From ab6a798209969b91035ffd7c2ec794bc54086901 Mon Sep 17 00:00:00 2001 From: hsur Date: Sat, 7 Oct 2006 04:46:41 +0000 Subject: [PATCH] NP_Paint supported. Security Fix. git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@430 1ca29b6e-896d-4ea0-84a5-967f57386b96 --- trunk/NP_TrimImage/NP_TrimImage.php | 69 ++++++++++++++++++++----------------- 1 file changed, 38 insertions(+), 31 deletions(-) diff --git a/trunk/NP_TrimImage/NP_TrimImage.php b/trunk/NP_TrimImage/NP_TrimImage.php index d850aa7..cdcdef2 100644 --- a/trunk/NP_TrimImage/NP_TrimImage.php +++ b/trunk/NP_TrimImage/NP_TrimImage.php @@ -11,8 +11,10 @@ // 0.7: supports templatevar // supports <%popup()%> // 0.8: supports gif -// 0.9 doTemplateVar calls DB data for other PreItem Plugin +// 0.9: doTemplateVar calls DB data for other PreItem Plugin // 0.9: change '&' to '&' +// 1.1: NP_Paint supported. +// Security Fix. class NP_TrimImage extends NucleusPlugin { @@ -32,7 +34,7 @@ class NP_TrimImage extends NucleusPlugin } function getVersion () { - return '1.0'; + return '1.1'; } function supportsFeature($what) @@ -47,7 +49,7 @@ class NP_TrimImage extends NucleusPlugin function getDescription () { - return 'Extract image in items, and embed these images.'; + return 'Trim image in items, and embed these images.'; } function instaii() @@ -102,7 +104,7 @@ class NP_TrimImage extends NucleusPlugin case 'archive': global $archive; $year = $month = $day = ''; - sscanf($archive, '%4c-%2c-%2c', $year, $month, $day); + sscanf($archive, '%d-%d-%d', $year, $month, $day); if (empty($day)) { $timestamp_start = mktime(0, 0, 0, $month, 1, $year); $timestamp_end = mktime(0, 0, 0, $month + 1, 1, $year); // also works when $month==12 @@ -165,7 +167,7 @@ class NP_TrimImage extends NucleusPlugin $exq = ''; if ($point) $exq = '&pnt=lefttop'; - echo ''; + echo ''; echo "\n"; } echo "\n"; @@ -201,6 +203,8 @@ class NP_TrimImage extends NucleusPlugin @array_walk($imgpnt[1], array(&$this, "exarray"), array($it->itemid, $it->iauthor)); preg_match_all("/\<\%popup\((.*)\)\%\>/Us", $txt, $imgpntp, PREG_PATTERN_ORDER); @array_walk($imgpntp[1], array(&$this, "exarray"), array($it->itemid, $it->iauthor)); + preg_match_all("/\<\%paint\((.*)\)\%\>/Us", $txt, $imgpnta, PREG_PATTERN_ORDER); + @array_walk($imgpnta[1], array(&$this, "exarray"), array($it->itemid, $it->iauthor)); } return $this->imglists; } @@ -231,7 +235,7 @@ class NP_TrimImage extends NucleusPlugin } } - function doTemplateVar(&$item, $wsize=80, $hsize=80, $point=0, $maxAmount=0){ + function doTemplateVar(&$item, $wsize=80, $hsize=80, $point=0, $maxAmount=0) { global $CONF; if ($hsize=='') $hsize = 80; @@ -253,7 +257,9 @@ class NP_TrimImage extends NucleusPlugin @array_walk($imgipnt[1], array(&$this, "exarray"), array($item->itemid, $item->authorid)); preg_match_all("/\<\%popup\((.*)\)\%\>/Us",$txt,$imgipntp, PREG_PATTERN_ORDER); @array_walk($imgipntp[1], array(&$this, "exarray"), array($item->itemid, $item->authorid)); - + preg_match_all("/\<\%paint\((.*)\)\%\>/Us",$txt,$imgipnta, PREG_PATTERN_ORDER); + @array_walk($imgipnta[1], array(&$this, "exarray"), array($item->itemid, $item->authorid)); + $filelist = $this->imglists; // print_r($filelist); if(!$maxAmount) @@ -293,33 +299,34 @@ class NP_TrimImage extends NucleusPlugin function doAction($type) { - global $CONF; global $DIR_MEDIA; - $return = serverVar('HTTP_REFERER'); - switch ($type) { - case draw: - if (!requestVar('p')) return; - $p = $DIR_MEDIA . requestVar('p'); //path - - if (requestVar('p') == 'non') { - $im = ImageCreate(requestVar('wsize'), requestVar('hsize')) or die ("Cannnot Initialize new GD image stream"); - $bgcolor = ImageColorAllocate($im, 0, 255, 255); //color index:0 -// $strcolor = ImageColorAllocate($im,153,153,153); //color index:1 - imagecolortransparent($im, $bgcolor); -// imageString($im, 1, 4, 0,'No images',$strcolor); - header ("Content-type: image/png"); - ImagePng($im); - imagedestroy($im); - berak; - } - - list($imgwidth, $imgheight, $imgtype) = GetImageSize($p); + $tsize['w'] = intRequestVar('wsize') ? intRequestVar('wsize') : 80; + $tsize['h'] = intRequestVar('hsize') ? intRequestVar('hsize') : 80; + $point = requestVar('pnt'); + + if (!requestVar('p')) 'No such file'; + if (requestVar('p') == 'non') { + $im = @ImageCreate($tsize['w'], $tsize['h']) or die ("Cannnot Initialize new GD image stream"); + $bgcolor = ImageColorAllocate($im, 0, 255, 255); //color index:0 + // $strcolor = ImageColorAllocate($im,153,153,153); //color index:1 + imagecolortransparent($im, $bgcolor); + // imageString($im, 1, 4, 0,'No images',$strcolor); + header ("Content-type: image/png"); + ImagePng($im); + imagedestroy($im); + berak; + } - $tsize['w'] = requestVar('wsize'); - $tsize['h'] = requestVar('hsize'); - $point = requestVar('pnt'); + $p = $DIR_MEDIA . requestVar('p'); //path + $p = realpath($p); + if( !$p ) return 'No such file'; + if( strpos($p, $DIR_MEDIA) !== 0 ) return 'No such file'; + switch ($type) { + case 'draw': + list($imgwidth, $imgheight, $imgtype) = GetImageSize($p); + if ($imgwidth / $imgheight < $tsize['w'] / $tsize['h']) { // height longer $trimX = 0; $trimW = $imgwidth; @@ -361,7 +368,7 @@ class NP_TrimImage extends NucleusPlugin break; default: - Header('Location: ' . $return); + return 'No such action'; break; //_======= } -- 2.11.0