function check_avatar($url) { $allow_dynamic_img = 0; //You alter this value at your own peril! $img_ext = 'jpg,gif,png'; //image extension. Careful what you put here! if (!$url) { return; } //empty? send it back! $url = trim($url); $default = 'http://localhost/warn.jpg'; //this is what is returned if all fails /* * Check for any dynamic stuff! */ if ($allow_dynamic_img != 1) { if (preg_match("/[?&;]/", $url)) { return $default; } if (preg_match("/javascript(\\:|\\s)/i", $url)) { return $default; } } /* * Check the extension */ if ($img_ext) { $extension = preg_replace("#^.*\\.(\\S+)\$#", "\\1", $url); $extension = strtolower($extension); if (!$extension or preg_match("#/#", $extension)) { return $default; } $img_ext = strtolower($img_ext); if (!preg_match("/" . preg_quote($extension, '/') . "(,|\$)/", $img_ext)) { return $default; } // $url = xss_detect($url); if (xss_detect($url)) { return 'wanker!!!'; } } /* * Take a stab at getting a good image url */ if (!preg_match("/^(http|https|ftp):\\/\\//i", $url)) { return $default; } /* * done all we can at this point! */ $url = str_replace(' ', '%20', $url); return $url; }
function check_image($url = '') { static $image_count = 0; // do not alter this! $allow_dynamic_img = 0; //You alter this value at your own peril! $max_images = 2000; //Maximum number of images allowed, after which the raw string is returned. $img_ext = 'jpg,gif,png'; //image extension. Careful what you put here! if (!$url) { return; } //empty? send it back! $url = trim($url); $default = '[img]' . $url . '[/img]'; //this is what is returned after images are exceeded $image_count++; /* * is this true and have we exceeded it? */ if ($max_images) { if ($image_count > $max_images) { return $default; } } /* * Check for any dynamic stuff! */ if ($allow_dynamic_img != 1) { if (preg_match("/[?&;]/", $url)) { return '<img src="pic/imagenotfound.jpg" alt="image not found" />'; } if (preg_match("/javascript(\\:|\\s)/i", $url)) { return '<img src="pic/imagenotfound.jpg" alt="image not found" />'; } } /* * Check the extension */ if ($img_ext) { $extension = preg_replace("#^.*\\.(\\S+)\$#", "\\1", $url); $extension = strtolower($extension); if (!$extension or preg_match("#/#", $extension)) { return '<img src="pic/imagenotfound.jpg" alt="image not found" />'; } $img_ext = strtolower($img_ext); if (!preg_match("/" . preg_quote($extension, '/') . "(,|\$)/", $img_ext)) { return '<img src="pic/imagenotfound.jpg" alt="image not found" />'; } //$url = xss_detect($url); if (xss_detect($url)) { return '<img src="pic/imagenotfound.jpg" alt="image not found" />'; } } /* * Take a stab at getting a good image url */ if (!preg_match("/^(http|https|ftp):\\/\\//i", $url)) { return '<img src="pic/imagenotfound.jpg" alt="image not found" />'; } /* * done all we can at this point! */ $url = str_replace(' ', '%20', $url); return '<img src="' . $url . '" alt="' . $url . '" title="' . $url . '" />'; }
function check_image($url = "") { static $image_count = 0; // do not alter this! $allow_dynamic_img = 0; //You alter this value at your own peril! $max_images = 195; //Maximum number of images allowed, after which the raw string is returned. $img_ext = 'jpg,gif,png'; //image extension. Careful what you put here! if (!$url) { return; } //empty? send it back! $url = trim($url); $default = "[img]" . $url . "[/img]"; //this is what is returned after images are exceeded $image_count++; /* * is this true and have we exceeded it? */ if ($max_images) { if ($image_count > $max_images) { return $default; } } /* * Check for any dynamic stuff! */ if ($allow_dynamic_img != 1) { if (preg_match("/[?&;]/", $url)) { return "<img src='{$BASEURL}/warn.jpg' border='0' alt='image not found' />"; } if (preg_match("/javascript(\\:|\\s)/i", $url)) { return "<img src=''{$BASEURL}/warn.jpg' border='0' alt='image not found' />"; } } /* * Check the extension */ if ($img_ext) { $extension = preg_replace("#^.*\\.(\\S+)\$#", "\\1", $url); $extension = strtolower($extension); if (!$extension or preg_match("#/#", $extension)) { return "<img src=''{$BASEURL}/warn.jpg' border='0' alt='image not found' />"; } $img_ext = strtolower($img_ext); if (!preg_match("/" . preg_quote($extension, '/') . "(,|\$)/", $img_ext)) { return "<img src=''{$BASEURL}/warn.jpg' border='0' alt='image not found' />"; } // $url = xss_detect($url); if (xss_detect($url)) { return 'OOPS!!'; } //do what ever you want to return here } /* * Take a stab at getting a good image url */ if (!preg_match("/^(http|https|ftp):\\/\\//i", $url)) { return "<img src=''{$BASEURL}/warn.jpg' border='0' alt='image not found' />"; } /* * done all we can at this point! */ $url = str_replace(" ", "%20", $url); return "<img src='{$url}' border='0' alt='Does my bum look big in this image?' onload='NcodeImageResizer.createOn(this);' />"; }