/** * Test * * @return void * * @dataProvider providerInvalidRemoteSource */ public function testAllowRemoteDownloadDefaultPatternInvalid($source) { $img = new CImage(); $img->setRemoteDownload(true); $res = $img->isRemoteSource($source); $this->assertFalse($res, "Should not be a valid remote source: '{$source}'."); }
if (isset($shortcut) && isset($shortcutConfig[$shortcut])) { parse_str($shortcutConfig[$shortcut], $get); verbose("shortcut-constant = {$shortcutConfig[$shortcut]}"); $_GET = array_merge($_GET, $get); } $srcImage = urldecode(get('src')) or errorPage('Must set src-attribute.', 404); $imagePath = getConfig('image_path', __DIR__ . '/img/'); $imagePathConstraint = getConfig('image_path_constraint', true); $validFilename = getConfig('valid_filename', '#^[a-z0-9A-Z-/_ \\.:]+$#'); $dummyEnabled = getConfig('dummy_enabled', true); $dummyFilename = getConfig('dummy_filename', 'dummy'); $dummyImage = false; preg_match($validFilename, $srcImage) or errorPage('Filename contains invalid characters.', 404); if ($dummyEnabled && $srcImage === $dummyFilename) { $dummyImage = true; } elseif ($allowRemote && $img->isRemoteSource($srcImage)) { } elseif ($imagePathConstraint) { $pathToImage = realpath($imagePath . $srcImage); $imageDir = realpath($imagePath); is_file($pathToImage) or errorPage('Source image is not a valid file, check the filename and that a matching file exists on the filesystem.', 404); substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0 or errorPage('Security constraint: Source image is not below the directory "image_path" as specified in the config file img_config.php.', 404); } verbose("src = {$srcImage}"); $sizeConstant = getConfig('size_constant', function () { $sizes = array('w1' => 613, 'w2' => 630); $gridColumnWidth = 30; $gridGutterWidth = 10; $gridColumns = 24; for ($i = 1; $i <= $gridColumns; $i++) {