-// Stream the file if it exists already
-try {
- $img = wfLocalFile( $fileName );
- if ( $img && false != ( $thumbName = $img->thumbName( $params ) ) ) {
- $thumbPath = $img->getThumbPath( $thumbName );
+ // Get input parameters
+ if ( get_magic_quotes_gpc() ) {
+ $params = array_map( 'stripslashes', $_REQUEST );
+ } else {
+ $params = $_REQUEST;
+ }
+
+ $fileName = isset( $params['f'] ) ? $params['f'] : '';
+ unset( $params['f'] );
+
+ // Backwards compatibility parameters
+ if ( isset( $params['w'] ) ) {
+ $params['width'] = $params['w'];
+ unset( $params['w'] );
+ }
+ if ( isset( $params['p'] ) ) {
+ $params['page'] = $params['p'];
+ }
+ unset( $params['r'] );
+
+ // Is this a thumb of an archived file?
+ $isOld = (isset( $params['archived'] ) && $params['archived']);
+ unset( $params['archived'] );
+
+ // Some basic input validation
+ $fileName = strtr( $fileName, '\\/', '__' );
+
+ // Actually fetch the image. Method depends on whether it is archived or not.
+ if( $isOld ) {
+ // Format is <timestamp>!<name>
+ $bits = explode( '!', $fileName, 2 );
+ if( !isset($bits[1]) ) {
+ wfThumbError( 404, wfMsg( 'badtitletext' ) );
+ return;
+ }
+ $title = Title::makeTitleSafe( NS_FILE, $bits[1] );
+ if( is_null($title) ) {
+ wfThumbError( 404, wfMsg( 'badtitletext' ) );
+ return;
+ }
+ $img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName );
+ } else {
+ $img = wfLocalFile( $fileName );
+ }