X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=thumb.php;h=a056dccdac9a722517402dfaef610a10445d6027;hb=e174a4ddfb96feee0a8305c60aade97c0ee30d3c;hp=9f5eeba583f9af3eff705661b4b6df8c994f6bca;hpb=7ed5ec7893b7a603c17cfdf726794f22be564ce9;p=lhc%2Fweb%2Fwiklou.git diff --git a/thumb.php b/thumb.php index 9f5eeba583..a056dccdac 100644 --- a/thumb.php +++ b/thumb.php @@ -4,19 +4,12 @@ * PHP script to stream out an image thumbnail. * If the file exists, we make do with abridged MediaWiki initialisation. */ - -define( 'MEDIAWIKI', true ); -unset( $IP ); -if ( isset( $_REQUEST['GLOBALS'] ) ) { - echo '$GLOBALS overwrite vulnerability'; - die( -1 ); -} - -define( 'MW_NO_OUTPUT_BUFFER', true ); - -require_once( './includes/Defines.php' ); -require_once( './LocalSettings.php' ); +define( 'MW_NO_SETUP', 1 ); +require_once( './includes/WebStart.php' ); +wfProfileIn( 'thumb.php' ); +wfProfileIn( 'thumb.php-start' ); require_once( 'GlobalFunctions.php' ); +require_once( 'ImageFunctions.php' ); $wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png. @@ -24,26 +17,26 @@ require_once( 'Image.php' ); require_once( 'StreamFile.php' ); // Get input parameters +$fileName = isset( $_REQUEST['f'] ) ? $_REQUEST['f'] : ''; +$width = isset( $_REQUEST['w'] ) ? intval( $_REQUEST['w'] ) : 0; +$page = isset( $_REQUEST['p'] ) ? intval( $_REQUEST['p'] ) : null; if ( get_magic_quotes_gpc() ) { - $fileName = stripslashes( $_REQUEST['f'] ); - $width = stripslashes( $_REQUEST['w'] ); -} else { - $fileName = $_REQUEST['f']; - $width = $_REQUEST['w']; + $fileName = stripslashes( $fileName ); } $pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0"; // Some basic input validation - -$width = intval( $width ); $fileName = strtr( $fileName, '\\/', '__' ); // Work out paths, carefully avoiding constructing an Image object because that won't work yet $imagePath = wfImageDir( $fileName ) . '/' . $fileName; $thumbName = "{$width}px-$fileName"; +if ( ! is_null( $page ) ) { + $thumbName = 'page' . $page . '-' . $thumbName; +} if ( $pre_render ) { $thumbName .= '.png'; } @@ -51,17 +44,27 @@ $thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName; if ( is_file( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) { wfStreamFile( $thumbPath ); + // Can't log profiling data with no Setup.php exit; } // OK, no valid thumbnail, time to get out the heavy machinery +wfProfileOut( 'thumb.php-start' ); require_once( 'Setup.php' ); -wfProfileIn( 'thumb.php' ); +wfProfileIn( 'thumb.php-render' ); $img = Image::newFromName( $fileName ); -if ( $img ) { - $thumb = $img->renderThumb( $width, false ); -} else { +try { + if ( $img ) { + if ( ! is_null( $page ) ) { + $img->selectPage( $page ); + } + $thumb = $img->renderThumb( $width, false ); + } else { + $thumb = false; + } +} catch( Exception $ex ) { + // Tried to select a page on a non-paged file? $thumb = false; } @@ -78,7 +81,8 @@ if ( $thumb && $thumb->path ) { "; } +wfProfileOut( 'thumb.php-render' ); wfProfileOut( 'thumb.php' ); - +wfLogProfilingData(); ?>