1
0
mirror of https://github.com/mosbth/cimage.git synced 2025-08-13 19:44:16 +02:00

Added specific HTTP status messages to each error.

This commit is contained in:
Anatolie Diordita
2015-11-24 17:00:53 -05:00
parent ccacc9e0c1
commit 3c22db4392
3 changed files with 198 additions and 144 deletions

View File

@@ -16,21 +16,39 @@ $version = "v0.7.7 (2015-10-21)";
* Display error message. * Display error message.
* *
* @param string $msg to display. * @param string $msg to display.
* @param int $type of HTTP error to display.
* *
* @return void * @return void
*/ */
function errorPage($msg) function errorPage($msg, $type = 500)
{ {
global $mode; global $mode;
header("HTTP/1.0 500 Internal Server Error"); switch ($type) {
case 400:
$header = "400 Bad Request";
break;
case 401:
$header = "401 Unauthorized";
break;
case 403:
$header = "403 Forbidden";
break;
case 404:
$header = "404 Not Found";
break;
default:
$header = "500 Internal Server Error";
}
header("HTTP/1.0 $header");
if ($mode == 'development') { if ($mode == 'development') {
die("[img.php] $msg"); die("[img.php] $msg");
} }
error_log("[img.php] $msg"); error_log("[img.php] $msg");
die("HTTP/1.0 500 Internal Server Error"); die("HTTP/1.0 $header");
} }
@@ -45,7 +63,7 @@ set_exception_handler(function ($exception) {
. "</p><pre>" . "</p><pre>"
. $exception->getTraceAsString() . $exception->getTraceAsString()
. "</pre>" . "</pre>"
); , 500);
}); });
@@ -175,7 +193,7 @@ set_time_limit(20);
ini_set('gd.jpeg_ignore_warning', 1); ini_set('gd.jpeg_ignore_warning', 1);
if (!extension_loaded('gd')) { if (!extension_loaded('gd')) {
errorPage("Extension gd is nod loaded."); errorPage("Extension gd is not loaded.", 500);
} }
// Specific settings for each mode // Specific settings for each mode
@@ -211,7 +229,7 @@ if ($mode == 'strict') {
ini_set('log_errors', 0); ini_set('log_errors', 0);
} else { } else {
errorPage("Unknown mode: $mode"); errorPage("Unknown mode: $mode", 500);
} }
verbose("mode = $mode"); verbose("mode = $mode");
@@ -260,7 +278,7 @@ if ($pwd) {
} }
if ($pwdAlways && $passwordMatch !== true) { if ($pwdAlways && $passwordMatch !== true) {
errorPage("Password required and does not match or exists."); errorPage("Password required and does not match or exists.", 401);
} }
verbose("password match = $passwordMatch"); verbose("password match = $passwordMatch");
@@ -284,9 +302,9 @@ if (!$allowHotlinking) {
; // Always allow when password match ; // Always allow when password match
verbose("Hotlinking since passwordmatch"); verbose("Hotlinking since passwordmatch");
} elseif ($passwordMatch === false) { } elseif ($passwordMatch === false) {
errorPage("Hotlinking/leeching not allowed when password missmatch."); errorPage("Hotlinking/leeching not allowed when password missmatch.", 401);
} elseif (!$referer) { } elseif (!$referer) {
errorPage("Hotlinking/leeching not allowed and referer is missing."); errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
} elseif (strcmp($serverName, $refererHost) == 0) { } elseif (strcmp($serverName, $refererHost) == 0) {
; // Allow when serverName matches refererHost ; // Allow when serverName matches refererHost
verbose("Hotlinking disallowed but serverName matches refererHost."); verbose("Hotlinking disallowed but serverName matches refererHost.");
@@ -297,11 +315,11 @@ if (!$allowHotlinking) {
if ($allowedByWhitelist) { if ($allowedByWhitelist) {
verbose("Hotlinking/leeching allowed by whitelist."); verbose("Hotlinking/leeching allowed by whitelist.");
} else { } else {
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer."); errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.", 403);
} }
} else { } else {
errorPage("Hotlinking/leeching not allowed."); errorPage("Hotlinking/leeching not allowed.", 403);
} }
} }
@@ -375,7 +393,7 @@ if (isset($shortcut)
* src - the source image file. * src - the source image file.
*/ */
$srcImage = urldecode(get('src')) $srcImage = urldecode(get('src'))
or errorPage('Must set src-attribute.'); or errorPage('Must set src-attribute.', 400);
// Check for valid/invalid characters // Check for valid/invalid characters
$imagePath = getConfig('image_path', __DIR__ . '/img/'); $imagePath = getConfig('image_path', __DIR__ . '/img/');
@@ -388,7 +406,7 @@ $dummyFilename = getConfig('dummy_filename', 'dummy');
$dummyImage = false; $dummyImage = false;
preg_match($validFilename, $srcImage) preg_match($validFilename, $srcImage)
or errorPage('Filename contains invalid characters.'); or errorPage('Filename contains invalid characters.', 400);
if ($dummyEnabled && $srcImage === $dummyFilename) { if ($dummyEnabled && $srcImage === $dummyFilename) {
@@ -409,13 +427,13 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
or errorPage( or errorPage(
'Source image is not a valid file, check the filename and that a 'Source image is not a valid file, check the filename and that a
matching file exists on the filesystem.' matching file exists on the filesystem.'
); , 404);
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0 substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
or errorPage( or errorPage(
'Security constraint: Source image is not below the directory "image_path" 'Security constraint: Source image is not below the directory "image_path"
as specified in the config file img_config.php.' as specified in the config file img_config.php.'
); , 500);
} }
verbose("src = $srcImage"); verbose("src = $srcImage");
@@ -464,11 +482,11 @@ if (isset($sizes[$newWidth])) {
// Support width as % of original width // Support width as % of original width
if ($newWidth[strlen($newWidth)-1] == '%') { if ($newWidth[strlen($newWidth)-1] == '%') {
is_numeric(substr($newWidth, 0, -1)) is_numeric(substr($newWidth, 0, -1))
or errorPage('Width % not numeric.'); or errorPage('Width % not numeric.', 400);
} else { } else {
is_null($newWidth) is_null($newWidth)
or ($newWidth > 10 && $newWidth <= $maxWidth) or ($newWidth > 10 && $newWidth <= $maxWidth)
or errorPage('Width out of range.'); or errorPage('Width out of range.', 400);
} }
verbose("new width = $newWidth"); verbose("new width = $newWidth");
@@ -489,11 +507,11 @@ if (isset($sizes[$newHeight])) {
// height // height
if ($newHeight[strlen($newHeight)-1] == '%') { if ($newHeight[strlen($newHeight)-1] == '%') {
is_numeric(substr($newHeight, 0, -1)) is_numeric(substr($newHeight, 0, -1))
or errorPage('Height % out of range.'); or errorPage('Height % out of range.', 400);
} else { } else {
is_null($newHeight) is_null($newHeight)
or ($newHeight > 10 && $newHeight <= $maxHeight) or ($newHeight > 10 && $newHeight <= $maxHeight)
or errorPage('Hight out of range.'); or errorPage('Height out of range.', 400);
} }
verbose("new height = $newHeight"); verbose("new height = $newHeight");
@@ -531,7 +549,7 @@ if ($negateAspectRatio) {
is_null($aspectRatio) is_null($aspectRatio)
or is_numeric($aspectRatio) or is_numeric($aspectRatio)
or errorPage('Aspect ratio out of range'); or errorPage('Aspect ratio out of range', 400);
verbose("aspect ratio = $aspectRatio"); verbose("aspect ratio = $aspectRatio");
@@ -653,7 +671,7 @@ $qualityDefault = getConfig('jpg_quality', null);
is_null($quality) is_null($quality)
or ($quality > 0 and $quality <= 100) or ($quality > 0 and $quality <= 100)
or errorPage('Quality out of range'); or errorPage('Quality out of range', 400);
if (is_null($quality) && !is_null($qualityDefault)) { if (is_null($quality) && !is_null($qualityDefault)) {
$quality = $qualityDefault; $quality = $qualityDefault;
@@ -671,7 +689,7 @@ $compressDefault = getConfig('png_compression', null);
is_null($compress) is_null($compress)
or ($compress > 0 and $compress <= 9) or ($compress > 0 and $compress <= 9)
or errorPage('Compress out of range'); or errorPage('Compress out of range', 400);
if (is_null($compress) && !is_null($compressDefault)) { if (is_null($compress) && !is_null($compressDefault)) {
$compress = $compressDefault; $compress = $compressDefault;
@@ -697,7 +715,7 @@ $scale = get(array('scale', 's'));
is_null($scale) is_null($scale)
or ($scale >= 0 and $scale <= 400) or ($scale >= 0 and $scale <= 400)
or errorPage('Scale out of range'); or errorPage('Scale out of range', 400);
verbose("scale = $scale"); verbose("scale = $scale");
@@ -746,7 +764,7 @@ $rotateBefore = get(array('rotateBefore', 'rotate-before', 'rb'));
is_null($rotateBefore) is_null($rotateBefore)
or ($rotateBefore >= -360 and $rotateBefore <= 360) or ($rotateBefore >= -360 and $rotateBefore <= 360)
or errorPage('RotateBefore out of range'); or errorPage('RotateBefore out of range', 400);
verbose("rotateBefore = $rotateBefore"); verbose("rotateBefore = $rotateBefore");
@@ -759,7 +777,7 @@ $rotateAfter = get(array('rotateAfter', 'rotate-after', 'ra', 'rotate', 'r'));
is_null($rotateAfter) is_null($rotateAfter)
or ($rotateAfter >= -360 and $rotateAfter <= 360) or ($rotateAfter >= -360 and $rotateAfter <= 360)
or errorPage('RotateBefore out of range'); or errorPage('RotateBefore out of range', 400);
verbose("rotateAfter = $rotateAfter"); verbose("rotateAfter = $rotateAfter");
@@ -908,13 +926,13 @@ if ($alias && $aliasPath && $passwordMatch) {
$useCache = false; $useCache = false;
is_writable($aliasPath) is_writable($aliasPath)
or errorPage("Directory for alias is not writable."); or errorPage("Directory for alias is not writable.", 500);
preg_match($validAliasname, $alias) preg_match($validAliasname, $alias)
or errorPage('Filename for alias contains invalid characters. Do not add extension.'); or errorPage('Filename for alias contains invalid characters. Do not add extension.', 500);
} elseif ($alias) { } elseif ($alias) {
errorPage('Alias is not enabled in the config file or password not matching.'); errorPage('Alias is not enabled in the config file or password not matching.', 500);
} }
verbose("alias = $alias"); verbose("alias = $alias");

View File

@@ -3642,21 +3642,39 @@ $version = "v0.7.7 (2015-10-21)";
* Display error message. * Display error message.
* *
* @param string $msg to display. * @param string $msg to display.
* @param int $type of HTTP error to display.
* *
* @return void * @return void
*/ */
function errorPage($msg) function errorPage($msg, $type = 500)
{ {
global $mode; global $mode;
header("HTTP/1.0 500 Internal Server Error"); switch ($type) {
case 400:
$header = "400 Bad Request";
break;
case 401:
$header = "401 Unauthorized";
break;
case 403:
$header = "403 Forbidden";
break;
case 404:
$header = "404 Not Found";
break;
default:
$header = "500 Internal Server Error";
}
header("HTTP/1.0 $header");
if ($mode == 'development') { if ($mode == 'development') {
die("[img.php] $msg"); die("[img.php] $msg");
} }
error_log("[img.php] $msg"); error_log("[img.php] $msg");
die("HTTP/1.0 500 Internal Server Error"); die("HTTP/1.0 $header");
} }
@@ -3671,7 +3689,7 @@ set_exception_handler(function ($exception) {
. "</p><pre>" . "</p><pre>"
. $exception->getTraceAsString() . $exception->getTraceAsString()
. "</pre>" . "</pre>"
); , 500);
}); });
@@ -3801,7 +3819,7 @@ set_time_limit(20);
ini_set('gd.jpeg_ignore_warning', 1); ini_set('gd.jpeg_ignore_warning', 1);
if (!extension_loaded('gd')) { if (!extension_loaded('gd')) {
errorPage("Extension gd is nod loaded."); errorPage("Extension gd is not loaded.", 500);
} }
// Specific settings for each mode // Specific settings for each mode
@@ -3837,7 +3855,7 @@ if ($mode == 'strict') {
ini_set('log_errors', 0); ini_set('log_errors', 0);
} else { } else {
errorPage("Unknown mode: $mode"); errorPage("Unknown mode: $mode", 500);
} }
verbose("mode = $mode"); verbose("mode = $mode");
@@ -3886,7 +3904,7 @@ if ($pwd) {
} }
if ($pwdAlways && $passwordMatch !== true) { if ($pwdAlways && $passwordMatch !== true) {
errorPage("Password required and does not match or exists."); errorPage("Password required and does not match or exists.", 401);
} }
verbose("password match = $passwordMatch"); verbose("password match = $passwordMatch");
@@ -3910,9 +3928,9 @@ if (!$allowHotlinking) {
; // Always allow when password match ; // Always allow when password match
verbose("Hotlinking since passwordmatch"); verbose("Hotlinking since passwordmatch");
} elseif ($passwordMatch === false) { } elseif ($passwordMatch === false) {
errorPage("Hotlinking/leeching not allowed when password missmatch."); errorPage("Hotlinking/leeching not allowed when password missmatch.", 401);
} elseif (!$referer) { } elseif (!$referer) {
errorPage("Hotlinking/leeching not allowed and referer is missing."); errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
} elseif (strcmp($serverName, $refererHost) == 0) { } elseif (strcmp($serverName, $refererHost) == 0) {
; // Allow when serverName matches refererHost ; // Allow when serverName matches refererHost
verbose("Hotlinking disallowed but serverName matches refererHost."); verbose("Hotlinking disallowed but serverName matches refererHost.");
@@ -3923,11 +3941,11 @@ if (!$allowHotlinking) {
if ($allowedByWhitelist) { if ($allowedByWhitelist) {
verbose("Hotlinking/leeching allowed by whitelist."); verbose("Hotlinking/leeching allowed by whitelist.");
} else { } else {
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer."); errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.", 403);
} }
} else { } else {
errorPage("Hotlinking/leeching not allowed."); errorPage("Hotlinking/leeching not allowed.", 403);
} }
} }
@@ -4001,7 +4019,7 @@ if (isset($shortcut)
* src - the source image file. * src - the source image file.
*/ */
$srcImage = urldecode(get('src')) $srcImage = urldecode(get('src'))
or errorPage('Must set src-attribute.'); or errorPage('Must set src-attribute.', 400);
// Check for valid/invalid characters // Check for valid/invalid characters
$imagePath = getConfig('image_path', __DIR__ . '/img/'); $imagePath = getConfig('image_path', __DIR__ . '/img/');
@@ -4014,7 +4032,7 @@ $dummyFilename = getConfig('dummy_filename', 'dummy');
$dummyImage = false; $dummyImage = false;
preg_match($validFilename, $srcImage) preg_match($validFilename, $srcImage)
or errorPage('Filename contains invalid characters.'); or errorPage('Filename contains invalid characters.', 400);
if ($dummyEnabled && $srcImage === $dummyFilename) { if ($dummyEnabled && $srcImage === $dummyFilename) {
@@ -4035,13 +4053,13 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
or errorPage( or errorPage(
'Source image is not a valid file, check the filename and that a 'Source image is not a valid file, check the filename and that a
matching file exists on the filesystem.' matching file exists on the filesystem.'
); , 404);
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0 substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
or errorPage( or errorPage(
'Security constraint: Source image is not below the directory "image_path" 'Security constraint: Source image is not below the directory "image_path"
as specified in the config file img_config.php.' as specified in the config file img_config.php.'
); , 500);
} }
verbose("src = $srcImage"); verbose("src = $srcImage");
@@ -4090,11 +4108,11 @@ if (isset($sizes[$newWidth])) {
// Support width as % of original width // Support width as % of original width
if ($newWidth[strlen($newWidth)-1] == '%') { if ($newWidth[strlen($newWidth)-1] == '%') {
is_numeric(substr($newWidth, 0, -1)) is_numeric(substr($newWidth, 0, -1))
or errorPage('Width % not numeric.'); or errorPage('Width % not numeric.', 400);
} else { } else {
is_null($newWidth) is_null($newWidth)
or ($newWidth > 10 && $newWidth <= $maxWidth) or ($newWidth > 10 && $newWidth <= $maxWidth)
or errorPage('Width out of range.'); or errorPage('Width out of range.', 400);
} }
verbose("new width = $newWidth"); verbose("new width = $newWidth");
@@ -4115,11 +4133,11 @@ if (isset($sizes[$newHeight])) {
// height // height
if ($newHeight[strlen($newHeight)-1] == '%') { if ($newHeight[strlen($newHeight)-1] == '%') {
is_numeric(substr($newHeight, 0, -1)) is_numeric(substr($newHeight, 0, -1))
or errorPage('Height % out of range.'); or errorPage('Height % out of range.', 400);
} else { } else {
is_null($newHeight) is_null($newHeight)
or ($newHeight > 10 && $newHeight <= $maxHeight) or ($newHeight > 10 && $newHeight <= $maxHeight)
or errorPage('Hight out of range.'); or errorPage('Height out of range.', 400);
} }
verbose("new height = $newHeight"); verbose("new height = $newHeight");
@@ -4157,7 +4175,7 @@ if ($negateAspectRatio) {
is_null($aspectRatio) is_null($aspectRatio)
or is_numeric($aspectRatio) or is_numeric($aspectRatio)
or errorPage('Aspect ratio out of range'); or errorPage('Aspect ratio out of range', 400);
verbose("aspect ratio = $aspectRatio"); verbose("aspect ratio = $aspectRatio");
@@ -4279,7 +4297,7 @@ $qualityDefault = getConfig('jpg_quality', null);
is_null($quality) is_null($quality)
or ($quality > 0 and $quality <= 100) or ($quality > 0 and $quality <= 100)
or errorPage('Quality out of range'); or errorPage('Quality out of range', 400);
if (is_null($quality) && !is_null($qualityDefault)) { if (is_null($quality) && !is_null($qualityDefault)) {
$quality = $qualityDefault; $quality = $qualityDefault;
@@ -4297,7 +4315,7 @@ $compressDefault = getConfig('png_compression', null);
is_null($compress) is_null($compress)
or ($compress > 0 and $compress <= 9) or ($compress > 0 and $compress <= 9)
or errorPage('Compress out of range'); or errorPage('Compress out of range', 400);
if (is_null($compress) && !is_null($compressDefault)) { if (is_null($compress) && !is_null($compressDefault)) {
$compress = $compressDefault; $compress = $compressDefault;
@@ -4323,7 +4341,7 @@ $scale = get(array('scale', 's'));
is_null($scale) is_null($scale)
or ($scale >= 0 and $scale <= 400) or ($scale >= 0 and $scale <= 400)
or errorPage('Scale out of range'); or errorPage('Scale out of range', 400);
verbose("scale = $scale"); verbose("scale = $scale");
@@ -4372,7 +4390,7 @@ $rotateBefore = get(array('rotateBefore', 'rotate-before', 'rb'));
is_null($rotateBefore) is_null($rotateBefore)
or ($rotateBefore >= -360 and $rotateBefore <= 360) or ($rotateBefore >= -360 and $rotateBefore <= 360)
or errorPage('RotateBefore out of range'); or errorPage('RotateBefore out of range', 400);
verbose("rotateBefore = $rotateBefore"); verbose("rotateBefore = $rotateBefore");
@@ -4385,7 +4403,7 @@ $rotateAfter = get(array('rotateAfter', 'rotate-after', 'ra', 'rotate', 'r'));
is_null($rotateAfter) is_null($rotateAfter)
or ($rotateAfter >= -360 and $rotateAfter <= 360) or ($rotateAfter >= -360 and $rotateAfter <= 360)
or errorPage('RotateBefore out of range'); or errorPage('RotateBefore out of range', 400);
verbose("rotateAfter = $rotateAfter"); verbose("rotateAfter = $rotateAfter");
@@ -4534,13 +4552,13 @@ if ($alias && $aliasPath && $passwordMatch) {
$useCache = false; $useCache = false;
is_writable($aliasPath) is_writable($aliasPath)
or errorPage("Directory for alias is not writable."); or errorPage("Directory for alias is not writable.", 500);
preg_match($validAliasname, $alias) preg_match($validAliasname, $alias)
or errorPage('Filename for alias contains invalid characters. Do not add extension.'); or errorPage('Filename for alias contains invalid characters. Do not add extension.', 500);
} elseif ($alias) { } elseif ($alias) {
errorPage('Alias is not enabled in the config file or password not matching.'); errorPage('Alias is not enabled in the config file or password not matching.', 500);
} }
verbose("alias = $alias"); verbose("alias = $alias");

View File

@@ -3642,21 +3642,39 @@ $version = "v0.7.7 (2015-10-21)";
* Display error message. * Display error message.
* *
* @param string $msg to display. * @param string $msg to display.
* @param int $type of HTTP error to display.
* *
* @return void * @return void
*/ */
function errorPage($msg) function errorPage($msg, $type = 500)
{ {
global $mode; global $mode;
header("HTTP/1.0 500 Internal Server Error"); switch ($type) {
case 400:
$header = "400 Bad Request";
break;
case 401:
$header = "401 Unauthorized";
break;
case 403:
$header = "403 Forbidden";
break;
case 404:
$header = "404 Not Found";
break;
default:
$header = "500 Internal Server Error";
}
header("HTTP/1.0 $header");
if ($mode == 'development') { if ($mode == 'development') {
die("[img.php] $msg"); die("[img.php] $msg");
} }
error_log("[img.php] $msg"); error_log("[img.php] $msg");
die("HTTP/1.0 500 Internal Server Error"); die("HTTP/1.0 $header");
} }
@@ -3671,7 +3689,7 @@ set_exception_handler(function ($exception) {
. "</p><pre>" . "</p><pre>"
. $exception->getTraceAsString() . $exception->getTraceAsString()
. "</pre>" . "</pre>"
); , 500);
}); });
@@ -3801,7 +3819,7 @@ set_time_limit(20);
ini_set('gd.jpeg_ignore_warning', 1); ini_set('gd.jpeg_ignore_warning', 1);
if (!extension_loaded('gd')) { if (!extension_loaded('gd')) {
errorPage("Extension gd is nod loaded."); errorPage("Extension gd is not loaded.", 500);
} }
// Specific settings for each mode // Specific settings for each mode
@@ -3837,7 +3855,7 @@ if ($mode == 'strict') {
ini_set('log_errors', 0); ini_set('log_errors', 0);
} else { } else {
errorPage("Unknown mode: $mode"); errorPage("Unknown mode: $mode", 500);
} }
verbose("mode = $mode"); verbose("mode = $mode");
@@ -3886,7 +3904,7 @@ if ($pwd) {
} }
if ($pwdAlways && $passwordMatch !== true) { if ($pwdAlways && $passwordMatch !== true) {
errorPage("Password required and does not match or exists."); errorPage("Password required and does not match or exists.", 401);
} }
verbose("password match = $passwordMatch"); verbose("password match = $passwordMatch");
@@ -3910,9 +3928,9 @@ if (!$allowHotlinking) {
; // Always allow when password match ; // Always allow when password match
verbose("Hotlinking since passwordmatch"); verbose("Hotlinking since passwordmatch");
} elseif ($passwordMatch === false) { } elseif ($passwordMatch === false) {
errorPage("Hotlinking/leeching not allowed when password missmatch."); errorPage("Hotlinking/leeching not allowed when password missmatch.", 401);
} elseif (!$referer) { } elseif (!$referer) {
errorPage("Hotlinking/leeching not allowed and referer is missing."); errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
} elseif (strcmp($serverName, $refererHost) == 0) { } elseif (strcmp($serverName, $refererHost) == 0) {
; // Allow when serverName matches refererHost ; // Allow when serverName matches refererHost
verbose("Hotlinking disallowed but serverName matches refererHost."); verbose("Hotlinking disallowed but serverName matches refererHost.");
@@ -3923,11 +3941,11 @@ if (!$allowHotlinking) {
if ($allowedByWhitelist) { if ($allowedByWhitelist) {
verbose("Hotlinking/leeching allowed by whitelist."); verbose("Hotlinking/leeching allowed by whitelist.");
} else { } else {
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer."); errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.", 403);
} }
} else { } else {
errorPage("Hotlinking/leeching not allowed."); errorPage("Hotlinking/leeching not allowed.", 403);
} }
} }
@@ -4001,7 +4019,7 @@ if (isset($shortcut)
* src - the source image file. * src - the source image file.
*/ */
$srcImage = urldecode(get('src')) $srcImage = urldecode(get('src'))
or errorPage('Must set src-attribute.'); or errorPage('Must set src-attribute.', 400);
// Check for valid/invalid characters // Check for valid/invalid characters
$imagePath = getConfig('image_path', __DIR__ . '/img/'); $imagePath = getConfig('image_path', __DIR__ . '/img/');
@@ -4014,7 +4032,7 @@ $dummyFilename = getConfig('dummy_filename', 'dummy');
$dummyImage = false; $dummyImage = false;
preg_match($validFilename, $srcImage) preg_match($validFilename, $srcImage)
or errorPage('Filename contains invalid characters.'); or errorPage('Filename contains invalid characters.', 400);
if ($dummyEnabled && $srcImage === $dummyFilename) { if ($dummyEnabled && $srcImage === $dummyFilename) {
@@ -4035,13 +4053,13 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
or errorPage( or errorPage(
'Source image is not a valid file, check the filename and that a 'Source image is not a valid file, check the filename and that a
matching file exists on the filesystem.' matching file exists on the filesystem.'
); , 404);
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0 substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
or errorPage( or errorPage(
'Security constraint: Source image is not below the directory "image_path" 'Security constraint: Source image is not below the directory "image_path"
as specified in the config file img_config.php.' as specified in the config file img_config.php.'
); , 500);
} }
verbose("src = $srcImage"); verbose("src = $srcImage");
@@ -4090,11 +4108,11 @@ if (isset($sizes[$newWidth])) {
// Support width as % of original width // Support width as % of original width
if ($newWidth[strlen($newWidth)-1] == '%') { if ($newWidth[strlen($newWidth)-1] == '%') {
is_numeric(substr($newWidth, 0, -1)) is_numeric(substr($newWidth, 0, -1))
or errorPage('Width % not numeric.'); or errorPage('Width % not numeric.', 400);
} else { } else {
is_null($newWidth) is_null($newWidth)
or ($newWidth > 10 && $newWidth <= $maxWidth) or ($newWidth > 10 && $newWidth <= $maxWidth)
or errorPage('Width out of range.'); or errorPage('Width out of range.', 400);
} }
verbose("new width = $newWidth"); verbose("new width = $newWidth");
@@ -4115,11 +4133,11 @@ if (isset($sizes[$newHeight])) {
// height // height
if ($newHeight[strlen($newHeight)-1] == '%') { if ($newHeight[strlen($newHeight)-1] == '%') {
is_numeric(substr($newHeight, 0, -1)) is_numeric(substr($newHeight, 0, -1))
or errorPage('Height % out of range.'); or errorPage('Height % out of range.', 400);
} else { } else {
is_null($newHeight) is_null($newHeight)
or ($newHeight > 10 && $newHeight <= $maxHeight) or ($newHeight > 10 && $newHeight <= $maxHeight)
or errorPage('Hight out of range.'); or errorPage('Height out of range.', 400);
} }
verbose("new height = $newHeight"); verbose("new height = $newHeight");
@@ -4157,7 +4175,7 @@ if ($negateAspectRatio) {
is_null($aspectRatio) is_null($aspectRatio)
or is_numeric($aspectRatio) or is_numeric($aspectRatio)
or errorPage('Aspect ratio out of range'); or errorPage('Aspect ratio out of range', 400);
verbose("aspect ratio = $aspectRatio"); verbose("aspect ratio = $aspectRatio");
@@ -4279,7 +4297,7 @@ $qualityDefault = getConfig('jpg_quality', null);
is_null($quality) is_null($quality)
or ($quality > 0 and $quality <= 100) or ($quality > 0 and $quality <= 100)
or errorPage('Quality out of range'); or errorPage('Quality out of range', 400);
if (is_null($quality) && !is_null($qualityDefault)) { if (is_null($quality) && !is_null($qualityDefault)) {
$quality = $qualityDefault; $quality = $qualityDefault;
@@ -4297,7 +4315,7 @@ $compressDefault = getConfig('png_compression', null);
is_null($compress) is_null($compress)
or ($compress > 0 and $compress <= 9) or ($compress > 0 and $compress <= 9)
or errorPage('Compress out of range'); or errorPage('Compress out of range', 400);
if (is_null($compress) && !is_null($compressDefault)) { if (is_null($compress) && !is_null($compressDefault)) {
$compress = $compressDefault; $compress = $compressDefault;
@@ -4323,7 +4341,7 @@ $scale = get(array('scale', 's'));
is_null($scale) is_null($scale)
or ($scale >= 0 and $scale <= 400) or ($scale >= 0 and $scale <= 400)
or errorPage('Scale out of range'); or errorPage('Scale out of range', 400);
verbose("scale = $scale"); verbose("scale = $scale");
@@ -4372,7 +4390,7 @@ $rotateBefore = get(array('rotateBefore', 'rotate-before', 'rb'));
is_null($rotateBefore) is_null($rotateBefore)
or ($rotateBefore >= -360 and $rotateBefore <= 360) or ($rotateBefore >= -360 and $rotateBefore <= 360)
or errorPage('RotateBefore out of range'); or errorPage('RotateBefore out of range', 400);
verbose("rotateBefore = $rotateBefore"); verbose("rotateBefore = $rotateBefore");
@@ -4385,7 +4403,7 @@ $rotateAfter = get(array('rotateAfter', 'rotate-after', 'ra', 'rotate', 'r'));
is_null($rotateAfter) is_null($rotateAfter)
or ($rotateAfter >= -360 and $rotateAfter <= 360) or ($rotateAfter >= -360 and $rotateAfter <= 360)
or errorPage('RotateBefore out of range'); or errorPage('RotateBefore out of range', 400);
verbose("rotateAfter = $rotateAfter"); verbose("rotateAfter = $rotateAfter");
@@ -4534,13 +4552,13 @@ if ($alias && $aliasPath && $passwordMatch) {
$useCache = false; $useCache = false;
is_writable($aliasPath) is_writable($aliasPath)
or errorPage("Directory for alias is not writable."); or errorPage("Directory for alias is not writable.", 500);
preg_match($validAliasname, $alias) preg_match($validAliasname, $alias)
or errorPage('Filename for alias contains invalid characters. Do not add extension.'); or errorPage('Filename for alias contains invalid characters. Do not add extension.', 500);
} elseif ($alias) { } elseif ($alias) {
errorPage('Alias is not enabled in the config file or password not matching.'); errorPage('Alias is not enabled in the config file or password not matching.', 500);
} }
verbose("alias = $alias"); verbose("alias = $alias");