mirror of
https://github.com/mosbth/cimage.git
synced 2025-08-02 06:10:27 +02:00
Updated to reflect changes proposed in issue #127
This commit is contained in:
Anatolie Diordita
@@ -25,12 +25,6 @@ function errorPage($msg, $type = 500)
|
|||||||
global $mode;
|
global $mode;
|
||||||
|
|
||||||
switch ($type) {
|
switch ($type) {
|
||||||
case 400:
|
|
||||||
$header = "400 Bad Request";
|
|
||||||
break;
|
|
||||||
case 401:
|
|
||||||
$header = "401 Unauthorized";
|
|
||||||
break;
|
|
||||||
case 403:
|
case 403:
|
||||||
$header = "403 Forbidden";
|
$header = "403 Forbidden";
|
||||||
break;
|
break;
|
||||||
@@ -278,7 +272,7 @@ if ($pwd) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($pwdAlways && $passwordMatch !== true) {
|
if ($pwdAlways && $passwordMatch !== true) {
|
||||||
errorPage("Password required and does not match or exists.", 401);
|
errorPage("Password required and does not match or exists.", 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("password match = $passwordMatch");
|
verbose("password match = $passwordMatch");
|
||||||
@@ -302,7 +296,7 @@ if (!$allowHotlinking) {
|
|||||||
; // Always allow when password match
|
; // Always allow when password match
|
||||||
verbose("Hotlinking since passwordmatch");
|
verbose("Hotlinking since passwordmatch");
|
||||||
} elseif ($passwordMatch === false) {
|
} elseif ($passwordMatch === false) {
|
||||||
errorPage("Hotlinking/leeching not allowed when password missmatch.", 401);
|
errorPage("Hotlinking/leeching not allowed when password missmatch.", 403);
|
||||||
} elseif (!$referer) {
|
} elseif (!$referer) {
|
||||||
errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
|
errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
|
||||||
} elseif (strcmp($serverName, $refererHost) == 0) {
|
} elseif (strcmp($serverName, $refererHost) == 0) {
|
||||||
@@ -393,7 +387,7 @@ if (isset($shortcut)
|
|||||||
* src - the source image file.
|
* src - the source image file.
|
||||||
*/
|
*/
|
||||||
$srcImage = urldecode(get('src'))
|
$srcImage = urldecode(get('src'))
|
||||||
or errorPage('Must set src-attribute.', 400);
|
or errorPage('Must set src-attribute.', 404);
|
||||||
|
|
||||||
// Check for valid/invalid characters
|
// Check for valid/invalid characters
|
||||||
$imagePath = getConfig('image_path', __DIR__ . '/img/');
|
$imagePath = getConfig('image_path', __DIR__ . '/img/');
|
||||||
@@ -406,7 +400,7 @@ $dummyFilename = getConfig('dummy_filename', 'dummy');
|
|||||||
$dummyImage = false;
|
$dummyImage = false;
|
||||||
|
|
||||||
preg_match($validFilename, $srcImage)
|
preg_match($validFilename, $srcImage)
|
||||||
or errorPage('Filename contains invalid characters.', 400);
|
or errorPage('Filename contains invalid characters.', 404);
|
||||||
|
|
||||||
if ($dummyEnabled && $srcImage === $dummyFilename) {
|
if ($dummyEnabled && $srcImage === $dummyFilename) {
|
||||||
|
|
||||||
@@ -433,7 +427,7 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
|
|||||||
or errorPage(
|
or errorPage(
|
||||||
'Security constraint: Source image is not below the directory "image_path"
|
'Security constraint: Source image is not below the directory "image_path"
|
||||||
as specified in the config file img_config.php.'
|
as specified in the config file img_config.php.'
|
||||||
, 500);
|
, 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("src = $srcImage");
|
verbose("src = $srcImage");
|
||||||
@@ -482,11 +476,11 @@ if (isset($sizes[$newWidth])) {
|
|||||||
// Support width as % of original width
|
// Support width as % of original width
|
||||||
if ($newWidth[strlen($newWidth)-1] == '%') {
|
if ($newWidth[strlen($newWidth)-1] == '%') {
|
||||||
is_numeric(substr($newWidth, 0, -1))
|
is_numeric(substr($newWidth, 0, -1))
|
||||||
or errorPage('Width % not numeric.', 400);
|
or errorPage('Width % not numeric.', 404);
|
||||||
} else {
|
} else {
|
||||||
is_null($newWidth)
|
is_null($newWidth)
|
||||||
or ($newWidth > 10 && $newWidth <= $maxWidth)
|
or ($newWidth > 10 && $newWidth <= $maxWidth)
|
||||||
or errorPage('Width out of range.', 400);
|
or errorPage('Width out of range.', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("new width = $newWidth");
|
verbose("new width = $newWidth");
|
||||||
@@ -507,11 +501,11 @@ if (isset($sizes[$newHeight])) {
|
|||||||
// height
|
// height
|
||||||
if ($newHeight[strlen($newHeight)-1] == '%') {
|
if ($newHeight[strlen($newHeight)-1] == '%') {
|
||||||
is_numeric(substr($newHeight, 0, -1))
|
is_numeric(substr($newHeight, 0, -1))
|
||||||
or errorPage('Height % out of range.', 400);
|
or errorPage('Height % out of range.', 404);
|
||||||
} else {
|
} else {
|
||||||
is_null($newHeight)
|
is_null($newHeight)
|
||||||
or ($newHeight > 10 && $newHeight <= $maxHeight)
|
or ($newHeight > 10 && $newHeight <= $maxHeight)
|
||||||
or errorPage('Height out of range.', 400);
|
or errorPage('Height out of range.', 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("new height = $newHeight");
|
verbose("new height = $newHeight");
|
||||||
@@ -549,7 +543,7 @@ if ($negateAspectRatio) {
|
|||||||
|
|
||||||
is_null($aspectRatio)
|
is_null($aspectRatio)
|
||||||
or is_numeric($aspectRatio)
|
or is_numeric($aspectRatio)
|
||||||
or errorPage('Aspect ratio out of range', 400);
|
or errorPage('Aspect ratio out of range', 404);
|
||||||
|
|
||||||
verbose("aspect ratio = $aspectRatio");
|
verbose("aspect ratio = $aspectRatio");
|
||||||
|
|
||||||
@@ -671,7 +665,7 @@ $qualityDefault = getConfig('jpg_quality', null);
|
|||||||
|
|
||||||
is_null($quality)
|
is_null($quality)
|
||||||
or ($quality > 0 and $quality <= 100)
|
or ($quality > 0 and $quality <= 100)
|
||||||
or errorPage('Quality out of range', 400);
|
or errorPage('Quality out of range', 404);
|
||||||
|
|
||||||
if (is_null($quality) && !is_null($qualityDefault)) {
|
if (is_null($quality) && !is_null($qualityDefault)) {
|
||||||
$quality = $qualityDefault;
|
$quality = $qualityDefault;
|
||||||
@@ -689,7 +683,7 @@ $compressDefault = getConfig('png_compression', null);
|
|||||||
|
|
||||||
is_null($compress)
|
is_null($compress)
|
||||||
or ($compress > 0 and $compress <= 9)
|
or ($compress > 0 and $compress <= 9)
|
||||||
or errorPage('Compress out of range', 400);
|
or errorPage('Compress out of range', 404);
|
||||||
|
|
||||||
if (is_null($compress) && !is_null($compressDefault)) {
|
if (is_null($compress) && !is_null($compressDefault)) {
|
||||||
$compress = $compressDefault;
|
$compress = $compressDefault;
|
||||||
@@ -715,7 +709,7 @@ $scale = get(array('scale', 's'));
|
|||||||
|
|
||||||
is_null($scale)
|
is_null($scale)
|
||||||
or ($scale >= 0 and $scale <= 400)
|
or ($scale >= 0 and $scale <= 400)
|
||||||
or errorPage('Scale out of range', 400);
|
or errorPage('Scale out of range', 404);
|
||||||
|
|
||||||
verbose("scale = $scale");
|
verbose("scale = $scale");
|
||||||
|
|
||||||
@@ -764,7 +758,7 @@ $rotateBefore = get(array('rotateBefore', 'rotate-before', 'rb'));
|
|||||||
|
|
||||||
is_null($rotateBefore)
|
is_null($rotateBefore)
|
||||||
or ($rotateBefore >= -360 and $rotateBefore <= 360)
|
or ($rotateBefore >= -360 and $rotateBefore <= 360)
|
||||||
or errorPage('RotateBefore out of range', 400);
|
or errorPage('RotateBefore out of range', 404);
|
||||||
|
|
||||||
verbose("rotateBefore = $rotateBefore");
|
verbose("rotateBefore = $rotateBefore");
|
||||||
|
|
||||||
@@ -777,7 +771,7 @@ $rotateAfter = get(array('rotateAfter', 'rotate-after', 'ra', 'rotate', 'r'));
|
|||||||
|
|
||||||
is_null($rotateAfter)
|
is_null($rotateAfter)
|
||||||
or ($rotateAfter >= -360 and $rotateAfter <= 360)
|
or ($rotateAfter >= -360 and $rotateAfter <= 360)
|
||||||
or errorPage('RotateBefore out of range', 400);
|
or errorPage('RotateBefore out of range', 404);
|
||||||
|
|
||||||
verbose("rotateAfter = $rotateAfter");
|
verbose("rotateAfter = $rotateAfter");
|
||||||
|
|
||||||
@@ -926,13 +920,13 @@ if ($alias && $aliasPath && $passwordMatch) {
|
|||||||
$useCache = false;
|
$useCache = false;
|
||||||
|
|
||||||
is_writable($aliasPath)
|
is_writable($aliasPath)
|
||||||
or errorPage("Directory for alias is not writable.", 500);
|
or errorPage("Directory for alias is not writable.", 403);
|
||||||
|
|
||||||
preg_match($validAliasname, $alias)
|
preg_match($validAliasname, $alias)
|
||||||
or errorPage('Filename for alias contains invalid characters. Do not add extension.', 500);
|
or errorPage('Filename for alias contains invalid characters. Do not add extension.', 404);
|
||||||
|
|
||||||
} elseif ($alias) {
|
} elseif ($alias) {
|
||||||
errorPage('Alias is not enabled in the config file or password not matching.', 500);
|
errorPage('Alias is not enabled in the config file or password not matching.', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("alias = $alias");
|
verbose("alias = $alias");
|
||||||
|
|||||||
74
webroot/imgd.php
Normal file → Executable file
74
webroot/imgd.php
Normal file → Executable file
@@ -3642,39 +3642,21 @@ $version = "v0.7.7 (2015-10-21)";
|
|||||||
* Display error message.
|
* Display error message.
|
||||||
*
|
*
|
||||||
* @param string $msg to display.
|
* @param string $msg to display.
|
||||||
* @param int $type of HTTP error to display.
|
|
||||||
*
|
*
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
function errorPage($msg, $type = 500)
|
function errorPage($msg)
|
||||||
{
|
{
|
||||||
global $mode;
|
global $mode;
|
||||||
|
|
||||||
switch ($type) {
|
header("HTTP/1.0 500 Internal Server Error");
|
||||||
case 400:
|
|
||||||
$header = "400 Bad Request";
|
|
||||||
break;
|
|
||||||
case 401:
|
|
||||||
$header = "401 Unauthorized";
|
|
||||||
break;
|
|
||||||
case 403:
|
|
||||||
$header = "403 Forbidden";
|
|
||||||
break;
|
|
||||||
case 404:
|
|
||||||
$header = "404 Not Found";
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
$header = "500 Internal Server Error";
|
|
||||||
}
|
|
||||||
|
|
||||||
header("HTTP/1.0 $header");
|
|
||||||
|
|
||||||
if ($mode == 'development') {
|
if ($mode == 'development') {
|
||||||
die("[img.php] $msg");
|
die("[img.php] $msg");
|
||||||
}
|
}
|
||||||
|
|
||||||
error_log("[img.php] $msg");
|
error_log("[img.php] $msg");
|
||||||
die("HTTP/1.0 $header");
|
die("HTTP/1.0 500 Internal Server Error");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -3689,7 +3671,7 @@ set_exception_handler(function ($exception) {
|
|||||||
. "</p><pre>"
|
. "</p><pre>"
|
||||||
. $exception->getTraceAsString()
|
. $exception->getTraceAsString()
|
||||||
. "</pre>"
|
. "</pre>"
|
||||||
, 500);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
@@ -3819,7 +3801,7 @@ set_time_limit(20);
|
|||||||
ini_set('gd.jpeg_ignore_warning', 1);
|
ini_set('gd.jpeg_ignore_warning', 1);
|
||||||
|
|
||||||
if (!extension_loaded('gd')) {
|
if (!extension_loaded('gd')) {
|
||||||
errorPage("Extension gd is not loaded.", 500);
|
errorPage("Extension gd is nod loaded.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Specific settings for each mode
|
// Specific settings for each mode
|
||||||
@@ -3855,7 +3837,7 @@ if ($mode == 'strict') {
|
|||||||
ini_set('log_errors', 0);
|
ini_set('log_errors', 0);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
errorPage("Unknown mode: $mode", 500);
|
errorPage("Unknown mode: $mode");
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("mode = $mode");
|
verbose("mode = $mode");
|
||||||
@@ -3904,7 +3886,7 @@ if ($pwd) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($pwdAlways && $passwordMatch !== true) {
|
if ($pwdAlways && $passwordMatch !== true) {
|
||||||
errorPage("Password required and does not match or exists.", 401);
|
errorPage("Password required and does not match or exists.");
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("password match = $passwordMatch");
|
verbose("password match = $passwordMatch");
|
||||||
@@ -3928,9 +3910,9 @@ if (!$allowHotlinking) {
|
|||||||
; // Always allow when password match
|
; // Always allow when password match
|
||||||
verbose("Hotlinking since passwordmatch");
|
verbose("Hotlinking since passwordmatch");
|
||||||
} elseif ($passwordMatch === false) {
|
} elseif ($passwordMatch === false) {
|
||||||
errorPage("Hotlinking/leeching not allowed when password missmatch.", 401);
|
errorPage("Hotlinking/leeching not allowed when password missmatch.");
|
||||||
} elseif (!$referer) {
|
} elseif (!$referer) {
|
||||||
errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
|
errorPage("Hotlinking/leeching not allowed and referer is missing.");
|
||||||
} elseif (strcmp($serverName, $refererHost) == 0) {
|
} elseif (strcmp($serverName, $refererHost) == 0) {
|
||||||
; // Allow when serverName matches refererHost
|
; // Allow when serverName matches refererHost
|
||||||
verbose("Hotlinking disallowed but serverName matches refererHost.");
|
verbose("Hotlinking disallowed but serverName matches refererHost.");
|
||||||
@@ -3941,11 +3923,11 @@ if (!$allowHotlinking) {
|
|||||||
if ($allowedByWhitelist) {
|
if ($allowedByWhitelist) {
|
||||||
verbose("Hotlinking/leeching allowed by whitelist.");
|
verbose("Hotlinking/leeching allowed by whitelist.");
|
||||||
} else {
|
} else {
|
||||||
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.", 403);
|
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.");
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
errorPage("Hotlinking/leeching not allowed.", 403);
|
errorPage("Hotlinking/leeching not allowed.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4019,7 +4001,7 @@ if (isset($shortcut)
|
|||||||
* src - the source image file.
|
* src - the source image file.
|
||||||
*/
|
*/
|
||||||
$srcImage = urldecode(get('src'))
|
$srcImage = urldecode(get('src'))
|
||||||
or errorPage('Must set src-attribute.', 400);
|
or errorPage('Must set src-attribute.');
|
||||||
|
|
||||||
// Check for valid/invalid characters
|
// Check for valid/invalid characters
|
||||||
$imagePath = getConfig('image_path', __DIR__ . '/img/');
|
$imagePath = getConfig('image_path', __DIR__ . '/img/');
|
||||||
@@ -4032,7 +4014,7 @@ $dummyFilename = getConfig('dummy_filename', 'dummy');
|
|||||||
$dummyImage = false;
|
$dummyImage = false;
|
||||||
|
|
||||||
preg_match($validFilename, $srcImage)
|
preg_match($validFilename, $srcImage)
|
||||||
or errorPage('Filename contains invalid characters.', 400);
|
or errorPage('Filename contains invalid characters.');
|
||||||
|
|
||||||
if ($dummyEnabled && $srcImage === $dummyFilename) {
|
if ($dummyEnabled && $srcImage === $dummyFilename) {
|
||||||
|
|
||||||
@@ -4053,13 +4035,13 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
|
|||||||
or errorPage(
|
or errorPage(
|
||||||
'Source image is not a valid file, check the filename and that a
|
'Source image is not a valid file, check the filename and that a
|
||||||
matching file exists on the filesystem.'
|
matching file exists on the filesystem.'
|
||||||
, 404);
|
);
|
||||||
|
|
||||||
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
|
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
|
||||||
or errorPage(
|
or errorPage(
|
||||||
'Security constraint: Source image is not below the directory "image_path"
|
'Security constraint: Source image is not below the directory "image_path"
|
||||||
as specified in the config file img_config.php.'
|
as specified in the config file img_config.php.'
|
||||||
, 500);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("src = $srcImage");
|
verbose("src = $srcImage");
|
||||||
@@ -4108,11 +4090,11 @@ if (isset($sizes[$newWidth])) {
|
|||||||
// Support width as % of original width
|
// Support width as % of original width
|
||||||
if ($newWidth[strlen($newWidth)-1] == '%') {
|
if ($newWidth[strlen($newWidth)-1] == '%') {
|
||||||
is_numeric(substr($newWidth, 0, -1))
|
is_numeric(substr($newWidth, 0, -1))
|
||||||
or errorPage('Width % not numeric.', 400);
|
or errorPage('Width % not numeric.');
|
||||||
} else {
|
} else {
|
||||||
is_null($newWidth)
|
is_null($newWidth)
|
||||||
or ($newWidth > 10 && $newWidth <= $maxWidth)
|
or ($newWidth > 10 && $newWidth <= $maxWidth)
|
||||||
or errorPage('Width out of range.', 400);
|
or errorPage('Width out of range.');
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("new width = $newWidth");
|
verbose("new width = $newWidth");
|
||||||
@@ -4133,11 +4115,11 @@ if (isset($sizes[$newHeight])) {
|
|||||||
// height
|
// height
|
||||||
if ($newHeight[strlen($newHeight)-1] == '%') {
|
if ($newHeight[strlen($newHeight)-1] == '%') {
|
||||||
is_numeric(substr($newHeight, 0, -1))
|
is_numeric(substr($newHeight, 0, -1))
|
||||||
or errorPage('Height % out of range.', 400);
|
or errorPage('Height % out of range.');
|
||||||
} else {
|
} else {
|
||||||
is_null($newHeight)
|
is_null($newHeight)
|
||||||
or ($newHeight > 10 && $newHeight <= $maxHeight)
|
or ($newHeight > 10 && $newHeight <= $maxHeight)
|
||||||
or errorPage('Height out of range.', 400);
|
or errorPage('Hight out of range.');
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("new height = $newHeight");
|
verbose("new height = $newHeight");
|
||||||
@@ -4175,7 +4157,7 @@ if ($negateAspectRatio) {
|
|||||||
|
|
||||||
is_null($aspectRatio)
|
is_null($aspectRatio)
|
||||||
or is_numeric($aspectRatio)
|
or is_numeric($aspectRatio)
|
||||||
or errorPage('Aspect ratio out of range', 400);
|
or errorPage('Aspect ratio out of range');
|
||||||
|
|
||||||
verbose("aspect ratio = $aspectRatio");
|
verbose("aspect ratio = $aspectRatio");
|
||||||
|
|
||||||
@@ -4297,7 +4279,7 @@ $qualityDefault = getConfig('jpg_quality', null);
|
|||||||
|
|
||||||
is_null($quality)
|
is_null($quality)
|
||||||
or ($quality > 0 and $quality <= 100)
|
or ($quality > 0 and $quality <= 100)
|
||||||
or errorPage('Quality out of range', 400);
|
or errorPage('Quality out of range');
|
||||||
|
|
||||||
if (is_null($quality) && !is_null($qualityDefault)) {
|
if (is_null($quality) && !is_null($qualityDefault)) {
|
||||||
$quality = $qualityDefault;
|
$quality = $qualityDefault;
|
||||||
@@ -4315,7 +4297,7 @@ $compressDefault = getConfig('png_compression', null);
|
|||||||
|
|
||||||
is_null($compress)
|
is_null($compress)
|
||||||
or ($compress > 0 and $compress <= 9)
|
or ($compress > 0 and $compress <= 9)
|
||||||
or errorPage('Compress out of range', 400);
|
or errorPage('Compress out of range');
|
||||||
|
|
||||||
if (is_null($compress) && !is_null($compressDefault)) {
|
if (is_null($compress) && !is_null($compressDefault)) {
|
||||||
$compress = $compressDefault;
|
$compress = $compressDefault;
|
||||||
@@ -4341,7 +4323,7 @@ $scale = get(array('scale', 's'));
|
|||||||
|
|
||||||
is_null($scale)
|
is_null($scale)
|
||||||
or ($scale >= 0 and $scale <= 400)
|
or ($scale >= 0 and $scale <= 400)
|
||||||
or errorPage('Scale out of range', 400);
|
or errorPage('Scale out of range');
|
||||||
|
|
||||||
verbose("scale = $scale");
|
verbose("scale = $scale");
|
||||||
|
|
||||||
@@ -4390,7 +4372,7 @@ $rotateBefore = get(array('rotateBefore', 'rotate-before', 'rb'));
|
|||||||
|
|
||||||
is_null($rotateBefore)
|
is_null($rotateBefore)
|
||||||
or ($rotateBefore >= -360 and $rotateBefore <= 360)
|
or ($rotateBefore >= -360 and $rotateBefore <= 360)
|
||||||
or errorPage('RotateBefore out of range', 400);
|
or errorPage('RotateBefore out of range');
|
||||||
|
|
||||||
verbose("rotateBefore = $rotateBefore");
|
verbose("rotateBefore = $rotateBefore");
|
||||||
|
|
||||||
@@ -4403,7 +4385,7 @@ $rotateAfter = get(array('rotateAfter', 'rotate-after', 'ra', 'rotate', 'r'));
|
|||||||
|
|
||||||
is_null($rotateAfter)
|
is_null($rotateAfter)
|
||||||
or ($rotateAfter >= -360 and $rotateAfter <= 360)
|
or ($rotateAfter >= -360 and $rotateAfter <= 360)
|
||||||
or errorPage('RotateBefore out of range', 400);
|
or errorPage('RotateBefore out of range');
|
||||||
|
|
||||||
verbose("rotateAfter = $rotateAfter");
|
verbose("rotateAfter = $rotateAfter");
|
||||||
|
|
||||||
@@ -4552,13 +4534,13 @@ if ($alias && $aliasPath && $passwordMatch) {
|
|||||||
$useCache = false;
|
$useCache = false;
|
||||||
|
|
||||||
is_writable($aliasPath)
|
is_writable($aliasPath)
|
||||||
or errorPage("Directory for alias is not writable.", 500);
|
or errorPage("Directory for alias is not writable.");
|
||||||
|
|
||||||
preg_match($validAliasname, $alias)
|
preg_match($validAliasname, $alias)
|
||||||
or errorPage('Filename for alias contains invalid characters. Do not add extension.', 500);
|
or errorPage('Filename for alias contains invalid characters. Do not add extension.');
|
||||||
|
|
||||||
} elseif ($alias) {
|
} elseif ($alias) {
|
||||||
errorPage('Alias is not enabled in the config file or password not matching.', 500);
|
errorPage('Alias is not enabled in the config file or password not matching.');
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("alias = $alias");
|
verbose("alias = $alias");
|
||||||
|
|||||||
74
webroot/imgp.php
Normal file → Executable file
74
webroot/imgp.php
Normal file → Executable file
@@ -3642,39 +3642,21 @@ $version = "v0.7.7 (2015-10-21)";
|
|||||||
* Display error message.
|
* Display error message.
|
||||||
*
|
*
|
||||||
* @param string $msg to display.
|
* @param string $msg to display.
|
||||||
* @param int $type of HTTP error to display.
|
|
||||||
*
|
*
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
function errorPage($msg, $type = 500)
|
function errorPage($msg)
|
||||||
{
|
{
|
||||||
global $mode;
|
global $mode;
|
||||||
|
|
||||||
switch ($type) {
|
header("HTTP/1.0 500 Internal Server Error");
|
||||||
case 400:
|
|
||||||
$header = "400 Bad Request";
|
|
||||||
break;
|
|
||||||
case 401:
|
|
||||||
$header = "401 Unauthorized";
|
|
||||||
break;
|
|
||||||
case 403:
|
|
||||||
$header = "403 Forbidden";
|
|
||||||
break;
|
|
||||||
case 404:
|
|
||||||
$header = "404 Not Found";
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
$header = "500 Internal Server Error";
|
|
||||||
}
|
|
||||||
|
|
||||||
header("HTTP/1.0 $header");
|
|
||||||
|
|
||||||
if ($mode == 'development') {
|
if ($mode == 'development') {
|
||||||
die("[img.php] $msg");
|
die("[img.php] $msg");
|
||||||
}
|
}
|
||||||
|
|
||||||
error_log("[img.php] $msg");
|
error_log("[img.php] $msg");
|
||||||
die("HTTP/1.0 $header");
|
die("HTTP/1.0 500 Internal Server Error");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -3689,7 +3671,7 @@ set_exception_handler(function ($exception) {
|
|||||||
. "</p><pre>"
|
. "</p><pre>"
|
||||||
. $exception->getTraceAsString()
|
. $exception->getTraceAsString()
|
||||||
. "</pre>"
|
. "</pre>"
|
||||||
, 500);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
@@ -3819,7 +3801,7 @@ set_time_limit(20);
|
|||||||
ini_set('gd.jpeg_ignore_warning', 1);
|
ini_set('gd.jpeg_ignore_warning', 1);
|
||||||
|
|
||||||
if (!extension_loaded('gd')) {
|
if (!extension_loaded('gd')) {
|
||||||
errorPage("Extension gd is not loaded.", 500);
|
errorPage("Extension gd is nod loaded.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Specific settings for each mode
|
// Specific settings for each mode
|
||||||
@@ -3855,7 +3837,7 @@ if ($mode == 'strict') {
|
|||||||
ini_set('log_errors', 0);
|
ini_set('log_errors', 0);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
errorPage("Unknown mode: $mode", 500);
|
errorPage("Unknown mode: $mode");
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("mode = $mode");
|
verbose("mode = $mode");
|
||||||
@@ -3904,7 +3886,7 @@ if ($pwd) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($pwdAlways && $passwordMatch !== true) {
|
if ($pwdAlways && $passwordMatch !== true) {
|
||||||
errorPage("Password required and does not match or exists.", 401);
|
errorPage("Password required and does not match or exists.");
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("password match = $passwordMatch");
|
verbose("password match = $passwordMatch");
|
||||||
@@ -3928,9 +3910,9 @@ if (!$allowHotlinking) {
|
|||||||
; // Always allow when password match
|
; // Always allow when password match
|
||||||
verbose("Hotlinking since passwordmatch");
|
verbose("Hotlinking since passwordmatch");
|
||||||
} elseif ($passwordMatch === false) {
|
} elseif ($passwordMatch === false) {
|
||||||
errorPage("Hotlinking/leeching not allowed when password missmatch.", 401);
|
errorPage("Hotlinking/leeching not allowed when password missmatch.");
|
||||||
} elseif (!$referer) {
|
} elseif (!$referer) {
|
||||||
errorPage("Hotlinking/leeching not allowed and referer is missing.", 403);
|
errorPage("Hotlinking/leeching not allowed and referer is missing.");
|
||||||
} elseif (strcmp($serverName, $refererHost) == 0) {
|
} elseif (strcmp($serverName, $refererHost) == 0) {
|
||||||
; // Allow when serverName matches refererHost
|
; // Allow when serverName matches refererHost
|
||||||
verbose("Hotlinking disallowed but serverName matches refererHost.");
|
verbose("Hotlinking disallowed but serverName matches refererHost.");
|
||||||
@@ -3941,11 +3923,11 @@ if (!$allowHotlinking) {
|
|||||||
if ($allowedByWhitelist) {
|
if ($allowedByWhitelist) {
|
||||||
verbose("Hotlinking/leeching allowed by whitelist.");
|
verbose("Hotlinking/leeching allowed by whitelist.");
|
||||||
} else {
|
} else {
|
||||||
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.", 403);
|
errorPage("Hotlinking/leeching not allowed by whitelist. Referer: $referer.");
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
errorPage("Hotlinking/leeching not allowed.", 403);
|
errorPage("Hotlinking/leeching not allowed.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4019,7 +4001,7 @@ if (isset($shortcut)
|
|||||||
* src - the source image file.
|
* src - the source image file.
|
||||||
*/
|
*/
|
||||||
$srcImage = urldecode(get('src'))
|
$srcImage = urldecode(get('src'))
|
||||||
or errorPage('Must set src-attribute.', 400);
|
or errorPage('Must set src-attribute.');
|
||||||
|
|
||||||
// Check for valid/invalid characters
|
// Check for valid/invalid characters
|
||||||
$imagePath = getConfig('image_path', __DIR__ . '/img/');
|
$imagePath = getConfig('image_path', __DIR__ . '/img/');
|
||||||
@@ -4032,7 +4014,7 @@ $dummyFilename = getConfig('dummy_filename', 'dummy');
|
|||||||
$dummyImage = false;
|
$dummyImage = false;
|
||||||
|
|
||||||
preg_match($validFilename, $srcImage)
|
preg_match($validFilename, $srcImage)
|
||||||
or errorPage('Filename contains invalid characters.', 400);
|
or errorPage('Filename contains invalid characters.');
|
||||||
|
|
||||||
if ($dummyEnabled && $srcImage === $dummyFilename) {
|
if ($dummyEnabled && $srcImage === $dummyFilename) {
|
||||||
|
|
||||||
@@ -4053,13 +4035,13 @@ if ($dummyEnabled && $srcImage === $dummyFilename) {
|
|||||||
or errorPage(
|
or errorPage(
|
||||||
'Source image is not a valid file, check the filename and that a
|
'Source image is not a valid file, check the filename and that a
|
||||||
matching file exists on the filesystem.'
|
matching file exists on the filesystem.'
|
||||||
, 404);
|
);
|
||||||
|
|
||||||
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
|
substr_compare($imageDir, $pathToImage, 0, strlen($imageDir)) == 0
|
||||||
or errorPage(
|
or errorPage(
|
||||||
'Security constraint: Source image is not below the directory "image_path"
|
'Security constraint: Source image is not below the directory "image_path"
|
||||||
as specified in the config file img_config.php.'
|
as specified in the config file img_config.php.'
|
||||||
, 500);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("src = $srcImage");
|
verbose("src = $srcImage");
|
||||||
@@ -4108,11 +4090,11 @@ if (isset($sizes[$newWidth])) {
|
|||||||
// Support width as % of original width
|
// Support width as % of original width
|
||||||
if ($newWidth[strlen($newWidth)-1] == '%') {
|
if ($newWidth[strlen($newWidth)-1] == '%') {
|
||||||
is_numeric(substr($newWidth, 0, -1))
|
is_numeric(substr($newWidth, 0, -1))
|
||||||
or errorPage('Width % not numeric.', 400);
|
or errorPage('Width % not numeric.');
|
||||||
} else {
|
} else {
|
||||||
is_null($newWidth)
|
is_null($newWidth)
|
||||||
or ($newWidth > 10 && $newWidth <= $maxWidth)
|
or ($newWidth > 10 && $newWidth <= $maxWidth)
|
||||||
or errorPage('Width out of range.', 400);
|
or errorPage('Width out of range.');
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("new width = $newWidth");
|
verbose("new width = $newWidth");
|
||||||
@@ -4133,11 +4115,11 @@ if (isset($sizes[$newHeight])) {
|
|||||||
// height
|
// height
|
||||||
if ($newHeight[strlen($newHeight)-1] == '%') {
|
if ($newHeight[strlen($newHeight)-1] == '%') {
|
||||||
is_numeric(substr($newHeight, 0, -1))
|
is_numeric(substr($newHeight, 0, -1))
|
||||||
or errorPage('Height % out of range.', 400);
|
or errorPage('Height % out of range.');
|
||||||
} else {
|
} else {
|
||||||
is_null($newHeight)
|
is_null($newHeight)
|
||||||
or ($newHeight > 10 && $newHeight <= $maxHeight)
|
or ($newHeight > 10 && $newHeight <= $maxHeight)
|
||||||
or errorPage('Height out of range.', 400);
|
or errorPage('Hight out of range.');
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("new height = $newHeight");
|
verbose("new height = $newHeight");
|
||||||
@@ -4175,7 +4157,7 @@ if ($negateAspectRatio) {
|
|||||||
|
|
||||||
is_null($aspectRatio)
|
is_null($aspectRatio)
|
||||||
or is_numeric($aspectRatio)
|
or is_numeric($aspectRatio)
|
||||||
or errorPage('Aspect ratio out of range', 400);
|
or errorPage('Aspect ratio out of range');
|
||||||
|
|
||||||
verbose("aspect ratio = $aspectRatio");
|
verbose("aspect ratio = $aspectRatio");
|
||||||
|
|
||||||
@@ -4297,7 +4279,7 @@ $qualityDefault = getConfig('jpg_quality', null);
|
|||||||
|
|
||||||
is_null($quality)
|
is_null($quality)
|
||||||
or ($quality > 0 and $quality <= 100)
|
or ($quality > 0 and $quality <= 100)
|
||||||
or errorPage('Quality out of range', 400);
|
or errorPage('Quality out of range');
|
||||||
|
|
||||||
if (is_null($quality) && !is_null($qualityDefault)) {
|
if (is_null($quality) && !is_null($qualityDefault)) {
|
||||||
$quality = $qualityDefault;
|
$quality = $qualityDefault;
|
||||||
@@ -4315,7 +4297,7 @@ $compressDefault = getConfig('png_compression', null);
|
|||||||
|
|
||||||
is_null($compress)
|
is_null($compress)
|
||||||
or ($compress > 0 and $compress <= 9)
|
or ($compress > 0 and $compress <= 9)
|
||||||
or errorPage('Compress out of range', 400);
|
or errorPage('Compress out of range');
|
||||||
|
|
||||||
if (is_null($compress) && !is_null($compressDefault)) {
|
if (is_null($compress) && !is_null($compressDefault)) {
|
||||||
$compress = $compressDefault;
|
$compress = $compressDefault;
|
||||||
@@ -4341,7 +4323,7 @@ $scale = get(array('scale', 's'));
|
|||||||
|
|
||||||
is_null($scale)
|
is_null($scale)
|
||||||
or ($scale >= 0 and $scale <= 400)
|
or ($scale >= 0 and $scale <= 400)
|
||||||
or errorPage('Scale out of range', 400);
|
or errorPage('Scale out of range');
|
||||||
|
|
||||||
verbose("scale = $scale");
|
verbose("scale = $scale");
|
||||||
|
|
||||||
@@ -4390,7 +4372,7 @@ $rotateBefore = get(array('rotateBefore', 'rotate-before', 'rb'));
|
|||||||
|
|
||||||
is_null($rotateBefore)
|
is_null($rotateBefore)
|
||||||
or ($rotateBefore >= -360 and $rotateBefore <= 360)
|
or ($rotateBefore >= -360 and $rotateBefore <= 360)
|
||||||
or errorPage('RotateBefore out of range', 400);
|
or errorPage('RotateBefore out of range');
|
||||||
|
|
||||||
verbose("rotateBefore = $rotateBefore");
|
verbose("rotateBefore = $rotateBefore");
|
||||||
|
|
||||||
@@ -4403,7 +4385,7 @@ $rotateAfter = get(array('rotateAfter', 'rotate-after', 'ra', 'rotate', 'r'));
|
|||||||
|
|
||||||
is_null($rotateAfter)
|
is_null($rotateAfter)
|
||||||
or ($rotateAfter >= -360 and $rotateAfter <= 360)
|
or ($rotateAfter >= -360 and $rotateAfter <= 360)
|
||||||
or errorPage('RotateBefore out of range', 400);
|
or errorPage('RotateBefore out of range');
|
||||||
|
|
||||||
verbose("rotateAfter = $rotateAfter");
|
verbose("rotateAfter = $rotateAfter");
|
||||||
|
|
||||||
@@ -4552,13 +4534,13 @@ if ($alias && $aliasPath && $passwordMatch) {
|
|||||||
$useCache = false;
|
$useCache = false;
|
||||||
|
|
||||||
is_writable($aliasPath)
|
is_writable($aliasPath)
|
||||||
or errorPage("Directory for alias is not writable.", 500);
|
or errorPage("Directory for alias is not writable.");
|
||||||
|
|
||||||
preg_match($validAliasname, $alias)
|
preg_match($validAliasname, $alias)
|
||||||
or errorPage('Filename for alias contains invalid characters. Do not add extension.', 500);
|
or errorPage('Filename for alias contains invalid characters. Do not add extension.');
|
||||||
|
|
||||||
} elseif ($alias) {
|
} elseif ($alias) {
|
||||||
errorPage('Alias is not enabled in the config file or password not matching.', 500);
|
errorPage('Alias is not enabled in the config file or password not matching.');
|
||||||
}
|
}
|
||||||
|
|
||||||
verbose("alias = $alias");
|
verbose("alias = $alias");
|
||||||
|
|||||||
0
webroot/imgs.php
Normal file → Executable file
0
webroot/imgs.php
Normal file → Executable file
Reference in New Issue
Block a user