thumb.php

   1 <?php
   2 /**
   3  * PHP script to stream out an image thumbnail.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 2 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * This program is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13  * GNU General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; if not, write to the Free Software Foundation, Inc.,
  17  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  18  * http://www.gnu.org/copyleft/gpl.html
  19  *
  20  * @file
  21  * @ingroup Media
  22  */
  23
  24 define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
  25 if ( isset( $_SERVER['MW_COMPILED'] ) ) {
  26         require( 'core/includes/WebStart.php' );
  27 } else {
  28         require( dirname( __FILE__ ) . '/includes/WebStart.php' );
  29 }
  30
  31 // Don't use fancy mime detection, just check the file extension for jpg/gif/png
  32 $wgTrivialMimeDetection = true;
  33
  34 if ( defined( 'THUMB_HANDLER' ) ) {
  35         // Called from thumb_handler.php via 404; extract params from the URI...
  36         wfThumbHandle404();
  37 } else {
  38         // Called directly, use $_REQUEST params
  39         wfThumbHandleRequest();
  40 }
  41 wfLogProfilingData();
  42
  43 //--------------------------------------------------------------------------
  44
  45 /**
  46  * Handle a thumbnail request via query parameters
  47  *
  48  * @return void
  49  */
  50 function wfThumbHandleRequest() {
  51         $params = get_magic_quotes_gpc()
  52                 ? array_map( 'stripslashes', $_REQUEST )
  53                 : $_REQUEST;
  54
  55         wfStreamThumb( $params ); // stream the thumbnail
  56 }
  57
  58 /**
  59  * Handle a thumbnail request via thumbnail file URL
  60  *
  61  * @return void
  62  */
  63 function wfThumbHandle404() {
  64         # lighttpd puts the original request in REQUEST_URI, while sjs sets
  65         # that to the 404 handler, and puts the original request in REDIRECT_URL.
  66         if ( isset( $_SERVER['REDIRECT_URL'] ) ) {
  67                 # The URL is un-encoded, so put it back how it was
  68                 $uriPath = str_replace( "%2F", "/", urlencode( $_SERVER['REDIRECT_URL'] ) );
  69         } else {
  70                 $uriPath = $_SERVER['REQUEST_URI'];
  71         }
  72         # Just get the URI path (REDIRECT_URL/REQUEST_URI is either a full URL or a path)
  73         if ( substr( $uriPath, 0, 1 ) !== '/' ) {
  74                 $bits = wfParseUrl( $uriPath );
  75                 if ( $bits && isset( $bits['path'] ) ) {
  76                         $uriPath = $bits['path'];
  77                 } else {
  78                         wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
  79                         return;
  80                 }
  81         }
  82
  83         $params = wfExtractThumbParams( $uriPath ); // basic wiki URL param extracting
  84         if ( $params == null ) {
  85                 wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
  86                 return;
  87         }
  88
  89         wfStreamThumb( $params ); // stream the thumbnail
  90 }
  91
  92 /**
  93  * Stream a thumbnail specified by parameters
  94  *
  95  * @param $params Array
  96  * @return void
  97  */
  98 function wfStreamThumb( array $params ) {
  99         wfProfileIn( __METHOD__ );
 100
 101         $headers = array(); // HTTP headers to send
 102
 103         $fileName = isset( $params['f'] ) ? $params['f'] : '';
 104         unset( $params['f'] );
 105
 106         // Backwards compatibility parameters
 107         if ( isset( $params['w'] ) ) {
 108                 $params['width'] = $params['w'];
 109                 unset( $params['w'] );
 110         }
 111         if ( isset( $params['p'] ) ) {
 112                 $params['page'] = $params['p'];
 113         }
 114         unset( $params['r'] ); // ignore 'r' because we unconditionally pass File::RENDER
 115
 116         // Is this a thumb of an archived file?
 117         $isOld = ( isset( $params['archived'] ) && $params['archived'] );
 118         unset( $params['archived'] ); // handlers don't care
 119
 120         // Is this a thumb of a temp file?
 121         $isTemp = ( isset( $params['temp'] ) && $params['temp'] );
 122         unset( $params['temp'] ); // handlers don't care
 123
 124         // Some basic input validation
 125         $fileName = strtr( $fileName, '\\/', '__' );
 126
 127         // Actually fetch the image. Method depends on whether it is archived or not.
 128         if ( $isOld ) {
 129                 // Format is <timestamp>!<name>
 130                 $bits = explode( '!', $fileName, 2 );
 131                 if ( count( $bits ) != 2 ) {
 132                         wfThumbError( 404, wfMsg( 'badtitletext' ) );
 133                         wfProfileOut( __METHOD__ );
 134                         return;
 135                 }
 136                 $title = Title::makeTitleSafe( NS_FILE, $bits[1] );
 137                 if ( !$title ) {
 138                         wfThumbError( 404, wfMsg( 'badtitletext' ) );
 139                         wfProfileOut( __METHOD__ );
 140                         return;
 141                 }
 142                 $img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName );
 143         } elseif ( $isTemp ) {
 144                 $repo = RepoGroup::singleton()->getLocalRepo()->getTempRepo();
 145                 // Format is <timestamp>!<name> or just <name>
 146                 $bits = explode( '!', $fileName, 2 );
 147                 // Get the name without the timestamp so hash paths are correctly computed
 148                 $title = Title::makeTitleSafe( NS_FILE, isset( $bits[1] ) ? $bits[1] : $fileName );
 149                 if ( !$title ) {
 150                         wfThumbError( 404, wfMsg( 'badtitletext' ) );
 151                         wfProfileOut( __METHOD__ );
 152                         return;
 153                 }
 154                 $img = new UnregisteredLocalFile( $title, $repo,
 155                         $repo->getZonePath( 'public' ) . '/' . $repo->getTempHashPath( $fileName ) . $fileName
 156                 );
 157         } else {
 158                 $img = wfLocalFile( $fileName );
 159         }
 160
 161         // Check permissions if there are read restrictions
 162         if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
 163                 if ( !$img->getTitle() || !$img->getTitle()->userCan( 'read' ) ) {
 164                         wfThumbError( 403, 'Access denied. You do not have permission to access ' .
 165                                 'the source file.' );
 166                         wfProfileOut( __METHOD__ );
 167                         return;
 168                 }
 169                 $headers[] = 'Cache-Control: private';
 170                 $headers[] = 'Vary: Cookie';
 171         }
 172
 173         // Check the source file storage path
 174         if ( !$img ) {
 175                 wfThumbError( 404, wfMsg( 'badtitletext' ) );
 176                 wfProfileOut( __METHOD__ );
 177                 return;
 178         }
 179         if ( !$img->exists() ) {
 180                 wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
 181                 wfProfileOut( __METHOD__ );
 182                 return;
 183         }
 184         $sourcePath = $img->getPath();
 185         if ( $sourcePath === false ) {
 186                 wfThumbError( 500, 'The source file is not locally accessible.' );
 187                 wfProfileOut( __METHOD__ );
 188                 return;
 189         }
 190
 191         // Check IMS against the source file
 192         // This means that clients can keep a cached copy even after it has been deleted on the server
 193         if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
 194                 // Fix IE brokenness
 195                 $imsString = preg_replace( '/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"] );
 196                 // Calculate time
 197                 wfSuppressWarnings();
 198                 $imsUnix = strtotime( $imsString );
 199                 wfRestoreWarnings();
 200                 $sourceTsUnix = wfTimestamp( TS_UNIX, $img->getTimestamp() );
 201                 if ( $sourceTsUnix <= $imsUnix ) {
 202                         header( 'HTTP/1.1 304 Not Modified' );
 203                         wfProfileOut( __METHOD__ );
 204                         return;
 205                 }
 206         }
 207
 208         // Stream the file if it exists already...
 209         try {
 210                 $thumbName = $img->thumbName( $params );
 211                 if ( strlen( $thumbName ) ) { // valid params?
 212                         // For 404 handled thumbnails, we only use the the base name of the URI
 213                         // for the thumb params and the parent directory for the source file name.
 214                         // Check that the zone relative path matches up so squid caches won't pick
 215                         // up thumbs that would not be purged on source file deletion (bug 34231).
 216                         if ( isset( $params['rel404'] ) // thumbnail was handled via 404
 217                                 && urldecode( $params['rel404'] ) !== $img->getThumbRel( $thumbName ) )
 218                         {
 219                                 wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
 220                                 wfProfileOut( __METHOD__ );
 221                                 return;
 222                         }
 223                         $thumbPath = $img->getThumbPath( $thumbName );
 224                         if ( $img->getRepo()->fileExists( $thumbPath ) ) {
 225                                 $img->getRepo()->streamFile( $thumbPath, $headers );
 226                                 wfProfileOut( __METHOD__ );
 227                                 return;
 228                         }
 229                 }
 230         } catch ( MWException $e ) {
 231                 wfThumbError( 500, $e->getHTML() );
 232                 wfProfileOut( __METHOD__ );
 233                 return;
 234         }
 235
 236         // Thumbnail isn't already there, so create the new thumbnail...
 237         try {
 238                 $thumb = $img->transform( $params, File::RENDER_NOW );
 239         } catch ( Exception $ex ) {
 240                 // Tried to select a page on a non-paged file?
 241                 $thumb = false;
 242         }
 243
 244         // Check for thumbnail generation errors...
 245         $errorMsg = false;
 246         if ( !$thumb ) {
 247                 $errorMsg = wfMsgHtml( 'thumbnail_error', 'File::transform() returned false' );
 248         } elseif ( $thumb->isError() ) {
 249                 $errorMsg = $thumb->getHtmlMsg();
 250         } elseif ( !$thumb->hasFile() ) {
 251                 $errorMsg = wfMsgHtml( 'thumbnail_error', 'No path supplied in thumbnail object' );
 252         } elseif ( $thumb->fileIsSource() ) {
 253                 $errorMsg = wfMsgHtml( 'thumbnail_error',
 254                         'Image was not scaled, is the requested width bigger than the source?' );
 255         }
 256
 257         if ( $errorMsg !== false ) {
 258                 wfThumbError( 500, $errorMsg );
 259         } else {
 260                 // Stream the file if there were no errors
 261                 $thumb->streamFile( $headers );
 262         }
 263
 264         wfProfileOut( __METHOD__ );
 265 }
 266
 267 /**
 268  * Extract the required params for thumb.php from the thumbnail request URI.
 269  * At least 'width' and 'f' should be set if the result is an array.
 270  *
 271  * @param $uriPath String Thumbnail request URI path
 272  * @return Array|null associative params array or null
 273  */
 274 function wfExtractThumbParams( $uriPath ) {
 275         $repo = RepoGroup::singleton()->getLocalRepo();
 276
 277         $zoneUriPath = $repo->getZoneHandlerUrl( 'thumb' )
 278                 ? $repo->getZoneHandlerUrl( 'thumb' ) // custom URL
 279                 : $repo->getZoneUrl( 'thumb' ); // default to main URL
 280         // URL might be relative ("/images") or protocol-relative ("//lang.site/image")
 281         $bits = wfParseUrl( wfExpandUrl( $zoneUriPath, PROTO_INTERNAL ) );
 282         if ( $bits && isset( $bits['path'] ) ) {
 283                 $zoneUriPath = $bits['path'];
 284         } else {
 285                 return null;
 286         }
 287
 288         $hashDirRegex = $subdirRegex = '';
 289         for ( $i = 0; $i < $repo->getHashLevels(); $i++ ) {
 290                 $subdirRegex .= '[0-9a-f]';
 291                 $hashDirRegex .= "$subdirRegex/";
 292         }
 293
 294         $thumbPathRegex = "!^" . preg_quote( $zoneUriPath ) .
 295                 "/((archive/|temp/)?$hashDirRegex([^/]*)/([^/]*))$!";
 296
 297         // Check if this is a valid looking thumbnail request...
 298         if ( preg_match( $thumbPathRegex, $uriPath, $matches ) ) {
 299                 list( /* all */, $rel, $archOrTemp, $filename, $thumbname ) = $matches;
 300                 $filename = urldecode( $filename );
 301                 $thumbname = urldecode( $thumbname );
 302
 303                 $params = array( 'f' => $filename, 'rel404' => $rel );
 304                 if ( $archOrTemp == 'archive/' ) {
 305                         $params['archived'] = 1;
 306                 } elseif ( $archOrTemp == 'temp/' ) {
 307                         $params['temp'] = 1;
 308                 }
 309
 310                 // Check if the parameters can be extracted from the thumbnail name...
 311                 if ( preg_match( '!^(page(\d*)-)*(\d*)px-[^/]*$!', $thumbname, $matches ) ) {
 312                         list( /* all */, $pagefull, $pagenum, $size ) = $matches;
 313                         $params['width'] = $size;
 314                         if ( $pagenum ) {
 315                                 $params['page'] = $pagenum;
 316                         }
 317                         return $params; // valid thumbnail URL
 318                 // Hooks return false if they manage to *resolve* the parameters
 319                 } elseif ( !wfRunHooks( 'ExtractThumbParameters', array( $thumbname, &$params ) ) ) {
 320                         return $params; // valid thumbnail URL (via extension or config)
 321                 }
 322         }
 323
 324         return null; // not a valid thumbnail URL
 325 }
 326
 327 /**
 328  * Output a thumbnail generation error message
 329  *
 330  * @param $status integer
 331  * @param $msg string
 332  * @return void
 333  */
 334 function wfThumbError( $status, $msg ) {
 335         global $wgShowHostnames;
 336
 337         header( 'Cache-Control: no-cache' );
 338         header( 'Content-Type: text/html; charset=utf-8' );
 339         if ( $status == 404 ) {
 340                 header( 'HTTP/1.1 404 Not found' );
 341         } elseif ( $status == 403 ) {
 342                 header( 'HTTP/1.1 403 Forbidden' );
 343                 header( 'Vary: Cookie' );
 344         } else {
 345                 header( 'HTTP/1.1 500 Internal server error' );
 346         }
 347         if ( $wgShowHostnames ) {
 348                 $url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
 349                 $hostname = htmlspecialchars( wfHostname() );
 350                 $debug = "<!-- $url -->\n<!-- $hostname -->\n";
 351         } else {
 352                 $debug = "";
 353         }
 354         echo <<<EOT
 355 <html><head><title>Error generating thumbnail</title></head>
 356 <body>
 357 <h1>Error generating thumbnail</h1>
 358 <p>
 359 $msg
 360 </p>
 361 $debug
 362 </body>
 363 </html>
 364
 365 EOT;
 366 }