ($image_info = @getimagesize($src, $info))) {
$width_height = " " . $image_info[3];
$width = $image_info[0];
$height = $image_info[1];
if ($detailed_view && isset($info['APP13'])) {
$iptc_array = get_iptc_info($info['APP13']);
$bgcounter = 0;
foreach ($iptc_array as $key => $val) {
$row_bg_number = $bgcounter++ % 2 == 0 ? 1 : 2;
$site_template->register_vars(array("iptc_value" => format_text($val), "iptc_name" => $lang['iptc_' . $key], "row_bg_number" => $row_bg_number));
$iptc_info .= $site_template->parse_template("iptc_bit");
}
}
if ($detailed_view && $image_info[2] == 2 && function_exists('exif_read_data') && ($exif_data = @exif_read_data($src, 'EXIF'))) {
$exif_array = get_exif_info($exif_data);
$bgcounter = 0;
foreach ($exif_array as $key => $val) {
$row_bg_number = $bgcounter++ % 2 == 0 ? 1 : 2;
$site_template->register_vars(array("exif_value" => format_text($val), "exif_name" => $lang['exif_' . $key], "row_bg_number" => $row_bg_number));
$exif_info .= $site_template->parse_template("exif_bit");
}
}
}
}
$site_template->register_vars(array("media_src" => $media_src, "media_icon" => $media_icon, "image_name" => format_text($image_name, 2), "width_height" => $width_height, "width" => $width, "height" => $height, "iptc_info" => $iptc_info, "exif_info" => $exif_info));
$media = $site_template->parse_template("media/" . $file_extension);
}
return $media;
}
