diff options
Diffstat (limited to 'thumb.php')
| -rw-r--r-- | thumb.php | 51 |
1 files changed, 27 insertions, 24 deletions
@@ -4,18 +4,10 @@ * PHP script to stream out an image thumbnail. * If the file exists, we make do with abridged MediaWiki initialisation. */ - -define( 'MEDIAWIKI', true ); -unset( $IP ); -if ( isset( $_REQUEST['GLOBALS'] ) ) { - echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>'; - die( -1 ); -} - -define( 'MW_NO_OUTPUT_BUFFER', true ); - -require_once( './includes/Defines.php' ); -require_once( './LocalSettings.php' ); +define( 'MW_NO_SETUP', 1 ); +require_once( './includes/WebStart.php' ); +wfProfileIn( 'thumb.php' ); +wfProfileIn( 'thumb.php-start' ); require_once( 'GlobalFunctions.php' ); require_once( 'ImageFunctions.php' ); @@ -25,26 +17,26 @@ require_once( 'Image.php' ); require_once( 'StreamFile.php' ); // Get input parameters +$fileName = isset( $_REQUEST['f'] ) ? $_REQUEST['f'] : ''; +$width = isset( $_REQUEST['w'] ) ? intval( $_REQUEST['w'] ) : 0; +$page = isset( $_REQUEST['p'] ) ? intval( $_REQUEST['p'] ) : null; if ( get_magic_quotes_gpc() ) { - $fileName = stripslashes( $_REQUEST['f'] ); - $width = stripslashes( $_REQUEST['w'] ); -} else { - $fileName = $_REQUEST['f']; - $width = $_REQUEST['w']; + $fileName = stripslashes( $fileName ); } $pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0"; // Some basic input validation - -$width = intval( $width ); $fileName = strtr( $fileName, '\\/', '__' ); // Work out paths, carefully avoiding constructing an Image object because that won't work yet $imagePath = wfImageDir( $fileName ) . '/' . $fileName; $thumbName = "{$width}px-$fileName"; +if ( ! is_null( $page ) ) { + $thumbName = 'page' . $page . '-' . $thumbName; +} if ( $pre_render ) { $thumbName .= '.png'; } @@ -52,17 +44,27 @@ $thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName; if ( is_file( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) { wfStreamFile( $thumbPath ); + // Can't log profiling data with no Setup.php exit; } // OK, no valid thumbnail, time to get out the heavy machinery +wfProfileOut( 'thumb.php-start' ); require_once( 'Setup.php' ); -wfProfileIn( 'thumb.php' ); +wfProfileIn( 'thumb.php-render' ); $img = Image::newFromName( $fileName ); -if ( $img ) { - $thumb = $img->renderThumb( $width, false ); -} else { +try { + if ( $img ) { + if ( ! is_null( $page ) ) { + $img->selectPage( $page ); + } + $thumb = $img->renderThumb( $width, false ); + } else { + $thumb = false; + } +} catch( Exception $ex ) { + // Tried to select a page on a non-paged file? $thumb = false; } @@ -79,7 +81,8 @@ if ( $thumb && $thumb->path ) { </body></html>"; } +wfProfileOut( 'thumb.php-render' ); wfProfileOut( 'thumb.php' ); - +wfLogProfilingData(); ?> |