Fixed bug #14858: imageLinkWrap.JSwindow triggers XSS warning or Fails (thanks to...
[Packages/TYPO3.CMS.git] / typo3 / sysext / cms / tslib / showpic.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2010 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Shows a picture from uploads/* in enlarged format in a separate window.
29 * Picture file and settings is supplied by GET-parameters: file, width, height, sample, alternativeTempPath, effects, frame, bodyTag, title, wrap, md5
30 *
31 * $Id$
32 * Revised for TYPO3 3.6 June/2003 by Kasper Skaarhoj
33 *
34 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 112: class SC_tslib_showpic
42 * 133: function init()
43 * 190: function main()
44 * 237: function printContent()
45 *
46 * TOTAL FUNCTIONS: 3
47 * (This index is automatically created/updated by the extension "extdeveval")
48 *
49 */
50
51
52
53
54 // *******************************
55 // Set error reporting
56 // *******************************
57 if (defined('E_DEPRECATED')) {
58 error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
59 } else {
60 error_reporting(E_ALL ^ E_NOTICE);
61 }
62
63
64 // ***********************
65 // Paths are setup
66 // ***********************
67 define('TYPO3_OS', stristr(PHP_OS,'win')&&!stristr(PHP_OS,'darwin')?'WIN':'');
68 define('TYPO3_MODE','FE');
69 if (!defined('PATH_thisScript')) define('PATH_thisScript',str_replace('//','/', str_replace('\\','/', (PHP_SAPI=='cgi'||PHP_SAPI=='isapi' ||PHP_SAPI=='cgi-fcgi')&&($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED'])? ($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED']):($_SERVER['ORIG_SCRIPT_FILENAME']?$_SERVER['ORIG_SCRIPT_FILENAME']:$_SERVER['SCRIPT_FILENAME']))));
70
71 if (!defined('PATH_site')) define('PATH_site', dirname(PATH_thisScript).'/');
72 if (!defined('PATH_t3lib')) define('PATH_t3lib', PATH_site.'t3lib/');
73 define('PATH_tslib', PATH_site.'tslib/');
74 define('PATH_typo3conf', PATH_site.'typo3conf/');
75 define('TYPO3_mainDir', 'typo3/'); // This is the directory of the backend administration for the sites of this TYPO3 installation.
76
77 if (!@is_dir(PATH_typo3conf)) die('Cannot find configuration. This file is probably executed from the wrong location.');
78
79 require_once(PATH_t3lib.'class.t3lib_div.php');
80 require_once(PATH_t3lib.'class.t3lib_extmgm.php');
81
82 // ******************
83 // Including config
84 // ******************
85 require_once(PATH_t3lib.'config_default.php');
86 if (!defined ('TYPO3_db')) die ('The configuration file was not included.');
87
88 require_once(PATH_t3lib.'class.t3lib_db.php');
89 $TYPO3_DB = t3lib_div::makeInstance('t3lib_DB');
90
91
92
93
94
95
96
97
98 # NOTICE: ALL LINES above can be commented out since this script is now used via the ?eID=tx_cms_showpic parameter passed to index.php!
99 # For backwards compatibility in extensions using showpic.php directly this is kept for the version 4.0 until 4.5 where it is planned removed!
100
101 # NOTICE: The script below is still backwards compatible with the situation in 4.4.0 with 4.5 the parts using bodyTag, wrap and title to build
102 # the HTML can be removed!
103
104 if (!defined ('PATH_typo3conf')) die ('The configuration path was not properly defined!');
105 require_once(PATH_t3lib.'class.t3lib_stdgraphic.php');
106
107
108
109
110
111 /**
112 * Script Class, generating the page output.
113 * Instantiated in the bottom of this script.
114 *
115 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
116 * @package TYPO3
117 * @subpackage tslib
118 */
119 class SC_tslib_showpic {
120 var $content; // Page content accumulated here.
121
122 // Parameters loaded into these internal variables:
123 var $file;
124 var $width;
125 var $height;
126 var $sample;
127 var $alternativeTempPath;
128 var $effects;
129 var $frame;
130 var $bodyTag;
131 var $title;
132 var $wrap;
133 var $md5;
134 var $contentHash;
135
136 /**
137 * Init function, setting the input vars in the global space.
138 *
139 * @return void
140 */
141 function init() {
142 // Loading internal vars with the GET/POST parameters from outside:
143 $this->file = t3lib_div::_GP('file');
144 $this->width = t3lib_div::_GP('width');
145 $this->height = t3lib_div::_GP('height');
146 $this->sample = t3lib_div::_GP('sample');
147 $this->alternativeTempPath = t3lib_div::_GP('alternativeTempPath');
148 $this->effects = t3lib_div::_GP('effects');
149 $this->frame = t3lib_div::_GP('frame');
150 $this->bodyTag = t3lib_div::_GP('bodyTag');
151 $this->title = t3lib_div::_GP('title');
152 $this->wrap = t3lib_div::_GP('wrap');
153 $this->md5 = t3lib_div::_GP('md5');
154 $this->contentHash = t3lib_div::_GP('contentHash');
155
156 // ***********************
157 // Check parameters
158 // ***********************
159 // If no file-param is given, we must exit
160 if (!$this->file) {
161 die('Parameter Error: No file given.');
162 }
163
164 // Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters
165 $md5_value = md5(
166 $this->file.'|'.
167 $this->width.'|'.
168 $this->height.'|'.
169 $this->effects.'|'.
170 $this->bodyTag.'|'.
171 $this->title.'|'.
172 $this->wrap.'|'.
173 $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
174
175 if ($md5_value!=$this->md5) {
176 die('Parameter Error: Wrong parameters sent.');
177 }
178
179 // Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
180 $GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
181 $GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db);
182 if (TYPO3_UseCachingFramework) {
183 $GLOBALS['typo3CacheManager'] = t3lib_div::makeInstance('t3lib_cache_Manager');
184 $GLOBALS['typo3CacheFactory'] = t3lib_div::makeInstance('t3lib_cache_Factory');
185 $GLOBALS['typo3CacheFactory']->setCacheManager($GLOBALS['typo3CacheManager']);
186
187 t3lib_cache::initPageCache();
188 t3lib_cache::initPageSectionCache();
189 t3lib_cache::initContentHashCache();
190 }
191
192 // Check for the new content cache hash
193 if (strlen(t3lib_div::_GP('contentHash')) > 0) {
194 $this->content = t3lib_pageSelect::getHash($this->contentHash);
195 if (is_null($this->content)) {
196 die('Parameter Error: Content not available.');
197 }
198 }
199
200 // ***********************
201 // Check the file. If must be in a directory beneath the dir of this script...
202 // $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path
203 // ***********************
204
205 $test_file=PATH_site.$this->file;
206 if (!t3lib_div::validPathStr($test_file)) {
207 die('Parameter Error: No valid filepath');
208 }
209 if (!@is_file($test_file)) {
210 die('The given file was not found');
211 }
212 }
213
214 /**
215 * Main function which creates the image if needed and outputs the HTML code for the page displaying the image.
216 * Accumulates the content in $this->content
217 *
218 * @return void
219 */
220 function main() {
221
222 // Creating stdGraphic object, initialize it and make image:
223 $img = t3lib_div::makeInstance('t3lib_stdGraphic');
224 $img->mayScaleUp = 0;
225 $img->init();
226 if ($this->sample) {$img->scalecmd = '-sample';}
227 if ($this->alternativeTempPath && t3lib_div::inList($GLOBALS['TYPO3_CONF_VARS']['FE']['allowedTempPaths'],$this->alternativeTempPath)) {
228 $img->tempPath = $this->alternativeTempPath;
229 }
230
231 if (strstr($this->width.$this->height, 'm')) {$max='m';} else {$max='';}
232
233 $this->height = t3lib_div::intInRange($this->height,0);
234 $this->width = t3lib_div::intInRange($this->width,0);
235 if ($this->frame) {$this->frame = intval($this->frame);}
236 $imgInfo = $img->imageMagickConvert($this->file,'web',$this->width.$max,$this->height,$img->IMparams($this->effects),$this->frame,'');
237
238 if (strlen($this->content) > 0) {
239 // insert image in cached HTML content
240 if (is_array($imgInfo)) {
241 $this->content = str_replace('###IMAGE###', $img->imgTag($imgInfo), $this->content);
242 }
243 } else {
244 // Create HTML output:
245 $this->content .= '
246 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
247
248 <html>
249 <head>
250 <title>'.htmlspecialchars($this->title ? $this->title : "Image").'</title>
251 ' . ($this->title ? '' : '<meta name="robots" content="noindex,follow" />') . '
252 </head>
253 '.($this->bodyTag ? $this->bodyTag : '<body>');
254
255 if (is_array($imgInfo)) {
256 $wrapParts = explode('|', $this->wrap);
257 $this->content .= trim($wrapParts[0]) . $img->imgTag($imgInfo) . trim($wrapParts[1]);
258 }
259 $this->content .= '
260 </body>
261 </html>';
262 }
263 }
264
265 /**
266 * Outputs the content from $this->content
267 *
268 * @return void
269 */
270 function printContent() {
271 echo $this->content;
272 }
273 }
274
275
276 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['tslib/showpic.php']) {
277 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['tslib/showpic.php']);
278 }
279
280
281
282 // Make instance:
283 $SOBE = t3lib_div::makeInstance('SC_tslib_showpic');
284 $SOBE->init();
285 $SOBE->main();
286 $SOBE->printContent();
287 ?>