$GLOBALS overwrite vulnerability');
}
$wgNoOutputBuffer = true;
require_once( './includes/Defines.php' );
require_once( './LocalSettings.php' );
require_once( 'GlobalFunctions.php' );
$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
require_once( 'Image.php' );
require_once( 'StreamFile.php' );
// Get input parameters
if ( get_magic_quotes_gpc() ) {
$fileName = stripslashes( $_REQUEST['f'] );
$width = stripslashes( $_REQUEST['w'] );
} else {
$fileName = $_REQUEST['f'];
$width = $_REQUEST['w'];
}
$pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0";
// Some basic input validation
$width = intval( $width );
$fileName = strtr( $fileName, '\\/', '__' );
// Work out paths, carefully avoiding constructing an Image object because that won't work yet
$imagePath = wfImageDir( $fileName ) . '/' . $fileName;
$thumbName = "{$width}px-$fileName";
if ( $pre_render ) {
$thumbName .= '.png';
}
$thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
wfStreamFile( $thumbPath );
exit;
}
// OK, no valid thumbnail, time to get out the heavy machinery
require_once( 'Setup.php' );
wfProfileIn( 'thumb.php' );
$img = Image::newFromName( $fileName );
if ( $img ) {
$thumb = $img->renderThumb( $width, false );
} else {
$thumb = false;
}
if ( $thumb && $thumb->path ) {
wfStreamFile( $thumb->path );
} else {
$badtitle = wfMsg( 'badtitle' );
$badtitletext = wfMsg( 'badtitletext' );
echo "
$badtitle
$badtitle
$badtitletext
";
}
wfProfileOut( 'thumb.php' );
?>