diff options
Diffstat (limited to 'thumb.php')
-rw-r--r-- | thumb.php | 200 |
1 files changed, 165 insertions, 35 deletions
@@ -8,32 +8,80 @@ */ define( 'MW_NO_OUTPUT_COMPRESSION', 1 ); if ( isset( $_SERVER['MW_COMPILED'] ) ) { - require ( 'phase3/includes/WebStart.php' ); + require( 'phase3/includes/WebStart.php' ); } else { - require ( dirname( __FILE__ ) . '/includes/WebStart.php' ); + require( dirname( __FILE__ ) . '/includes/WebStart.php' ); } -$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png. +// Don't use fancy mime detection, just check the file extension for jpg/gif/png +$wgTrivialMimeDetection = true; -require_once( "$IP/includes/StreamFile.php" ); - -wfThumbMain(); +if ( defined( 'THUMB_HANDLER' ) ) { + // Called from thumb_handler.php via 404; extract params from the URI... + wfThumbHandle404(); +} else { + // Called directly, use $_REQUEST params + wfThumbHandleRequest(); +} wfLogProfilingData(); //-------------------------------------------------------------------------- -function wfThumbMain() { - wfProfileIn( __METHOD__ ); +/** + * Handle a thumbnail request via query parameters + * + * @return void + */ +function wfThumbHandleRequest() { + $params = get_magic_quotes_gpc() + ? array_map( 'stripslashes', $_REQUEST ) + : $_REQUEST; - $headers = array(); + wfStreamThumb( $params ); // stream the thumbnail +} - // Get input parameters - if ( get_magic_quotes_gpc() ) { - $params = array_map( 'stripslashes', $_REQUEST ); +/** + * Handle a thumbnail request via thumbnail file URL + * + * @return void + */ +function wfThumbHandle404() { + # lighttpd puts the original request in REQUEST_URI, while sjs sets + # that to the 404 handler, and puts the original request in REDIRECT_URL. + if ( isset( $_SERVER['REDIRECT_URL'] ) ) { + # The URL is un-encoded, so put it back how it was + $uri = str_replace( "%2F", "/", urlencode( $_SERVER['REDIRECT_URL'] ) ); + # Just get the URI path (REDIRECT_URL is either a full URL or a path) + if ( $uri[0] !== '/' ) { + $bits = wfParseUrl( $uri ); + if ( $bits && isset( $bits['path'] ) ) { + $uri = $bits['path']; + } + } } else { - $params = $_REQUEST; + $uri = $_SERVER['REQUEST_URI']; + } + + $params = wfExtractThumbParams( $uri ); // basic wiki URL param extracting + if ( $params == null ) { + wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' ); + return; } + wfStreamThumb( $params ); // stream the thumbnail +} + +/** + * Stream a thumbnail specified by parameters + * + * @param $params Array + * @return void + */ +function wfStreamThumb( array $params ) { + wfProfileIn( __METHOD__ ); + + $headers = array(); // HTTP headers to send + $fileName = isset( $params['f'] ) ? $params['f'] : ''; unset( $params['f'] ); @@ -48,23 +96,23 @@ function wfThumbMain() { unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER // Is this a thumb of an archived file? - $isOld = (isset( $params['archived'] ) && $params['archived']); + $isOld = ( isset( $params['archived'] ) && $params['archived'] ); unset( $params['archived'] ); // Some basic input validation $fileName = strtr( $fileName, '\\/', '__' ); // Actually fetch the image. Method depends on whether it is archived or not. - if( $isOld ) { + if ( $isOld ) { // Format is <timestamp>!<name> $bits = explode( '!', $fileName, 2 ); - if( !isset($bits[1]) ) { + if ( count( $bits ) != 2 ) { wfThumbError( 404, wfMsg( 'badtitletext' ) ); wfProfileOut( __METHOD__ ); return; } $title = Title::makeTitleSafe( NS_FILE, $bits[1] ); - if( is_null($title) ) { + if ( !$title ) { wfThumbError( 404, wfMsg( 'badtitletext' ) ); wfProfileOut( __METHOD__ ); return; @@ -76,8 +124,8 @@ function wfThumbMain() { // Check permissions if there are read restrictions if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) { - if ( !$img->getTitle()->userCanRead() ) { - wfThumbError( 403, 'Access denied. You do not have permission to access ' . + if ( !$img->getTitle()->userCan( 'read' ) ) { + wfThumbError( 403, 'Access denied. You do not have permission to access ' . 'the source file.' ); wfProfileOut( __METHOD__ ); return; @@ -86,6 +134,7 @@ function wfThumbMain() { $headers[] = 'Vary: Cookie'; } + // Check the source file storage path if ( !$img ) { wfThumbError( 404, wfMsg( 'badtitletext' ) ); wfProfileOut( __METHOD__ ); @@ -111,22 +160,33 @@ function wfThumbMain() { // Calculate time wfSuppressWarnings(); $imsUnix = strtotime( $imsString ); - $stat = stat( $sourcePath ); wfRestoreWarnings(); - if ( $stat['mtime'] <= $imsUnix ) { + $sourceTsUnix = wfTimestamp( TS_UNIX, $img->getTimestamp() ); + if ( $sourceTsUnix <= $imsUnix ) { header( 'HTTP/1.1 304 Not Modified' ); wfProfileOut( __METHOD__ ); return; } } - // Stream the file if it exists already + // Stream the file if it exists already... try { - if ( false != ( $thumbName = $img->thumbName( $params ) ) ) { + $thumbName = $img->thumbName( $params ); + if ( strlen( $thumbName ) ) { // valid params? + // For 404 handled thumbnails, we only use the the base name of the URI + // for the thumb params and the parent directory for the source file name. + // Check that the zone relative path matches up so squid caches won't pick + // up thumbs that would not be purged on source file deletion (bug 34231). + if ( isset( $params['rel404'] ) // thumbnail was handled via 404 + && urldecode( $params['rel404'] ) !== $img->getThumbRel( $thumbName ) ) + { + wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' ); + wfProfileOut( __METHOD__ ); + return; + } $thumbPath = $img->getThumbPath( $thumbName ); - - if ( is_file( $thumbPath ) ) { - wfStreamFile( $thumbPath, $headers ); + if ( $img->getRepo()->fileExists( $thumbPath ) ) { + $img->getRepo()->streamFile( $thumbPath, $headers ); wfProfileOut( __METHOD__ ); return; } @@ -137,35 +197,106 @@ function wfThumbMain() { return; } + // Thumbnail isn't already there, so create the new thumbnail... try { $thumb = $img->transform( $params, File::RENDER_NOW ); - } catch( Exception $ex ) { + } catch ( Exception $ex ) { // Tried to select a page on a non-paged file? $thumb = false; } + // Check for thumbnail generation errors... $errorMsg = false; if ( !$thumb ) { $errorMsg = wfMsgHtml( 'thumbnail_error', 'File::transform() returned false' ); } elseif ( $thumb->isError() ) { $errorMsg = $thumb->getHtmlMsg(); - } elseif ( !$thumb->getPath() ) { + } elseif ( !$thumb->hasFile() ) { $errorMsg = wfMsgHtml( 'thumbnail_error', 'No path supplied in thumbnail object' ); - } elseif ( $thumb->getPath() == $img->getPath() ) { - $errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' . - 'is the requested width bigger than the source?' ); - } else { - wfStreamFile( $thumb->getPath(), $headers ); + } elseif ( $thumb->fileIsSource() ) { + $errorMsg = wfMsgHtml( 'thumbnail_error', + 'Image was not scaled, is the requested width bigger than the source?' ); } + if ( $errorMsg !== false ) { wfThumbError( 500, $errorMsg ); + } else { + // Stream the file if there were no errors + $thumb->streamFile( $headers ); } wfProfileOut( __METHOD__ ); } +/** + * Extract the required params for thumb.php from the thumbnail request URI. + * At least 'width' and 'f' should be set if the result is an array. + * + * @param $uri String Thumbnail request URI path + * @return Array|null associative params array or null + */ +function wfExtractThumbParams( $uri ) { + $repo = RepoGroup::singleton()->getLocalRepo(); + + $zoneURI = $repo->getZoneUrl( 'thumb' ); + if ( substr( $zoneURI, 0, 1 ) !== '/' ) { + $bits = wfParseUrl( $zoneURI ); + if ( $bits && isset( $bits['path'] ) ) { + $zoneURI = $bits['path']; + } else { + return null; + } + } + $zoneUrlRegex = preg_quote( $zoneURI ); + + $hashDirRegex = $subdirRegex = ''; + for ( $i = 0; $i < $repo->getHashLevels(); $i++ ) { + $subdirRegex .= '[0-9a-f]'; + $hashDirRegex .= "$subdirRegex/"; + } + + $thumbUrlRegex = "!^$zoneUrlRegex/((archive/|temp/)?$hashDirRegex([^/]*)/([^/]*))$!"; + + // Check if this is a valid looking thumbnail request... + if ( preg_match( $thumbUrlRegex, $uri, $matches ) ) { + list( /* all */, $rel, $archOrTemp, $filename, $thumbname ) = $matches; + $filename = urldecode( $filename ); + $thumbname = urldecode( $thumbname ); + + $params = array( 'f' => $filename, 'rel404' => $rel ); + if ( $archOrTemp == 'archive/' ) { + $params['archived'] = 1; + } elseif ( $archOrTemp == 'temp/' ) { + $params['temp'] = 1; + } + + // Check if the parameters can be extracted from the thumbnail name... + if ( preg_match( '!^(page(\d*)-)*(\d*)px-[^/]*$!', $thumbname, $matches ) ) { + list( /* all */, $pagefull, $pagenum, $size ) = $matches; + $params['width'] = $size; + if ( $pagenum ) { + $params['page'] = $pagenum; + } + return $params; // valid thumbnail URL + // Hooks return false if they manage to *resolve* the parameters + } elseif ( !wfRunHooks( 'ExtractThumbParameters', array( $thumbname, &$params ) ) ) { + return $params; // valid thumbnail URL (via extension or config) + } + } + + return null; // not a valid thumbnail URL +} + +/** + * Output a thumbnail generation error message + * + * @param $status integer + * @param $msg string + * @return void + */ function wfThumbError( $status, $msg ) { global $wgShowHostnames; + header( 'Cache-Control: no-cache' ); header( 'Content-Type: text/html; charset=utf-8' ); if ( $status == 404 ) { @@ -176,7 +307,7 @@ function wfThumbError( $status, $msg ) { } else { header( 'HTTP/1.1 500 Internal server error' ); } - if( $wgShowHostnames ) { + if ( $wgShowHostnames ) { $url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' ); $hostname = htmlspecialchars( wfHostname() ); $debug = "<!-- $url -->\n<!-- $hostname -->\n"; @@ -196,4 +327,3 @@ $debug EOT; } - |