function thumb()
{
Configure::write('Security.level', 'medium');
Configure::write('debug', 0);
$this->layout = null;
$this->autoRender = false;
if (empty($this->params['named']['src'])) {
die("No source image");
}
$this->params['named']['src'] = rawurldecode($this->params['named']['src']);
// internet explorer was submitting the "|" characters encoded. note that the "|" is intact with other browsers / email clients
$src = str_replace('|', DS, $this->params['named']['src']);
if ($this->params['named']['size'] == 'original') {
$this->redirect('/' . $src);
return;
}
// sanitize the src name a little
$src = str_replace('..', '', $src);
// remove any double dots,
// this should probably do enough seeing as we're tagging it onto the end of the WWW_ROOT constant
// but just in case also filter out other mischievous characters...
$src = preg_replace('/(^\\/)|(^\\.\\/)|(~)/', '', $src);
// remove any starting / or ./
// width and height disabled in favour of a more secure size matrix
// width
// $width = (!isset($this->params['named']['w'])) ? null : $this->params['named']['w'];
// height
// $height = (!isset($this->params['named']['h'])) ? null : $this->params['named']['h'];
$sizecode = isset($this->params['named']['size']) ? $this->params['named']['size'] : null;
// width
$width = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][0] : 100;
// height
$height = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][1] : 100;
$scaleMode = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][2] : 1;
$anchor = array_key_exists($sizecode, $this->sizes) ? $this->sizes[$sizecode][3] : 'C';
$sourceFilename = WWW_ROOT . $src;
$maxSrcPixels = 10000000;
// images over around 3megapixels seem to exhaust a memory limit of ??MB
if (!file_exists($sourceFilename) || !is_file($sourceFilename)) {
$sourceFilename = APP . 'plugins' . DS . 'file_library' . DS . 'webroot' . DS . 'img' . DS . 'admin' . DS . 'no-image.png';
}
$ext = strtolower(substr(strrchr($sourceFilename, '.'), 1));
// get the file extension
if (!in_array($ext, array('jpg', 'jpeg', 'png', 'gif'))) {
$sourceFilename = APP . 'plugins' . DS . 'file_library' . DS . 'webroot' . DS . 'img' . DS . 'admin' . DS . 'image-unknown-format.png';
}
// this image size check is probably slowing the script down. better to check for ready-made thumbnail first
$imgsize = getimagesize($sourceFilename);
if (empty($imgsize)) {
die("Could not check size of source image with getimagesize()");
}
if ($imgsize[0] * $imgsize[1] > $maxSrcPixels) {
$sourceFilename = APP . 'plugins' . DS . 'file_library' . DS . 'webroot' . DS . 'img' . DS . 'admin' . DS . 'image-too-large.png';
}
if (is_readable($sourceFilename)) {
//vendor("imageserver/imageserver.class");
$result = App::import('Vendor', 'FileLibrary.ImageServer', array('file' => 'imageserver' . DS . 'imageserver.1.3.php'));
$i = new ImageServer();
$i->src = $sourceFilename;
$i->cache_path = CACHE . 'thumbs' . DS;
//$i->cache_required = false;
$i->h = $height;
$i->w = $width;
$i->anchor = $anchor;
$i->cache_required = true;
$i->max_source_pixelcount = $maxSrcPixels;
$i->scaleMode = $scaleMode;
$i->attempt_memory_increase = 50000000;
// false or integer in bytes
$i->backgroundColour = array(0xff, 0xff, 0xff);
//FFFFFF
// only uncomment if debugging
/*
if (function_exists('memory_get_peak_usage')) {
$mem_peak = memory_get_peak_usage();
$this->log('Displayed (and maybe created) a thumbnail, memory use was '.$mem_peak.' bytes',LOG_DEBUG);
}
else {
$this->log('Displayed a thumbnail but unable to log max memory use. Current is '.memory_get_usage().' bytes',LOG_DEBUG);
}*/
if (!$i->output()) {
echo $i->error;
}
} else {
// Can't read source
die("Couldn't read source image " . $sourceFilename);
}
}
