thumb.php

   1 <?php
   2
   3 /**
   4  * PHP script to stream out an image thumbnail.
   5  * If the file exists, we make do with abridged MediaWiki initialisation.
   6  */
   7
   8 define( 'MEDIAWIKI', true );
   9 unset( $IP );
  10 if ( isset( $_REQUEST['GLOBALS'] ) ) {
  11         echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
  12         die( -1 );
  13 }
  14
  15 define( 'MW_NO_OUTPUT_BUFFER', true );
  16
  17 require_once( './includes/Defines.php' );
  18 require_once( './LocalSettings.php' );
  19 require_once( 'GlobalFunctions.php' );
  20 require_once( 'ImageFunctions.php' );
  21
  22 $wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
  23
  24 require_once( 'Image.php' );
  25 require_once( 'StreamFile.php' );
  26
  27 // Get input parameters
  28
  29 if ( get_magic_quotes_gpc() ) {
  30         $fileName = stripslashes( $_REQUEST['f'] );
  31         $width = stripslashes( $_REQUEST['w'] );
  32 } else {
  33         $fileName = $_REQUEST['f'];
  34         $width = $_REQUEST['w'];
  35 }
  36
  37 $pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0";
  38
  39 // Some basic input validation
  40
  41 $width = intval( $width );
  42 $fileName = strtr( $fileName, '\\/', '__' );
  43
  44 // Work out paths, carefully avoiding constructing an Image object because that won't work yet
  45
  46 $imagePath = wfImageDir( $fileName ) . '/' . $fileName;
  47 $thumbName = "{$width}px-$fileName";
  48 if ( $pre_render ) {
  49         $thumbName .= '.png';
  50 }
  51 $thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
  52
  53 if ( is_file( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
  54         wfStreamFile( $thumbPath );
  55         exit;
  56 }
  57
  58 // OK, no valid thumbnail, time to get out the heavy machinery
  59 require_once( 'Setup.php' );
  60 wfProfileIn( 'thumb.php' );
  61
  62 $img = Image::newFromName( $fileName );
  63 if ( $img ) {
  64         $thumb = $img->renderThumb( $width, false );
  65 } else {
  66         $thumb = false;
  67 }
  68
  69 if ( $thumb && $thumb->path ) {
  70         wfStreamFile( $thumb->path );
  71 } else {
  72         $badtitle = wfMsg( 'badtitle' );
  73         $badtitletext = wfMsg( 'badtitletext' );
  74         echo "<html><head>
  75         <title>$badtitle</title>
  76         <body>
  77 <h1>$badtitle</h1>
  78 <p>$badtitletext</p>
  79 </body></html>";
  80 }
  81
  82 wfProfileOut( 'thumb.php' );
  83
  84
  85 ?>