function getImageProcessorURIFromCacheName($match, $watermarks) { $args = array(NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL); $set = array(); $done = false; $params = explode('_', stripSuffix($match)); while (!$done && count($params) > 1) { $check = array_pop($params); if (is_numeric($check) && !isset($set['w']) && !isset($set['h'])) { $set['s'] = $check; break; } else { $c = substr($check, 0, 1); if ($c == 'w' || $c == 'h') { if (is_numeric($v = substr($check, 1))) { $set[$c] = (int) $v; continue; } } if ($c == 'c') { $c = substr($check, 0, 2); if (is_numeric($v = substr($check, 2))) { $set[$c] = (int) $v; continue; } } if (!isset($set['w']) && !isset($set['h']) && !isset($set['s'])) { if (!isset($set['wm']) && in_array($check, $watermarks)) { $set['wmk'] = $check; } else { if ($check == 'thumb') { $set['t'] = true; } else { $set['effects'] = $check; } } } else { array_push($params, $check); break; } } } if (!isset($set['wmk'])) { $set['wmk'] = '!'; } $image = preg_replace('~.*/' . CACHEFOLDER . '/~', '', implode('_', $params)) . '.' . getSuffix($match); // strip out the obfustication $album = dirname($image); $image = preg_replace('~^[0-9a-f]{' . CACHE_HASH_LENGTH . '}\\.~', '', basename($image)); $image = $album . '/' . $image; return array($image, getImageArgs($set)); }
/* Prevent hotlinking to the full image from other domains. */ if (getOption('hotlink_protection') && isset($_SERVER['HTTP_REFERER'])) { preg_match('|(.*)//([^/]*)|', $_SERVER['HTTP_REFERER'], $matches); $checkstring = preg_replace('/^www./', '', strtolower($matches[2])); if (strpos($checkstring, ":")) { $checkstring = substr($checkstring, 0, strpos($checkstring, ":")); } if (preg_replace('/^www./', '', strtolower($_SERVER['SERVER_NAME'])) != $checkstring) { /* It seems they are directly requesting the full image. */ header('Location: ' . FULLWEBPATH . '/index.php?album=' . $album8 . '&image=' . $image8); exitZP(); } } $albumobj = newAlbum($album8, true, true); $imageobj = newImage($albumobj, $image8, true); $args = getImageArgs($_GET); $args[0] = 'FULL'; $adminrequest = $args[12]; if ($forbidden = getOption('image_processor_flooding_protection') && (!isset($_GET['check']) || $_GET['check'] != sha1(HASH_SEED . serialize($args)))) { // maybe it was from the tinyZenpage javascript which does not know better! zp_session_start(); $forbidden = !isset($_SESSION['adminRequest']) || $_SESSION['adminRequest'] != @$_COOKIE['zp_user_auth']; } $args[0] = 'FULL'; $hash = getOption('protected_image_password'); if (($hash || !$albumobj->checkAccess()) && !zp_loggedin(VIEW_FULLIMAGE_RIGHTS)) { // handle password form if posted zp_handle_password('zp_image_auth', getOption('protected_image_password'), getOption('protected_image_user')); //check for passwords $authType = 'zp_image_auth'; $hint = get_language_string(getOption('protected_image_hint'));
/** * Searches out i.php image links and replaces them with cache links if image is cached * @param string $text * @return string */ static function updateImageProcessorLink($text) { if (is_string($text) && preg_match('/^a:[0-9]+:{/', $text)) { // serialized array $text = getSerializedArray($text); $serial = true; } else { $serial = false; } if (is_array($text)) { foreach ($text as $key => $textelement) { $text[$key] = self::updateImageProcessorLink($textelement); } if ($serial) { $text = serialize($text); } } else { preg_match_all('|<\\s*img.*?\\ssrc\\s*=\\s*"([^"]*)?|', $text, $matches); foreach ($matches[1] as $key => $match) { preg_match('|.*i\\.php\\?(.*)|', $match, $imgproc); if ($imgproc) { $match = preg_split('~\\&[amp;]*~', $imgproc[1]); $set = array(); foreach ($match as $v) { $s = explode('=', $v); $set[$s[0]] = $s[1]; } $args = getImageArgs($set); $imageuri = getImageURI($args, urldecode($set['a']), urldecode($set['i']), NULL); if (strpos($imageuri, 'i.php') === false) { $text = str_replace($matches[1][$key], $imageuri, $text); } } } } return $text; }