X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=thumb.php;h=30b61592b4062afcefc0f19c7909cf840c312b53;hb=7131283a7bcf26786ffe05fb4fbc1d3c3dd3ea11;hp=ff7f9153e94d61d7d9d52f1282fd3ba1b899b78e;hpb=f90c740f915a825acbecf64017b226a3761720d9;p=lhc%2Fweb%2Fwiklou.git

diff --git a/thumb.php b/thumb.php
index ff7f9153e9..30b61592b4 100644
--- a/thumb.php
+++ b/thumb.php
@@ -1,72 +1,195 @@
 <?php
 
-/** 
- * PHP script to stream out an image thumbnail. 
- * If the file exists, we make do with abridged MediaWiki initialisation. 
+/**
+ * PHP script to stream out an image thumbnail.
+ *
+ * @file
+ * @ingroup Media
  */
+define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
+require_once( './includes/WebStart.php' );
 
-unset( $IP );
-define( 'MEDIAWIKI', true );
-require_once( './includes/Defines.php' );
-require_once( './LocalSettings.php' );
-require_once( 'Image.php' );
-require_once( 'StreamFile.php' );
-
-// Get input parameters
-
-if ( get_magic_quotes_gpc() ) {
-	$fileName = stripslashes( $_REQUEST['f'] );
-	$width = stripslashes( $_REQUEST['w'] );
-} else {
-	$fileName = $_REQUEST['f'];
-	$width = $_REQUEST['w'];
-}
+$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
 
-// Some basic input validation
+require_once( "$IP/includes/StreamFile.php" );
 
-$width = intval( $width );
-$fileName = strtr( $fileName, '\\/', '__' );
+wfThumbMain();
+wfLogProfilingData();
 
-// Work out paths, carefully avoiding constructing an Image object because that won't work yet
+//--------------------------------------------------------------------------
 
-$imagePath = wfImageDir( $fileName ) . '/' . $fileName;
-$thumbName = "{$width}px-$fileName";
-if ( preg_match( '/\.svg$/', $fileName ) ) {
-	$thumbName .= '.png';
-}
-$thumbPath = wfImageThumbDir( $thumbName ) . '/' . $thumbName;
+function wfThumbMain() {
+	wfProfileIn( __METHOD__ );
 
-if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
-	wfStreamFile( $thumbPath );
-	exit;
-}
+	$headers = array();
 
-// OK, no valid thumbnail, time to get out the heavy machinery
-require_once( 'Setup.php' );
+	// Get input parameters
+	if ( get_magic_quotes_gpc() ) {
+		$params = array_map( 'stripslashes', $_REQUEST );
+	} else {
+		$params = $_REQUEST;
+	}
 
-// Force renderThumb() to actually do something
-$wgThumbnailScriptPath = false;
-$wgSharedThumbnailScriptPath = false;
+	$fileName = isset( $params['f'] ) ? $params['f'] : '';
+	unset( $params['f'] );
 
-$img = Image::newFromName( $fileName );
-if ( $img ) {
-	$thumb = $img->renderThumb( $width );
-} else {
-	$thumb = false;
-}
+	// Backwards compatibility parameters
+	if ( isset( $params['w'] ) ) {
+		$params['width'] = $params['w'];
+		unset( $params['w'] );
+	}
+	if ( isset( $params['p'] ) ) {
+		$params['page'] = $params['p'];
+	}
+	unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER
+
+	// Is this a thumb of an archived file?
+	$isOld = (isset( $params['archived'] ) && $params['archived']);
+	unset( $params['archived'] );
+
+	// Some basic input validation
+	$fileName = strtr( $fileName, '\\/', '__' );
+
+	// Actually fetch the image. Method depends on whether it is archived or not.
+	if( $isOld ) {
+		// Format is <timestamp>!<name>
+		$bits = explode( '!', $fileName, 2 );
+		if( !isset($bits[1]) ) {
+			wfThumbError( 404, wfMsg( 'badtitletext' ) );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+		$title = Title::makeTitleSafe( NS_FILE, $bits[1] );
+		if( is_null($title) ) {
+			wfThumbError( 404, wfMsg( 'badtitletext' ) );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+		$img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName );
+	} else {
+		$img = wfLocalFile( $fileName );
+	}
+
+	// Check permissions if there are read restrictions
+	if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
+		if ( !$img->getTitle()->userCanRead() ) {
+			wfThumbError( 403, 'Access denied. You do not have permission to access ' . 
+				'the source file.' );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+		$headers[] = 'Cache-Control: private';
+		$headers[] = 'Vary: Cookie';
+	}
 
-if ( $thumb ) {
-	wfStreamFile( $thumb->path );
-} else {
-	$badtitle = wfMsg( 'badtitle' );
-	$badtitletext = wfMsg( 'badtitletext' );
-	echo "<html><head>
-	<title>$badtitle</title>
-	<body>
-<h1>$badtitle</h1>
-<p>$badtitletext</p>
-</body></html>";
+	if ( !$img ) {
+		wfThumbError( 404, wfMsg( 'badtitletext' ) );
+		wfProfileOut( __METHOD__ );
+		return;
+	}
+	if ( !$img->exists() ) {
+		wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
+		wfProfileOut( __METHOD__ );
+		return;
+	}
+	$sourcePath = $img->getPath();
+	if ( $sourcePath === false ) {
+		wfThumbError( 500, 'The source file is not locally accessible.' );
+		wfProfileOut( __METHOD__ );
+		return;
+	}
+
+	// Check IMS against the source file
+	// This means that clients can keep a cached copy even after it has been deleted on the server
+	if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
+		// Fix IE brokenness
+		$imsString = preg_replace( '/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"] );
+		// Calculate time
+		wfSuppressWarnings();
+		$imsUnix = strtotime( $imsString );
+		$stat = stat( $sourcePath );
+		wfRestoreWarnings();
+		if ( $stat['mtime'] <= $imsUnix ) {
+			header( 'HTTP/1.1 304 Not Modified' );
+			wfProfileOut( __METHOD__ );
+			return;
+		}
+	}
+
+	// Stream the file if it exists already
+	try {
+		if ( false != ( $thumbName = $img->thumbName( $params ) ) ) {
+			$thumbPath = $img->getThumbPath( $thumbName );
+
+			if ( is_file( $thumbPath ) ) {
+				wfStreamFile( $thumbPath, $headers );
+				wfProfileOut( __METHOD__ );
+				return;
+			}
+		}
+	} catch ( MWException $e ) {
+		wfThumbError( 500, $e->getHTML() );
+		wfProfileOut( __METHOD__ );
+		return;
+	}
+
+	try {
+		$thumb = $img->transform( $params, File::RENDER_NOW );
+	} catch( Exception $ex ) {
+		// Tried to select a page on a non-paged file?
+		$thumb = false;
+	}
+
+	$errorMsg = false;
+	if ( !$thumb ) {
+		$errorMsg = wfMsgHtml( 'thumbnail_error', 'File::transform() returned false' );
+	} elseif ( $thumb->isError() ) {
+		$errorMsg = $thumb->getHtmlMsg();
+	} elseif ( !$thumb->getPath() ) {
+		$errorMsg = wfMsgHtml( 'thumbnail_error', 'No path supplied in thumbnail object' );
+	} elseif ( $thumb->getPath() == $img->getPath() ) {
+		$errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
+			'is the requested width bigger than the source?' );
+	} else {
+		wfStreamFile( $thumb->getPath(), $headers );
+	}
+	if ( $errorMsg !== false ) {
+		wfThumbError( 500, $errorMsg );
+	}
+
+	wfProfileOut( __METHOD__ );
 }
 
+function wfThumbError( $status, $msg ) {
+	global $wgShowHostnames;
+	header( 'Cache-Control: no-cache' );
+	header( 'Content-Type: text/html; charset=utf-8' );
+	if ( $status == 404 ) {
+		header( 'HTTP/1.1 404 Not found' );
+	} elseif ( $status == 403 ) {
+		header( 'HTTP/1.1 403 Forbidden' );
+		header( 'Vary: Cookie' );
+	} else {
+		header( 'HTTP/1.1 500 Internal server error' );
+	}
+	if( $wgShowHostnames ) {
+		$url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
+		$hostname = htmlspecialchars( wfHostname() );
+		$debug = "<!-- $url -->\n<!-- $hostname -->\n";
+	} else {
+		$debug = "";
+	}
+	echo <<<EOT
+<html><head><title>Error generating thumbnail</title></head>
+<body>
+<h1>Error generating thumbnail</h1>
+<p>
+$msg
+</p>
+$debug
+</body>
+</html>
+
+EOT;
+}
 
-?>