Ver Mensaje Individual
  #8 (permalink)  
Antiguo 25/09/2011, 17:17
Avatar de Movingaway
Movingaway
 
Fecha de Ingreso: enero-2010
Mensajes: 149
Antigüedad: 14 años, 9 meses
Puntos: 0
Respuesta: Slide Theme Obscure 2.0

Código:
/**
 * 
 */
function valid_src_mime_type($mime_type) {

    if (preg_match("/jpg|jpeg|gif|png/i", $mime_type)) {
        return true;
    }
    
    return false;

}


/**
 * 
 */
function check_cache ($cache_dir, $mime_type) {

    // make sure cache dir exists
    if (!file_exists($cache_dir)) {
        // give 777 permissions so that developer can overwrite
        // files created by web server user
        mkdir($cache_dir);
        chmod($cache_dir, 0777);
    }

    show_cache_file ($cache_dir, $mime_type);

}


/**
 * 
 */
function show_cache_file ($cache_dir, $mime_type) {

    $cache_file = $cache_dir . '/' . get_cache_file();

    if (file_exists($cache_file)) {
        
        $gmdate_mod = gmdate("D, d M Y H:i:s", filemtime($cache_file));
        
        if(! strstr($gmdate_mod, "GMT")) {
            $gmdate_mod .= " GMT";
        }
        
        if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])) {
        
            // check for updates
            $if_modified_since = preg_replace ("/;.*$/", "", $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
            
            if ($if_modified_since == $gmdate_mod) {
                header("HTTP/1.1 304 Not Modified");
                die();
            }

        }
        
        $fileSize = filesize ($cache_file);
        
        // send headers then display image
        header ('Content-Type: ' . $mime_type);
        header ('Accept-Ranges: bytes');
        header ('Last-Modified: ' . $gmdate_mod);
        header ('Content-Length: ' . $fileSize);
        header ('Cache-Control: max-age=9999, must-revalidate');
        header ('Expires: ' . $gmdate_mod);
        
        readfile ($cache_file);
        
        die();

    }
    
}


/**
 * 
 */
function get_cache_file() {

    global $lastModified;
    static $cache_file;
    
    if (!$cache_file) {
        $cachename = $_SERVER['QUERY_STRING'] . VERSION . $lastModified;
        $cache_file = md5($cachename) . '.png';
    }
    
    return $cache_file;

}


/**
 * check to if the url is valid or not
 */
function valid_extension ($ext) {

    if (preg_match("/jpg|jpeg|png|gif/i", $ext)) {
        return TRUE;
    } else {
        return FALSE;
    }
    
}


/**
 *
 */
function checkExternal ($src) {

    $allowedSites = array(
        'flickr.com',
        'picasa.com',
        'blogger.com',
        'wordpress.com',
    );

    if (ereg('http://', $src) == true) {
    
        $url_info = parse_url ($src);
        
        $isAllowedSite = false;
        foreach ($allowedSites as $site) {
            if (ereg($site, $url_info['host']) == true) {
                $isAllowedSite = true;
            }
        }
        
        if ($isAllowedSite) {
        
            $filename = explode('/', $src);
            $local_filepath = 'temp/' . $filename[count($filename) - 1];
            
            if (!file_exists($local_filepath)) {
                
                if (function_exists('curl_init')) {
                
                    $fh = fopen($local_filepath, 'w');
                    $ch = curl_init($src);
                    
                    curl_setopt($ch, CURLOPT_URL, $src);
                    curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
					curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
					curl_setopt($ch, CURLOPT_HEADER, 0);
                    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0');
                    curl_setopt($ch, CURLOPT_FILE, $fh);
					
					if (curl_exec($ch) === FALSE) {
						if (file_exists($local_filepath)) {
							unlink($local_filepath);
						}
						displayError('error reading file ' . $src . ' from remote host: ' . curl_error($ch));
					}
					
					curl_close($ch);
					fclose($fh);

                } else {
            
                    if (!$img = file_get_contents($src)) {
                        displayError('remote file for ' . $src . ' can not be accessed. It is likely that the file permissions are restricted');
                    }
                    
                    if (file_put_contents($local_filepath, $img) == FALSE) {
                        displayError('error writing temporary file');
                    }
                    
                }
                
                if (!file_exists($local_filepath)) {
                    displayError('local file for ' . $src . ' can not be created');
                }
                
            }
            
            $src = $local_filepath;
            
        } else {
        
            displayError('remote host "' . $url_info['host'] . '" not allowed');
            
        }
        
    }
    
    return $src;
    
}



/**
 * tidy up the image source url
 */
function cleanSource($src) {

    $src = str_replace('http://' . $_SERVER['HTTP_HOST'], '', $src);
    $src = str_replace('https://' . $_SERVER['HTTP_HOST'], '', $src);
    $src = htmlentities($src);

    $src = checkExternal ($src);
    
    // remove slash from start of string
    if(strpos($src, '/') === 0) {
        $src = substr($src, -(strlen($src) - 1));
    }

    // remove http/ https/ ftp
    $src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", '', $src);
    // remove domain name from the source url
    $host = $_SERVER['HTTP_HOST'];
    $src = str_replace($host, '', $src);
    $host = str_replace('www.', '', $host);
    $src = str_replace($host, '', $src);

    // don't allow users the ability to use '../' 
    // in order to gain access to files below document root

    // src should be specified relative to document root like:
    // src=images/img.jpg or src=/images/img.jpg
    // not like:
    // src=../images/img.jpg
    $src = preg_replace("/\.\.+\//", "", $src);
    
    // get path to image on file system
    $src = get_document_root($src) . '/' . $src;

    return $src;

}


/**
 * 
 */
function get_document_root ($src) {

    // check for unix servers
    if(file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) {
        return $_SERVER['DOCUMENT_ROOT'];
    }

    // check from script filename (to get all directories to timthumb location)
    $parts = array_diff(explode('/', $_SERVER['SCRIPT_FILENAME']), explode('/', $_SERVER['DOCUMENT_ROOT']));
    $path = $_SERVER['DOCUMENT_ROOT'];
    foreach ($parts as $part) {
        $path .= '/' . $part;
        if (file_exists($path . '/' . $src)) {
            return $path;
        }
    }    
    
    // the relative paths below are useful if timthumb is moved outside of document root
    // specifically if installed in wordpress themes like mimbo pro:
    // /wp-content/themes/mimbopro/scripts/timthumb.php
    $paths = array(
        ".",
        "..",
        "../..",
        "../../..",
        "../../../..",
        "../../../../.."
    );
    
    foreach ($paths as $path) {
        if(file_exists($path . '/' . $src)) {
            return $path;
        }
    }
    
    // special check for microsoft servers
    if (!isset($_SERVER['DOCUMENT_ROOT'])) {
        $path = str_replace("/", "\\", $_SERVER['ORIG_PATH_INFO']);
        $path = str_replace($path, "", $_SERVER['SCRIPT_FILENAME']);
        
        if (file_exists($path . '/' . $src)) {
            return $path;
        }
    }    
    
    displayError('file not found ' . $src);

}


/**
 * generic error message
 */
function displayError($errorString = '') {

    header('HTTP/1.1 400 Bad Request');
    die($errorString);
    
}
?>