/** * @return string Returns a escaped query. */ public static function prepare($connection, $query, array $data) { // Check dependencies Validator::required(isset($connection, $query), __METHOD__); // Count the number of placeholders and compare it with the number of arguments // If it doesn't match, calculate the difference and skip this number of placeholders before starting the replacement // This avoids problems with placeholders in user-input // $skip = Number of placeholders which need to be skipped $skip = 0; $temp = ''; $num = array('placeholder' => substr_count($query, '?'), 'data' => count($data)); if ($num['data'] - $num['placeholder'] < 0) { Log::notice($connection, __METHOD__, __LINE__, 'Could not completely prepare query. Query has more placeholders than values.'); } foreach ($data as $value) { // Escape $value = mysqli_real_escape_string($connection, $value); // Recalculate number of placeholders $num['placeholder'] = substr_count($query, '?'); // Calculate number of skips if ($num['placeholder'] > $num['data']) { $skip = $num['placeholder'] - $num['data']; } if ($skip > 0) { // Need to skip $skip placeholders, because the user input contained placeholders // Calculate a substring which does not contain the user placeholders // 1 or -1 is the length of the placeholder (placeholder = ?) $pos = -1; for ($i = $skip; $i > 0; $i--) { $pos = strpos($query, '?', $pos + 1); } $pos++; $temp = substr($query, 0, $pos); // First part of $query $query = substr($query, $pos); // Last part of $query } // Put a backslash in front of every character that is part of the regular // expression syntax. Avoids a backreference when using preg_replace. $value = preg_quote($value); // Replace $query = preg_replace('/\\?/', $value, $query, 1); if ($skip > 0) { // Reassemble the parts of $query $query = $temp . $query; } // Reset skip $skip = 0; // Decrease number of data elements $num['data']--; } return $query; }
/** * Creates a smaller version of a photo when its size is bigger than a preset size. * Photo must be big enough and Imagick must be installed and activated. * @return boolean Returns true when successful. */ private function createMedium($url, $filename, $width, $height) { // Excepts the following: // (string) $url = Path to the photo-file // (string) $filename = Name of the photo-file // (int) $width = Width of the photo // (int) $height = Height of the photo // Call plugins Plugins::get()->activate(__METHOD__, 0, func_get_args()); // Quality of medium-photo $quality = 90; // Set to true when creation of medium-photo failed $error = false; // Size of the medium-photo // When changing these values, // also change the size detection in the front-end $newWidth = 1920; $newHeight = 1080; // Check permissions if (hasPermissions(LYCHEE_UPLOADS_MEDIUM) === false) { // Permissions are missing Log::notice(Database::get(), __METHOD__, __LINE__, 'Skipped creation of medium-photo, because uploads/medium/ is missing or not readable and writable.'); $error = true; } // Is photo big enough? // Is Imagick installed and activated? if ($error === false && ($width > $newWidth || $height > $newHeight) && (extension_loaded('imagick') && Settings::get()['imagick'] === '1')) { $newUrl = LYCHEE_UPLOADS_MEDIUM . $filename; // Read image $medium = new Imagick(); $medium->readImage($url); // Adjust image $medium->scaleImage($newWidth, $newHeight, true); $medium->stripImage(); $medium->setImageCompressionQuality($quality); // Save image try { $medium->writeImage($newUrl); } catch (ImagickException $err) { Log::notice(Database::get(), __METHOD__, __LINE__, 'Could not save medium-photo (' . $err->getMessage() . ')'); $error = true; } $medium->clear(); $medium->destroy(); } else { // Photo too small or // Medium is deactivated or // Imagick not installed $error = true; } // Call plugins Plugins::get()->activate(__METHOD__, 1, func_get_args()); if ($error === true) { return false; } return true; }