25/09/2011, 17:17
|
 | | | Fecha de Ingreso: enero-2010
Mensajes: 149
Antigüedad: 14 años, 10 meses Puntos: 0 | |
| Respuesta: Slide Theme Obscure 2.0
Código:
/**
*
*/
function valid_src_mime_type($mime_type) {
if (preg_match("/jpg|jpeg|gif|png/i", $mime_type)) {
return true;
}
return false;
}
/**
*
*/
function check_cache ($cache_dir, $mime_type) {
// make sure cache dir exists
if (!file_exists($cache_dir)) {
// give 777 permissions so that developer can overwrite
// files created by web server user
mkdir($cache_dir);
chmod($cache_dir, 0777);
}
show_cache_file ($cache_dir, $mime_type);
}
/**
*
*/
function show_cache_file ($cache_dir, $mime_type) {
$cache_file = $cache_dir . '/' . get_cache_file();
if (file_exists($cache_file)) {
$gmdate_mod = gmdate("D, d M Y H:i:s", filemtime($cache_file));
if(! strstr($gmdate_mod, "GMT")) {
$gmdate_mod .= " GMT";
}
if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])) {
// check for updates
$if_modified_since = preg_replace ("/;.*$/", "", $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
if ($if_modified_since == $gmdate_mod) {
header("HTTP/1.1 304 Not Modified");
die();
}
}
$fileSize = filesize ($cache_file);
// send headers then display image
header ('Content-Type: ' . $mime_type);
header ('Accept-Ranges: bytes');
header ('Last-Modified: ' . $gmdate_mod);
header ('Content-Length: ' . $fileSize);
header ('Cache-Control: max-age=9999, must-revalidate');
header ('Expires: ' . $gmdate_mod);
readfile ($cache_file);
die();
}
}
/**
*
*/
function get_cache_file() {
global $lastModified;
static $cache_file;
if (!$cache_file) {
$cachename = $_SERVER['QUERY_STRING'] . VERSION . $lastModified;
$cache_file = md5($cachename) . '.png';
}
return $cache_file;
}
/**
* check to if the url is valid or not
*/
function valid_extension ($ext) {
if (preg_match("/jpg|jpeg|png|gif/i", $ext)) {
return TRUE;
} else {
return FALSE;
}
}
/**
*
*/
function checkExternal ($src) {
$allowedSites = array(
'flickr.com',
'picasa.com',
'blogger.com',
'wordpress.com',
);
if (ereg('http://', $src) == true) {
$url_info = parse_url ($src);
$isAllowedSite = false;
foreach ($allowedSites as $site) {
if (ereg($site, $url_info['host']) == true) {
$isAllowedSite = true;
}
}
if ($isAllowedSite) {
$filename = explode('/', $src);
$local_filepath = 'temp/' . $filename[count($filename) - 1];
if (!file_exists($local_filepath)) {
if (function_exists('curl_init')) {
$fh = fopen($local_filepath, 'w');
$ch = curl_init($src);
curl_setopt($ch, CURLOPT_URL, $src);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0');
curl_setopt($ch, CURLOPT_FILE, $fh);
if (curl_exec($ch) === FALSE) {
if (file_exists($local_filepath)) {
unlink($local_filepath);
}
displayError('error reading file ' . $src . ' from remote host: ' . curl_error($ch));
}
curl_close($ch);
fclose($fh);
} else {
if (!$img = file_get_contents($src)) {
displayError('remote file for ' . $src . ' can not be accessed. It is likely that the file permissions are restricted');
}
if (file_put_contents($local_filepath, $img) == FALSE) {
displayError('error writing temporary file');
}
}
if (!file_exists($local_filepath)) {
displayError('local file for ' . $src . ' can not be created');
}
}
$src = $local_filepath;
} else {
displayError('remote host "' . $url_info['host'] . '" not allowed');
}
}
return $src;
}
/**
* tidy up the image source url
*/
function cleanSource($src) {
$src = str_replace('http://' . $_SERVER['HTTP_HOST'], '', $src);
$src = str_replace('https://' . $_SERVER['HTTP_HOST'], '', $src);
$src = htmlentities($src);
$src = checkExternal ($src);
// remove slash from start of string
if(strpos($src, '/') === 0) {
$src = substr($src, -(strlen($src) - 1));
}
// remove http/ https/ ftp
$src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", '', $src);
// remove domain name from the source url
$host = $_SERVER['HTTP_HOST'];
$src = str_replace($host, '', $src);
$host = str_replace('www.', '', $host);
$src = str_replace($host, '', $src);
// don't allow users the ability to use '../'
// in order to gain access to files below document root
// src should be specified relative to document root like:
// src=images/img.jpg or src=/images/img.jpg
// not like:
// src=../images/img.jpg
$src = preg_replace("/\.\.+\//", "", $src);
// get path to image on file system
$src = get_document_root($src) . '/' . $src;
return $src;
}
/**
*
*/
function get_document_root ($src) {
// check for unix servers
if(file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) {
return $_SERVER['DOCUMENT_ROOT'];
}
// check from script filename (to get all directories to timthumb location)
$parts = array_diff(explode('/', $_SERVER['SCRIPT_FILENAME']), explode('/', $_SERVER['DOCUMENT_ROOT']));
$path = $_SERVER['DOCUMENT_ROOT'];
foreach ($parts as $part) {
$path .= '/' . $part;
if (file_exists($path . '/' . $src)) {
return $path;
}
}
// the relative paths below are useful if timthumb is moved outside of document root
// specifically if installed in wordpress themes like mimbo pro:
// /wp-content/themes/mimbopro/scripts/timthumb.php
$paths = array(
".",
"..",
"../..",
"../../..",
"../../../..",
"../../../../.."
);
foreach ($paths as $path) {
if(file_exists($path . '/' . $src)) {
return $path;
}
}
// special check for microsoft servers
if (!isset($_SERVER['DOCUMENT_ROOT'])) {
$path = str_replace("/", "\\", $_SERVER['ORIG_PATH_INFO']);
$path = str_replace($path, "", $_SERVER['SCRIPT_FILENAME']);
if (file_exists($path . '/' . $src)) {
return $path;
}
}
displayError('file not found ' . $src);
}
/**
* generic error message
*/
function displayError($errorString = '') {
header('HTTP/1.1 400 Bad Request');
die($errorString);
}
?>
|