* Big cleanup:

[lhc/web/wiklou.git] / thumb.php

diff --git a/thumb.php b/thumb.php
index 2b40c68..f4765d6 100644 (file)
--- a/thumb.php
+++ b/thumb.php
@@ -1,14 +1,24 @@
 <?php
 
-/** 
- * PHP script to stream out an image thumbnail. 
- * If the file exists, we make do with abridged MediaWiki initialisation. 
+/**
+ * PHP script to stream out an image thumbnail.
+ * If the file exists, we make do with abridged MediaWiki initialisation.
  */
 
-unset( $IP );
 define( 'MEDIAWIKI', true );
+unset( $IP );
+if ( isset( $_REQUEST['GLOBALS'] ) ) {
+       die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
+}
+
+$wgNoOutputBuffer = true;
+
 require_once( './includes/Defines.php' );
 require_once( './LocalSettings.php' );
+require_once( 'GlobalFunctions.php' );
+
+$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
+
 require_once( 'Image.php' );
 require_once( 'StreamFile.php' );
 
@@ -22,19 +32,21 @@ if ( get_magic_quotes_gpc() ) {
        $width = $_REQUEST['w'];
 }
 
+$pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0";
+
 // Some basic input validation
 
 $width = intval( $width );
-$fileName = str_replace( '/', '_', $fileName );
+$fileName = strtr( $fileName, '\\/', '__' );
 
 // Work out paths, carefully avoiding constructing an Image object because that won't work yet
 
 $imagePath = wfImageDir( $fileName ) . '/' . $fileName;
 $thumbName = "{$width}px-$fileName";
-if ( preg_match( '/\.svg$/', $fileName ) ) {
+if ( $pre_render ) {
        $thumbName .= '.png';
 }
-$thumbPath = wfImageThumbDir( $thumbName ) . '/' . $thumbName;
+$thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
 
 if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
        wfStreamFile( $thumbPath );
@@ -43,19 +55,16 @@ if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePa
 
 // OK, no valid thumbnail, time to get out the heavy machinery
 require_once( 'Setup.php' );
-
-// Force renderThumb() to actually do something
-$wgThumbnailScriptPath = false;
-$wgSharedThumbnailScriptPath = false;
+wfProfileIn( 'thumb.php' );
 
 $img = Image::newFromName( $fileName );
 if ( $img ) {
-       $thumb = $img->renderThumb( $width );
+       $thumb = $img->renderThumb( $width, false );
 } else {
        $thumb = false;
 }
 
-if ( $thumb ) {
+if ( $thumb && $thumb->path ) {
        wfStreamFile( $thumb->path );
 } else {
        $badtitle = wfMsg( 'badtitle' );
@@ -68,5 +77,7 @@ if ( $thumb ) {
 </body></html>";
 }
 
+wfProfileOut( 'thumb.php' );
+
 
 ?>