// No path traversing in file name if (preg_match("/[^a-zA-Z0-9._-]/", $matches[2])) { header('HTTP/1.1 403 Forbidden'); exit; } $KokenAPI = new KokenAPI(); $settings = $KokenAPI->get('/settings'); if ($custom) { $original = $root . $ds . 'storage' . $ds . 'custom' . $ds . preg_replace('/\\-(jpe?g|gif|png)$/i', '.$1', $matches[2]); list($source_width, $source_height) = getimagesize($original); } else { $id = (int) str_replace('/', '', $matches[1]); $content = $KokenAPI->get('/content/' . $id); $original_info = pathinfo($content['filename']); if (!isset($content['html']) && strtolower($original_info['filename']) !== strtolower($matches[2])) { $KokenAPI->clear(); header('HTTP/1.1 404 Not Found'); exit; } if (isset($content['original']['preview'])) { if (isset($content['original']['preview']['relative_url'])) { $original = $root . $content['original']['preview']['relative_url']; } else { $original = $content['original']['preview']['url']; } $source_width = $content['original']['preview']['width']; $source_height = $content['original']['preview']['height']; } else { if (isset($content['original']['relative_url'])) { $original = $root . $content['original']['relative_url']; } else {