Quote table names in admin_get_XXX() functions of t3lib_db
[Packages/TYPO3.CMS.git] / t3lib / thumbs.php
index 1af37c2..460eab7 100755 (executable)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
+*  (c) 1999-2007 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
  * $Id$
  * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
  *
  * $Id$
  * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
  *
- * @author             Kasper Skaarhoj <kasper@typo3.com>
+ * @author             Kasper Skaarhoj <kasperYYYY@typo3.com>
  */
 /**
  * [CLASS/FUNCTION INDEX of SCRIPT]
  *
  *
  *
  */
 /**
  * [CLASS/FUNCTION INDEX of SCRIPT]
  *
  *
  *
- *  114: class SC_t3lib_thumbs
- *  135:     function init()
- *  165:     function main()
+ *  113: class SC_t3lib_thumbs
+ *  134:     function init()
+ *  164:     function main()
  *
  *              SECTION: OTHER FUNCTIONS:
  *
  *              SECTION: OTHER FUNCTIONS:
- *  268:     function errorGif($l1,$l2,$l3)
- *  320:     function fontGif($font)
- *  367:     function wrapFileName($inputName)
+ *  267:     function errorGif($l1,$l2,$l3)
+ *  319:     function fontGif($font)
+ *  366:     function wrapFileName($inputName)
  *
  * TOTAL FUNCTIONS: 5
  * (This index is automatically created/updated by the extension "extdeveval")
  *
  * TOTAL FUNCTIONS: 5
  * (This index is automatically created/updated by the extension "extdeveval")
@@ -64,25 +64,24 @@ error_reporting (E_ALL ^ E_NOTICE);
 // ******************
 define('TYPO3_OS', stristr(PHP_OS,'win')&&!stristr(PHP_OS,'darwin')?'WIN':'');
 define('TYPO3_MODE','BE');
 // ******************
 define('TYPO3_OS', stristr(PHP_OS,'win')&&!stristr(PHP_OS,'darwin')?'WIN':'');
 define('TYPO3_MODE','BE');
-define('PATH_thisScript',str_replace('//','/', str_replace('\\','/', php_sapi_name()=='cgi'||php_sapi_name()=='isapi'||php_sapi_name()=='cgi-fcgi' ? $HTTP_SERVER_VARS['PATH_TRANSLATED']:$HTTP_SERVER_VARS['SCRIPT_FILENAME'])));
-
-define('PATH_site', ereg_replace('[^/]*.[^/]*$','',PATH_thisScript));          // the path to the website folder (see init.php)
+if(!defined('PATH_thisScript')) define('PATH_thisScript',str_replace('//','/', str_replace('\\','/', (php_sapi_name()=='cgi'||php_sapi_name()=='isapi' ||php_sapi_name()=='cgi-fcgi')&&($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED'])? ($_SERVER['ORIG_PATH_TRANSLATED']?$_SERVER['ORIG_PATH_TRANSLATED']:$_SERVER['PATH_TRANSLATED']):($_SERVER['ORIG_SCRIPT_FILENAME']?$_SERVER['ORIG_SCRIPT_FILENAME']:$_SERVER['SCRIPT_FILENAME']))));
+if(!defined('PATH_site'))              define('PATH_site', ereg_replace('[^/]*.[^/]*$','',PATH_thisScript));           // the path to the website folder (see init.php)
+if(!defined('PATH_t3lib'))             define('PATH_t3lib', PATH_site.'t3lib/');
 define('PATH_typo3conf', PATH_site.'typo3conf/');
 define('PATH_typo3conf', PATH_site.'typo3conf/');
-define('PATH_t3lib', PATH_site.'t3lib/');
 define('TYPO3_mainDir', 'typo3/');             // This is the directory of the backend administration for the sites of this TYPO3 installation.
 define('TYPO3_mainDir', 'typo3/');             // This is the directory of the backend administration for the sites of this TYPO3 installation.
+define('PATH_typo3', PATH_site.TYPO3_mainDir);
+
 
 // ******************
 // Including config
 // ******************
 
 // ******************
 // Including config
 // ******************
-require(PATH_t3lib.'class.t3lib_div.php');
-require(PATH_t3lib.'class.t3lib_extmgm.php');
+require_once(PATH_t3lib.'class.t3lib_div.php');
+require_once(PATH_t3lib.'class.t3lib_extmgm.php');
 
 require(PATH_t3lib.'config_default.php');
 if (!defined ('TYPO3_db'))     die ('The configuration file was not included.');
 if (!$TYPO3_CONF_VARS['GFX']['image_processing'])      die ('ImageProcessing was disabled!');
 
 
 require(PATH_t3lib.'config_default.php');
 if (!defined ('TYPO3_db'))     die ('The configuration file was not included.');
 if (!$TYPO3_CONF_VARS['GFX']['image_processing'])      die ('ImageProcessing was disabled!');
 
-require(PATH_t3lib.'class.t3lib_db.php');              // The database library
-$TYPO3_DB = t3lib_div::makeInstance('t3lib_DB');
 
 
 
 
 
 
@@ -107,23 +106,24 @@ $TYPO3_DB = t3lib_div::makeInstance('t3lib_DB');
  *
  * Relative paths MUST BE the first two characters ONLY: eg: '../dir/file.gif', otherwise it is expect to be absolute
  *
  *
  * Relative paths MUST BE the first two characters ONLY: eg: '../dir/file.gif', otherwise it is expect to be absolute
  *
- * @author             Kasper Skaarhoj <kasper@typo3.com>
+ * @author             Kasper Skaarhoj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage t3lib
  */
 class SC_t3lib_thumbs {
  * @package TYPO3
  * @subpackage t3lib
  */
 class SC_t3lib_thumbs {
-       var $include_once=array();
+       var $include_once = array();
 
        var $outdir = 'typo3temp/';             // The output directory of temporary files in PATH_site
        var $output = '';
        var $sizeDefault='56x56';
 
 
        var $outdir = 'typo3temp/';             // The output directory of temporary files in PATH_site
        var $output = '';
        var $sizeDefault='56x56';
 
-       var $imageList; // Coming from $TYPO3_CONF_VARS['GFX']['imagefile_ext']
+       var $imageList;         // Coming from $TYPO3_CONF_VARS['GFX']['imagefile_ext']
        var $input;             // Contains the absolute path to the file for which to make a thumbnail (after init())
 
                // Internal, static: GPvar:
        var $file;              // Holds the input filename (GET: file)
        var $size;              // Holds the input size (GET: size)
        var $input;             // Contains the absolute path to the file for which to make a thumbnail (after init())
 
                // Internal, static: GPvar:
        var $file;              // Holds the input filename (GET: file)
        var $size;              // Holds the input size (GET: size)
+       var $mtime = 0;         // Last modification time of the supplied file
 
 
        /**
 
 
        /**
@@ -136,23 +136,41 @@ class SC_t3lib_thumbs {
                global $TYPO3_CONF_VARS;
 
                        // Setting GPvars:
                global $TYPO3_CONF_VARS;
 
                        // Setting GPvars:
-               $this->file = t3lib_div::_GP('file');
-               $this->size = t3lib_div::_GP('size');
+               $file = t3lib_div::_GP('file');
+               $size = t3lib_div::_GP('size');
+               $md5sum = t3lib_div::_GP('md5sum');
 
                        // Image extension list is set:
                $this->imageList = $TYPO3_CONF_VARS['GFX']['imagefile_ext'];                    // valid extensions. OBS: No spaces in the list, all lowercase...
 
 
                        // Image extension list is set:
                $this->imageList = $TYPO3_CONF_VARS['GFX']['imagefile_ext'];                    // valid extensions. OBS: No spaces in the list, all lowercase...
 
-                       // if the filereference $this->file is relative, we correct the path
-               if (substr($this->file,0,3)=='../')     {
-                       $this->input = PATH_site.ereg_replace('^\.\./','',$this->file);
-               } else {
-                       $this->input = $this->file;
+                       // If the filereference $this->file is relative, we correct the path
+               if (substr($file,0,3)=='../')   {
+                       $file = PATH_site.substr($file,3);
                }
 
                        // Now the path is absolute.
                        // Checking for backpath and double slashes + the thumbnail can be made from files which are in the PATH_site OR the lockRootPath only!
                }
 
                        // Now the path is absolute.
                        // Checking for backpath and double slashes + the thumbnail can be made from files which are in the PATH_site OR the lockRootPath only!
-               if (!t3lib_div::isAllowedAbsPath($this->input)) {
-                       $this->input='';
+               if (t3lib_div::isAllowedAbsPath($file)) {
+                       $mtime = filemtime($file);
+               }
+
+                       // Do an MD5 check to prevent viewing of images without permission
+               $OK = FALSE;
+               if ($mtime)     {
+                               // Always use the absolute path for this check!
+                       $check = basename($file).':'.$mtime.':'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'];
+                       $md5_real = t3lib_div::shortMD5($check);
+                       if (!strcmp($md5_real,$md5sum)) {
+                               $OK = TRUE;
+                       }
+               }
+
+               if ($OK)        {
+                       $this->input = $file;
+                       $this->size = $size;
+                       $this->mtime = $mtime;
+               } else {
+                       die('Error: Image does not exist and/or MD5 checksum did not match.');
                }
        }
 
                }
        }
 
@@ -169,29 +187,29 @@ class SC_t3lib_thumbs {
                if ($this->input && @file_exists($this->input)) {
 
                                // Check file extension:
                if ($this->input && @file_exists($this->input)) {
 
                                // Check file extension:
+                       $reg = array();
                        if (ereg('(.*)\.([^\.]*$)',$this->input,$reg))  {
                                $ext=strtolower($reg[2]);
                                $ext=($ext=='jpeg')?'jpg':$ext;
                                if ($ext=='ttf')        {
                                        $this->fontGif($this->input);   // Make font preview... (will not return)
                                } elseif (!t3lib_div::inList($this->imageList, $ext))   {
                        if (ereg('(.*)\.([^\.]*$)',$this->input,$reg))  {
                                $ext=strtolower($reg[2]);
                                $ext=($ext=='jpeg')?'jpg':$ext;
                                if ($ext=='ttf')        {
                                        $this->fontGif($this->input);   // Make font preview... (will not return)
                                } elseif (!t3lib_div::inList($this->imageList, $ext))   {
-                                       $this->errorGif('Not imagefile!',$ext,$this->input);
+                                       $this->errorGif('Not imagefile!',$ext,basename($this->input));
                                }
                        } else {
                                }
                        } else {
-                               $this->errorGif('Not imagefile!','No ext!',$this->input);
+                               $this->errorGif('Not imagefile!','No ext!',basename($this->input));
                        }
 
                                // ... so we passed the extension test meaning that we are going to make a thumbnail here:
                        }
 
                                // ... so we passed the extension test meaning that we are going to make a thumbnail here:
-                       $this->size = $this->size ? $this->size : $this->sizeDefault;   // default
+                       if (!$this->size)       $this->size = $this->sizeDefault;       // default
 
 
-                               //I added extra check, so that the size input option could not be fooled to pass other values. That means the value is exploded, evaluated to an integer and the imploded to [value]x[value]. Furthermore you can specify: size=340 and it'll be translated to 340x340.
+                               // I added extra check, so that the size input option could not be fooled to pass other values. That means the value is exploded, evaluated to an integer and the imploded to [value]x[value]. Furthermore you can specify: size=340 and it'll be translated to 340x340.
                        $sizeParts = explode('x', $this->size.'x'.$this->size); // explodes the input size (and if no "x" is found this will add size again so it is the same for both dimensions)
                        $sizeParts = array(t3lib_div::intInRange($sizeParts[0],1,1000),t3lib_div::intInRange($sizeParts[1],1,1000));    // Cleaning it up, only two parameters now.
                        $this->size = implode('x',$sizeParts);          // Imploding the cleaned size-value back to the internal variable
                        $sizeMax = max($sizeParts);     // Getting max value
 
                                // Init
                        $sizeParts = explode('x', $this->size.'x'.$this->size); // explodes the input size (and if no "x" is found this will add size again so it is the same for both dimensions)
                        $sizeParts = array(t3lib_div::intInRange($sizeParts[0],1,1000),t3lib_div::intInRange($sizeParts[1],1,1000));    // Cleaning it up, only two parameters now.
                        $this->size = implode('x',$sizeParts);          // Imploding the cleaned size-value back to the internal variable
                        $sizeMax = max($sizeParts);     // Getting max value
 
                                // Init
-                       $mtime = filemtime($this->input);
                        $outpath = PATH_site.$this->outdir;
 
                                // Should be - ? 'png' : 'gif' - , but doesn't work (ImageMagick prob.?)
                        $outpath = PATH_site.$this->outdir;
 
                                // Should be - ? 'png' : 'gif' - , but doesn't work (ImageMagick prob.?)
@@ -199,14 +217,14 @@ class SC_t3lib_thumbs {
                        $thmMode = t3lib_div::intInRange($TYPO3_CONF_VARS['GFX']['thumbnails_png'],0);
                        $outext = ($ext!='jpg' || ($thmMode & 2)) ? ($thmMode & 1 ? 'png' : 'gif') : 'jpg';
 
                        $thmMode = t3lib_div::intInRange($TYPO3_CONF_VARS['GFX']['thumbnails_png'],0);
                        $outext = ($ext!='jpg' || ($thmMode & 2)) ? ($thmMode & 1 ? 'png' : 'gif') : 'jpg';
 
-                       $outfile = 'tmb_'.substr(md5($this->input.$mtime.$this->size),0,10).'.'.$outext;
+                       $outfile = 'tmb_'.substr(md5($this->input.$this->mtime.$this->size),0,10).'.'.$outext;
                        $this->output = $outpath.$outfile;
 
                        if ($TYPO3_CONF_VARS['GFX']['im'])      {
                                        // If thumbnail does not exist, we generate it
                                if (!@file_exists($this->output))       {
 /*                                     if (strstr($this->input,' ') || strstr($this->output,' '))      {
                        $this->output = $outpath.$outfile;
 
                        if ($TYPO3_CONF_VARS['GFX']['im'])      {
                                        // If thumbnail does not exist, we generate it
                                if (!@file_exists($this->output))       {
 /*                                     if (strstr($this->input,' ') || strstr($this->output,' '))      {
-                                               $this->errorGif('Spaces in','filepath',$this->input);
+                                               $this->errorGif('Spaces in','filepath',basename($this->input));
                                        }
 */                                             // 16 colors for small (56) thumbs, 64 for bigger and all for jpegs
                                        if ($outext=='jpg')     {
                                        }
 */                                             // 16 colors for small (56) thumbs, 64 for bigger and all for jpegs
                                        if ($outext=='jpg')     {
@@ -214,28 +232,24 @@ class SC_t3lib_thumbs {
                                        } else {
                                                $colors = ($sizeMax>56)?'-colors 64':'-colors 16';
                                        }
                                        } else {
                                                $colors = ($sizeMax>56)?'-colors 64':'-colors 16';
                                        }
-                                       $cmd = ($TYPO3_CONF_VARS['GFX']['im_path_lzw'] ? $TYPO3_CONF_VARS['GFX']['im_path_lzw'] : $TYPO3_CONF_VARS['GFX']['im_path']).
-                                                               'convert -sample '.$this->size.' '.$colors.' '.$this->wrapFileName($this->input.'[0]').' '.$this->wrapFileName($this->output);
-
-               //                      echo $cmd;
+                                       $parameters = '-sample '.$this->size.' '.$colors.' '.$this->wrapFileName($this->input.'[0]').' '.$this->wrapFileName($this->output);
+                                       $cmd = t3lib_div::imageMagickCommand('convert', $parameters);
                                        exec($cmd);
                                        if (!@file_exists($this->output))       {
                                        exec($cmd);
                                        if (!@file_exists($this->output))       {
-                                               $this->errorGif('No thumb','generated!',$this->input);
+                                               $this->errorGif('No thumb','generated!',basename($this->input));
                                        }
                                }
                                        // The thumbnail is read and output to the browser
                                if($fd = @fopen($this->output,'rb'))    {
                                        }
                                }
                                        // The thumbnail is read and output to the browser
                                if($fd = @fopen($this->output,'rb'))    {
-                                       Header('Content-type: image/'.$outext);
-                                       while (!feof($fd))      {
-                                               echo fread( $fd, 10000 );
-                                       }
-                                       fclose( $fd );
+                                       header('Content-type: image/'.$outext);
+                                       fpassthru($fd);
+                                       fclose($fd);
                                } else {
                                        $this->errorGif('Read problem!','',$this->output);
                                }
                        } else exit;
                } else {
                                } else {
                                        $this->errorGif('Read problem!','',$this->output);
                                }
                        } else exit;
                } else {
-                       $this->errorGif('No valid','inputfile!',$this->input);
+                       $this->errorGif('No valid','inputfile!',basename($this->input));
                }
        }
 
                }
        }
 
@@ -272,30 +286,30 @@ class SC_t3lib_thumbs {
 
                        // Creates the basis for the error image
                if ($TYPO3_CONF_VARS['GFX']['gdlib_png'])       {
 
                        // Creates the basis for the error image
                if ($TYPO3_CONF_VARS['GFX']['gdlib_png'])       {
-                       Header('Content-type: image/png');
-                       $im = imagecreatefrompng(PATH_t3lib.'gfx/notfound_thumb.png');
+                       header('Content-type: image/png');
+                       $im = imagecreatefrompng(PATH_typo3.'gfx/notfound_thumb.png');
                } else {
                } else {
-                       Header('Content-type: image/gif');
-                       $im = imagecreatefromgif(PATH_t3lib.'gfx/notfound_thumb.gif');
+                       header('Content-type: image/gif');
+                       $im = imagecreatefromgif(PATH_typo3.'gfx/notfound_thumb.gif');
                }
                        // Sets background color and print color.
                }
                        // Sets background color and print color.
-           $white = ImageColorAllocate($im, 0,0,0);
-           $black = ImageColorAllocate($im, 255,255,0);
+               $white = imageColorAllocate($im, 0,0,0);
+               $black = imageColorAllocate($im, 255,255,0);
 
                        // Prints the text strings with the build-in font functions of GD
                $x=0;
                $font=0;
                if ($l1)        {
                        imagefilledrectangle($im, $x, 9, 56, 16, $black);
 
                        // Prints the text strings with the build-in font functions of GD
                $x=0;
                $font=0;
                if ($l1)        {
                        imagefilledrectangle($im, $x, 9, 56, 16, $black);
-               ImageString($im,$font,$x,9,$l1,$white);
+                       imageString($im,$font,$x,9,$l1,$white);
                }
                if ($l2)        {
                        imagefilledrectangle($im, $x, 19, 56, 26, $black);
                }
                if ($l2)        {
                        imagefilledrectangle($im, $x, 19, 56, 26, $black);
-               ImageString($im,$font,$x,19,$l2,$white);
+                       imageString($im,$font,$x,19,$l2,$white);
                }
                if ($l3)        {
                        imagefilledrectangle($im, $x, 29, 56, 36, $black);
                }
                if ($l3)        {
                        imagefilledrectangle($im, $x, 29, 56, 36, $black);
-               ImageString($im,$font,$x,29,substr($l3,-14),$white);
+                       imageString($im,$font,$x,29,substr($l3,-14),$white);
                }
 
                        // Outputting the image stream and exit
                }
 
                        // Outputting the image stream and exit
@@ -323,9 +337,9 @@ class SC_t3lib_thumbs {
                if (!$TYPO3_CONF_VARS['GFX']['gdlib'])  die('');
 
                        // Create image and set background color to white.
                if (!$TYPO3_CONF_VARS['GFX']['gdlib'])  die('');
 
                        // Create image and set background color to white.
-               $im = ImageCreate(250,76);
-           $white = ImageColorAllocate($im, 255,255,255);
-           $col = ImageColorAllocate($im, 0,0,0);
+               $im = imageCreate(250,76);
+               $white = imageColorAllocate($im, 255,255,255);
+               $col = imageColorAllocate($im, 0,0,0);
 
                        // The test string and offset in x-axis.
                $string = 'AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZzÆæØøÅåÄäÖöÜüß';
 
                        // The test string and offset in x-axis.
                $string = 'AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZzÆæØøÅåÄäÖöÜüß';
@@ -347,10 +361,10 @@ class SC_t3lib_thumbs {
 
                        // Output PNG or GIF based on $TYPO3_CONF_VARS['GFX']['gdlib_png']
                if ($TYPO3_CONF_VARS['GFX']['gdlib_png'])       {
 
                        // Output PNG or GIF based on $TYPO3_CONF_VARS['GFX']['gdlib_png']
                if ($TYPO3_CONF_VARS['GFX']['gdlib_png'])       {
-                       Header('Content-type: image/png');
+                       header('Content-type: image/png');
                        imagePng($im);
                } else {
                        imagePng($im);
                } else {
-                       Header('Content-type: image/gif');
+                       header('Content-type: image/gif');
                        imageGif($im);
                }
                imagedestroy($im);
                        imageGif($im);
                }
                imagedestroy($im);
@@ -384,4 +398,4 @@ if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/thumb
 $SOBE = t3lib_div::makeInstance('SC_t3lib_thumbs');
 $SOBE->init();
 $SOBE->main();
 $SOBE = t3lib_div::makeInstance('SC_t3lib_thumbs');
 $SOBE->init();
 $SOBE->main();
-?>
\ No newline at end of file
+?>