<?php
-/**
- * PHP script to stream out an image thumbnail.
- * If the file exists, we make do with abridged MediaWiki initialisation.
+/**
+ * PHP script to stream out an image thumbnail.
+ * If the file exists, we make do with abridged MediaWiki initialisation.
*/
define( 'MEDIAWIKI', true );
unset( $IP );
-$wgNoOutputBuffer = true;
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+ echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
+ die( -1 );
+}
+
+define( 'MW_NO_OUTPUT_BUFFER', true );
require_once( './includes/Defines.php' );
require_once( './LocalSettings.php' );
require_once( 'GlobalFunctions.php' );
+
+$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
+
require_once( 'Image.php' );
require_once( 'StreamFile.php' );
$width = $_REQUEST['w'];
}
+$pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0";
+
// Some basic input validation
$width = intval( $width );
$imagePath = wfImageDir( $fileName ) . '/' . $fileName;
$thumbName = "{$width}px-$fileName";
-if ( preg_match( '/\.svg$/', $fileName ) ) {
+if ( $pre_render ) {
$thumbName .= '.png';
}
$thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
-if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
+if ( is_file( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
wfStreamFile( $thumbPath );
exit;
}
// OK, no valid thumbnail, time to get out the heavy machinery
require_once( 'Setup.php' );
+wfProfileIn( 'thumb.php' );
$img = Image::newFromName( $fileName );
if ( $img ) {
</body></html>";
}
+wfProfileOut( 'thumb.php' );
+
?>
dépôts / lhc / web / wiklou.git / blobdiff