array (IMG_FILTER_NEGATE, 0), 2 => array (IMG_FILTER_GRAYSCALE, 0), 3 => array (IMG_FILTER_BRIGHTNESS, 1), 4 => array (IMG_FILTER_CONTRAST, 1), 5 => array (IMG_FILTER_COLORIZE, 4), 6 => array (IMG_FILTER_EDGEDETECT, 0), 7 => array (IMG_FILTER_EMBOSS, 0), 8 => array (IMG_FILTER_GAUSSIAN_BLUR, 0), 9 => array (IMG_FILTER_SELECTIVE_BLUR, 0), 10 => array (IMG_FILTER_MEAN_REMOVAL, 0), 11 => array (IMG_FILTER_SMOOTH, 0), ); } // sort out image source $src = get_request ('src', ''); if ($src == '' || strlen ($src) <= 3) { display_error ('no image specified'); } // clean params before use $src = clean_source ($src); // last modified time (for caching) $lastModified = filemtime ($src); // get standard input properties $new_width = preg_replace ("/[^0-9]+/", '', get_request('w', 0)); $new_height = preg_replace ("/[^0-9]+/", '', get_request('h', 0)); $zoom_crop = preg_replace ("/[^0-9]+/", '', get_request('zc', 1)); $quality = preg_replace ("/[^0-9]+/", '', get_request('q', 90)); $align = get_request ('a', 'c'); $filters = get_request ('f', ''); $sharpen = get_request ('s', 0); // set default width and height if neither are set already if ($new_width == 0 && $new_height == 0) { $new_width = 100; $new_height = 100; } // ensure size limits can not be abused if ($new_width > MAX_WIDTH) { $new_width = MAX_WIDTH; } if ($new_height > MAX_HEIGHT) { $new_height = MAX_HEIGHT; } // get mime type of src $mime_type = mime_type ($src); // check to see if this image is in the cache already check_cache ($mime_type); // if not in cache then clear some space and generate a new file clean_cache(); // set memory limit to be able to have enough space to resize larger images ini_set ('memory_limit', '50M'); if (strlen ($src) && file_exists ($src)) { // open the existing image $image = open_image ($mime_type, $src); if ($image === false) { display_error ('Unable to open image : ' . $src); } // Get original width and height $width = imagesx ($image); $height = imagesy ($image); // generate new w/h if not provided if ($new_width && !$new_height) { $new_height = $height * ($new_width / $width); } elseif ($new_height && !$new_width) { $new_width = $width * ($new_height / $height); } elseif (!$new_width && !$new_height) { $new_width = $width; $new_height = $height; } // create a new true color image $canvas = imagecreatetruecolor ($new_width, $new_height); imagealphablending ($canvas, false); // Create a new transparent color for image $color = imagecolorallocatealpha ($canvas, 0, 0, 0, 127); // Completely fill the background of the new image with allocated color. imagefill ($canvas, 0, 0, $color); // Restore transparency blending imagesavealpha ($canvas, true); if ($zoom_crop) { $src_x = $src_y = 0; $src_w = $width; $src_h = $height; $cmp_x = $width / $new_width; $cmp_y = $height / $new_height; // calculate x or y coordinate and width or height of source if ($cmp_x > $cmp_y) { $src_w = round (($width / $cmp_x * $cmp_y)); $src_x = round (($width - ($width / $cmp_x * $cmp_y)) / 2); } elseif ($cmp_y > $cmp_x) { $src_h = round (($height / $cmp_y * $cmp_x)); $src_y = round (($height - ($height / $cmp_y * $cmp_x)) / 2); } // positional cropping! switch ($align) { case 't': case 'tl': case 'lr': case 'tr': case 'rt': $src_y = 0; break; case 'b': case 'bl': case 'lb': case 'br': case 'rb': $src_y = $height - $src_h; break; case 'l': case 'tl': case 'lt': case 'bl': case 'lb': $src_x = 0; break; case 'r': case 'tr': case 'rt': case 'br': case 'rb': $src_x = $width - $new_width; $src_x = $width - $src_w; break; default: break; } imagecopyresampled ($canvas, $image, 0, 0, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h); } else { // copy and resize part of an image with resampling imagecopyresampled ($canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height); } if ($filters != '' && function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) { // apply filters to image $filterList = explode ('|', $filters); foreach ($filterList as $fl) { $filterSettings = explode (',', $fl); if (isset ($imageFilters[$filterSettings[0]])) { for ($i = 0; $i < 4; $i ++) { if (!isset ($filterSettings[$i])) { $filterSettings[$i] = null; } else { $filterSettings[$i] = (int) $filterSettings[$i]; } } switch ($imageFilters[$filterSettings[0]][1]) { case 1: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]); break; case 2: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]); break; case 3: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]); break; case 4: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3], $filterSettings[4]); break; default: imagefilter ($canvas, $imageFilters[$filterSettings[0]][0]); break; } } } } if ($sharpen > 0 && function_exists ('imageconvolution')) { $sharpenMatrix = array ( array (-1,-1,-1), array (-1,16,-1), array (-1,-1,-1), ); $divisor = 8; $offset = 0; imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset); } // output image to browser based on mime type show_image ($mime_type, $canvas); // remove image from memory imagedestroy ($canvas); } else { if (strlen ($src)) { display_error ('image ' . $src . ' not found'); } else { display_error ('no source specified'); } } /** * * @global $quality * @param $mime_type * @param $image_resized */ function show_image ($mime_type, $image_resized) { global $quality; // check to see if we can write to the cache directory $is_writable = 0; $cache_file = get_cache_file ($mime_type); if (touch ($cache_file)) { // give 666 permissions so that the developer // can overwrite web server user chmod ($cache_file, 0666); $is_writable = 1; } else { $cache_file = NULL; header ('Content-type: ' . $mime_type); } if (stristr ($mime_type, 'jpeg')) { imagejpeg ($image_resized, $cache_file, $quality); } else { imagepng ($image_resized, $cache_file, floor ($quality * 0.09)); } if ($is_writable) { show_cache_file ($mime_type); } } /** * * @param $property * @param $default * @return */ function get_request ($property, $default = 0) { if (isset($_GET[$property])) { return $_GET[$property]; } else { return $default; } } /** * * @param $mime_type * @param $src * @return */ function open_image ($mime_type, $src) { $mime_type = strtolower ($mime_type); if (stristr ($mime_type, 'gif')) { $image = imagecreatefromgif($src); } elseif (stristr ($mime_type, 'jpeg')) { $image = imagecreatefromjpeg($src); } elseif (stristr ($mime_type, 'png')) { $image = imagecreatefrompng($src); } return $image; } /** * clean out old files from the cache * you can change the number of files to store and to delete per loop in the defines at the top of the code * * @return */ function clean_cache() { // add an escape // Reduces the amount of cache clearing to save some processor speed if (rand (1, 100) > 10) { return true; } $files = glob (DIRECTORY_CACHE . '/*', GLOB_BRACE); if (count($files) > CACHE_SIZE) { $yesterday = time () - (24 * 60 * 60); usort ($files, 'filemtime_compare'); $i = 0; foreach ($files as $file) { $i ++; if ($i >= CACHE_CLEAR) { return; } if (@filemtime ($file) > $yesterday) { return; } if (file_exists ($file)) { unlink ($file); } } } } /** * compare the file time of two files * * @param $a * @param $b * @return */ function filemtime_compare($a, $b) { $break = explode ('/', $_SERVER['SCRIPT_FILENAME']); $filename = $break[count($break) - 1]; $filepath = str_replace ($filename, '', $_SERVER['SCRIPT_FILENAME']); $file_a = realpath ($filepath . $a); $file_b = realpath ($filepath . $b); return filemtime ($file_a) - filemtime ($file_b); } /** * determine the file mime type * * @param $file * @return */ function mime_type ($file) { $file_infos = getimagesize ($file); $mime_type = $file_infos['mime']; // use mime_type to determine mime type if (!preg_match ("/jpg|jpeg|gif|png/i", $mime_type)) { display_error ('Invalid src mime type: ' . $mime_type); } return $mime_type; } /** * * @param $mime_type */ function check_cache ($mime_type) { if (CACHE_USE) { // make sure cache dir exists if (!file_exists (DIRECTORY_CACHE)) { // give 777 permissions so that developer can overwrite // files created by web server user mkdir (DIRECTORY_CACHE); chmod (DIRECTORY_CACHE, 0777); } show_cache_file ($mime_type); } } /** * * @param $mime_type */ function show_cache_file ($mime_type) { $cache_file = get_cache_file ($mime_type); if (file_exists ($cache_file)) { // use browser cache if available to speed up page load if (isset ($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { if (strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) < strtotime('now')) { header ('HTTP/1.1 304 Not Modified'); die(); } } clearstatcache (); $fileSize = filesize ($cache_file); // change the modified headers $gmdate_expires = gmdate('D, d M Y H:i:s', strtotime('now +10 days')) . ' GMT'; $gmdate_modified = gmdate('D, d M Y H:i:s') . ' GMT'; // send content headers then display image header ('Content-Type: ' . $mime_type); header ('Accept-Ranges: bytes'); header ('Last-Modified: ' . $gmdate_modified); header ('Content-Length: ' . $fileSize); header ('Cache-Control: max-age=864000, must-revalidate'); header ('Expires: ' . $gmdate_expires); if (!@readfile ($cache_file)) { $content = file_get_contents ($cache_file); if ($content != FALSE) { echo $content; } else { display_error ('cache file could not be loaded'); } } // we've shown the image so stop processing die(); } } /** * * @global $lastModified * @staticvar string $cache_file * @param $mime_type * @return string */ function get_cache_file ($mime_type) { global $lastModified; static $cache_file; $file_type = '.png'; if (stristr ($mime_type, 'jpeg')) { $file_type = '.jpg'; } if (!$cache_file) { $cache_file = DIRECTORY_CACHE . '/' . md5 ($_SERVER ['QUERY_STRING'] . VERSION . $lastModified) . $file_type; } return $cache_file; } /** * * @global array $allowedSites * @param string $src * @return string */ function check_external ($src) { global $allowedSites; if (preg_match ('/http:\/\//', $src) == true) { $url_info = parse_url ($src); $isAllowedSite = false; foreach ($allowedSites as $site) { $site = '/' . addslashes ($site) . '/'; if (preg_match ($site, $url_info['host']) == true) { $isAllowedSite = true; } } if ($isAllowedSite) { $fileDetails = pathinfo ($src); $ext = strtolower ($fileDetails['extension']); $filename = md5 ($src); $local_filepath = DIRECTORY_TEMP . '/' . $filename . '.' . $ext; if (!file_exists ($local_filepath)) { if (function_exists ('curl_init')) { $fh = fopen ($local_filepath, 'w'); $ch = curl_init ($src); curl_setopt ($ch, CURLOPT_URL, $src); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_HEADER, 0); curl_setopt ($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0'); curl_setopt ($ch, CURLOPT_FILE, $fh); if (curl_exec ($ch) === FALSE) { if (file_exists ($local_filepath)) { unlink ($local_filepath); } display_error ('error reading file ' . $src . ' from remote host: ' . curl_error($ch)); } curl_close ($ch); fclose ($fh); } else { if (!$img = file_get_contents($src)) { display_error('remote file for ' . $src . ' can not be accessed. It is likely that the file permissions are restricted'); } if (file_put_contents ($local_filepath, $img) == FALSE) { display_error ('error writing temporary file'); } } if (!file_exists($local_filepath)) { display_error('local file for ' . $src . ' can not be created'); } } $src = $local_filepath; } else { display_error('remote host "' . $url_info['host'] . '" not allowed'); } } return $src; } /** * tidy up the image source url * * @param $src * @return string */ function clean_source ($src) { $host = str_replace ('www.', '', $_SERVER['HTTP_HOST']); $regex = "/^((ht|f)tp(s|):\/\/)(www\.|)" . $host . "/i"; $src = preg_replace ($regex, '', $src); $src = strip_tags ($src); $src = check_external ($src); // remove slash from start of string if (strpos ($src, '/') === 0) { $src = substr ($src, -(strlen ($src) - 1)); } // don't allow users the ability to use '../' // in order to gain access to files below document root $src = preg_replace ("/\.\.+\//", "", $src); // get path to image on file system $src = get_document_root ($src) . '/' . $src; return $src; } /** * * @param $src * @return string */ function get_document_root ($src) { // check for unix servers if (file_exists ($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) { return $_SERVER['DOCUMENT_ROOT']; } // check from script filename (to get all directories to timthumb location) $parts = array_diff (explode ('/', $_SERVER['SCRIPT_FILENAME']), explode('/', $_SERVER['DOCUMENT_ROOT'])); $path = $_SERVER['DOCUMENT_ROOT']; foreach ($parts as $part) { $path .= '/' . $part; if (file_exists($path . '/' . $src)) { return $path; } } // the relative paths below are useful if timthumb is moved outside of document root // specifically if installed in wordpress themes like mimbo pro: // /wp-content/themes/mimbopro/scripts/timthumb.php $paths = array ( ".", "..", "../..", "../../..", "../../../..", "../../../../.." ); foreach ($paths as $path) { if (file_exists($path . '/' . $src)) { return $path; } } // special check for microsoft servers if (!isset ($_SERVER['DOCUMENT_ROOT'])) { $path = str_replace ("/", "\\", $_SERVER['ORIG_PATH_INFO']); $path = str_replace ($path, "", $_SERVER['SCRIPT_FILENAME']); if (file_exists ($path . '/' . $src)) { return $path; } } display_error ('file not found ' . $src, ENT_QUOTES); } /** * generic error message * * @param $errorString */ function display_error ($errorString = '') { header ('HTTP/1.1 400 Bad Request'); echo '
' . specialchars($errorString);
	echo '
Query String : ' . specialchars($_SERVER['QUERY_STRING']);
	echo '
TimThumb version : ' . VERSION . '
'; die(); } ?>