OSDN > Find Software > Communications > Nucleus日本語版 > SCM > git > nucleus-plugins > Commit

Nucleus日本語版
Fork
nucleus-next
nucleus-jp-ancient
nucleus-plugins

nucleus-plugins: Commit

Nucleus CMS日本語版用プラグインのうち、日本語版開発者がサポートしているもの

GIF supported
Security Fix

--- a/trunk/NP_ExtractImage/NP_ExtractImage.php

+++ b/trunk/NP_ExtractImage/NP_ExtractImage.php

		@@ -7,6 +7,8 @@
7	7	// Initialize $this->exquery
8	8	// 0.5: use createGlobalItemLink
9	9	// sql_table support :-P
	10	+// 0.6: GIF supported
	11	+// Security Fix
10	12
11	13	class NP_ExtractImage extends NucleusPlugin
12	14	{

		@@ -27,7 +29,7 @@ class NP_ExtractImage extends NucleusPlugin
27	29
28	30	function getVersion ()
29	31	{
30		- return '0.5';
	32	+ return '0.6';
31	33	}
32	34
33	35	function supportsFeature($what)

		@@ -51,7 +53,7 @@ class NP_ExtractImage extends NucleusPlugin
51	53	*/
52	54	}
53	55	function init() {
54		- $this->fileex = array('.jpg', '.png');
	56	+ $this->fileex = array('.jpg', '.png', '.gif');
55	57	$this->random = 1;
56	58	}
57	59

		@@ -87,7 +89,7 @@ class NP_ExtractImage extends NucleusPlugin
87	89	case 'archive':
88	90	global $archive;
89	91	$y = $m = $d = '';
90		- sscanf($archive, '%4d-%2d-%2d', $y,$m,$d);
	92	+ sscanf($archive, '%d-%d-%d', $y,$m,$d);
91	93	if (empty($d)) {
92	94	$timestamp_start = mktime(0, 0, 0, $m, 1, $y);
93	95	$timestamp_end = mktime(0, 0, 0, $m + 1, 1, $y); // also works when $month==12

		@@ -101,7 +103,7 @@ class NP_ExtractImage extends NucleusPlugin
101	103	// break;
102	104	default:
103	105	if (empty($exmode)) {
104		- $this->exquery .= ' and iblog = ' . $b->getID();
	106	+ $this->exquery .= ' and iblog = ' . intval($b->getID());
105	107	global $catid;
106	108	if ($catid) {
107	109	$this->exquery .= ' and icat = ' . intval($catid);

		@@ -109,9 +111,6 @@ class NP_ExtractImage extends NucleusPlugin
109	111	}
110	112	}
111	113
112		-
113		-
114		-
115	114	$filelist = array();
116	115	$this->imglists = array();
117	116	$this->imgfilename = array();

		@@ -131,8 +130,8 @@ class NP_ExtractImage extends NucleusPlugin
131	130	break;
132	131	case 'tate':
133	132	for ($i=0;$i<$amount;$i++) {
134		-// $itemlink = $this->createGlobalItemLink($filelist[$i][1], '');
135		- $itemlink = createItemLink($filelist[$i][1]);
	133	+ $itemlink = $this->createGlobalItemLink($filelist[$i][1], '');
	134	+// $itemlink = createItemLink($filelist[$i][1]);
136	135	echo '<div>';
137	136	echo '<a href="' . $itemlink . '">';
138	137	echo '<img src="' . $CONF['ActionURL'] . '?action=plugin&name=ExtractImage&type=draw&p=' . $filelist[$i][0][0] . '&wsize=' . $wsize . '" vspace="1" />';

		@@ -143,10 +142,10 @@ class NP_ExtractImage extends NucleusPlugin
143	142	default:
144	143	echo '<div>';
145	144	for ($i=0;$i<$amount;$i++) {
146		-// $itemlink =$this->createGlobalItemLink($filelist[$i][1], '');
147		- $itemlink =$this->createItemLink($filelist[$i][1]);
	145	+ $itemlink =$this->createGlobalItemLink($filelist[$i][1], '');
	146	+// $itemlink = createItemLink($filelist[$i][1]);
148	147	echo '<a href="'.$itemlink.'">';
149		- echo '<img src="' . $CONF['ActionURL'] . '?action=plugin&name=ExtractImage&type=draw&p=' . $filelist[$i][0][0] . '&hsize=' . $hsize . '" />';
	148	+ echo '<img src="' . $CONF['ActionURL'] . '?action=plugin&name=ExtractImage&type=draw&p=' . htmlspecialchars($filelist[$i][0][0], ENT_QUOTES) . '&hsize=' . $hsize . '" />';
150	149	echo "</a>\n";
151	150	}
152	151	echo "</div>\n";

		@@ -209,33 +208,34 @@ class NP_ExtractImage extends NucleusPlugin
209	208	function baseimageCreate($p, $im_info)
210	209	{
211	210	switch($im_info[2]){
	211	+ case 1:
	212	+ return ImageCreateFromGif($p);
212	213	case 2:
213		- return ImageCreateFromJpeg($p);
	214	+ return ImageCreateFromJpeg($p);
214	215	case 3:
215		- return ImageCreateFromPng($p);
	216	+ return ImageCreateFromPng($p);
216	217	default:
217		- return;
	218	+ return;
218	219	}
219	220	}
220	221
221	222	function doAction($type)
222	223	{
223		- global $CONF;
224	224	global $DIR_MEDIA;
225		- $return = serverVar('HTTP_REFERER');
226		- $return = preg_replace('\|[^a-z0-9-~+_.?#=&;,/:@%]\|i', '', $return);
227		- switch ($type) {
228		- case draw:
229		- if(!requestVar('p')) return;
230		- $p = $DIR_MEDIA.requestVar('p'); //元画像へのパス
231		-// $id = requestVar('id');
232	225
233		- //元画像の情報を得る
	226	+ if(!requestVar('p')) return 'No such file';
	227	+ $p = $DIR_MEDIA.requestVar('p'); //path
	228	+ $p = realpath($p);
	229	+ if( !$p ) return 'No such file';
	230	+ if( strpos($p, $DIR_MEDIA) !== 0 ) return 'No such file';
	231	+
	232	+ switch ($type) {
	233	+ case 'draw':
234	234	$this->im_info = GetImageSize($p);
235	235
236		- $tsize['h'] = requestVar('hsize');
237		- if (!$tsize['h'] && requestVar('wsize')){
238		- $tsize['w'] = requestVar('wsize');
	236	+ $tsize['h'] = intRequestVar('hsize');
	237	+ if (!$tsize['h'] && intRequestVar('wsize')){
	238	+ $tsize['w'] = intRequestVar('wsize');
239	239	$tsize['h'] = intval($this->im_info[1] * $tsize['w'] / $this->im_info[0]);
240	240	}
241	241	if (!$tsize['h']) {

		@@ -251,6 +251,11 @@ class NP_ExtractImage extends NucleusPlugin
251	251	ImageCopyResampled( $im, $im_r, 0, 0, 0, 0, $tsize['w'], $tsize['h'], $this->im_info[0], $this->im_info[1] );
252	252
253	253	switch ($this->im_info[2]) {
	254	+ case 1:
	255	+ header ("Content-type: image/gif");
	256	+ ImageGif($im);
	257	+ imagedestroy($im);
	258	+ break;
254	259	case 2:
255	260	header ("Content-type: image/jpeg");
256	261	ImageJpeg($im);

		@@ -267,7 +272,7 @@ class NP_ExtractImage extends NucleusPlugin
267	272	break;
268	273
269	274	default:
270		- Header('Location: ' . $return);
	275	+ return 'No such action';
271	276	break;
272	277	//_=======
273	278	}