• R/O
  • HTTP
  • SSH
  • HTTPS

nucleus-plugins: Commit

Nucleus CMS日本語版用プラグインのうち、日本語版開発者がサポートしているもの


Commit MetaInfo

Revision25fcfba71a9091c7940a596ae03e5c621fa5869e (tree)
Time2006-10-07 13:46:12
Authorhsur <hsur@1ca2...>
Commiterhsur

Log Message

GIF supported
Security Fix

git-svn-id: https://svn.sourceforge.jp/svnroot/nucleus-jp/plugin@429 1ca29b6e-896d-4ea0-84a5-967f57386b96

Change Summary

Incremental Difference

--- a/trunk/NP_ExtractImage/NP_ExtractImage.php
+++ b/trunk/NP_ExtractImage/NP_ExtractImage.php
@@ -7,6 +7,8 @@
77 // Initialize $this->exquery
88 // 0.5: use createGlobalItemLink
99 // sql_table support :-P
10+// 0.6: GIF supported
11+// Security Fix
1012
1113 class NP_ExtractImage extends NucleusPlugin
1214 {
@@ -27,7 +29,7 @@ class NP_ExtractImage extends NucleusPlugin
2729
2830 function getVersion ()
2931 {
30- return '0.5';
32+ return '0.6';
3133 }
3234
3335 function supportsFeature($what)
@@ -51,7 +53,7 @@ class NP_ExtractImage extends NucleusPlugin
5153 */
5254 }
5355 function init() {
54- $this->fileex = array('.jpg', '.png');
56+ $this->fileex = array('.jpg', '.png', '.gif');
5557 $this->random = 1;
5658 }
5759
@@ -87,7 +89,7 @@ class NP_ExtractImage extends NucleusPlugin
8789 case 'archive':
8890 global $archive;
8991 $y = $m = $d = '';
90- sscanf($archive, '%4d-%2d-%2d', $y,$m,$d);
92+ sscanf($archive, '%d-%d-%d', $y,$m,$d);
9193 if (empty($d)) {
9294 $timestamp_start = mktime(0, 0, 0, $m, 1, $y);
9395 $timestamp_end = mktime(0, 0, 0, $m + 1, 1, $y); // also works when $month==12
@@ -101,7 +103,7 @@ class NP_ExtractImage extends NucleusPlugin
101103 // break;
102104 default:
103105 if (empty($exmode)) {
104- $this->exquery .= ' and iblog = ' . $b->getID();
106+ $this->exquery .= ' and iblog = ' . intval($b->getID());
105107 global $catid;
106108 if ($catid) {
107109 $this->exquery .= ' and icat = ' . intval($catid);
@@ -109,9 +111,6 @@ class NP_ExtractImage extends NucleusPlugin
109111 }
110112 }
111113
112-
113-
114-
115114 $filelist = array();
116115 $this->imglists = array();
117116 $this->imgfilename = array();
@@ -131,8 +130,8 @@ class NP_ExtractImage extends NucleusPlugin
131130 break;
132131 case 'tate':
133132 for ($i=0;$i<$amount;$i++) {
134-// $itemlink = $this->createGlobalItemLink($filelist[$i][1], '');
135- $itemlink = createItemLink($filelist[$i][1]);
133+ $itemlink = $this->createGlobalItemLink($filelist[$i][1], '');
134+// $itemlink = createItemLink($filelist[$i][1]);
136135 echo '<div>';
137136 echo '<a href="' . $itemlink . '">';
138137 echo '<img src="' . $CONF['ActionURL'] . '?action=plugin&name=ExtractImage&type=draw&p=' . $filelist[$i][0][0] . '&wsize=' . $wsize . '" vspace="1" />';
@@ -143,10 +142,10 @@ class NP_ExtractImage extends NucleusPlugin
143142 default:
144143 echo '<div>';
145144 for ($i=0;$i<$amount;$i++) {
146-// $itemlink =$this->createGlobalItemLink($filelist[$i][1], '');
147- $itemlink =$this->createItemLink($filelist[$i][1]);
145+ $itemlink =$this->createGlobalItemLink($filelist[$i][1], '');
146+// $itemlink = createItemLink($filelist[$i][1]);
148147 echo '<a href="'.$itemlink.'">';
149- echo '<img src="' . $CONF['ActionURL'] . '?action=plugin&name=ExtractImage&type=draw&p=' . $filelist[$i][0][0] . '&hsize=' . $hsize . '" />';
148+ echo '<img src="' . $CONF['ActionURL'] . '?action=plugin&name=ExtractImage&type=draw&p=' . htmlspecialchars($filelist[$i][0][0], ENT_QUOTES) . '&hsize=' . $hsize . '" />';
150149 echo "</a>\n";
151150 }
152151 echo "</div>\n";
@@ -209,33 +208,34 @@ class NP_ExtractImage extends NucleusPlugin
209208 function baseimageCreate($p, $im_info)
210209 {
211210 switch($im_info[2]){
211+ case 1:
212+ return ImageCreateFromGif($p);
212213 case 2:
213- return ImageCreateFromJpeg($p);
214+ return ImageCreateFromJpeg($p);
214215 case 3:
215- return ImageCreateFromPng($p);
216+ return ImageCreateFromPng($p);
216217 default:
217- return;
218+ return;
218219 }
219220 }
220221
221222 function doAction($type)
222223 {
223- global $CONF;
224224 global $DIR_MEDIA;
225- $return = serverVar('HTTP_REFERER');
226- $return = preg_replace('|[^a-z0-9-~+_.?#=&;,/:@%]|i', '', $return);
227- switch ($type) {
228- case draw:
229- if(!requestVar('p')) return;
230- $p = $DIR_MEDIA.requestVar('p'); //元画像へのパス
231-// $id = requestVar('id');
232225
233- //元画像の情報を得る
226+ if(!requestVar('p')) return 'No such file';
227+ $p = $DIR_MEDIA.requestVar('p'); //path
228+ $p = realpath($p);
229+ if( !$p ) return 'No such file';
230+ if( strpos($p, $DIR_MEDIA) !== 0 ) return 'No such file';
231+
232+ switch ($type) {
233+ case 'draw':
234234 $this->im_info = GetImageSize($p);
235235
236- $tsize['h'] = requestVar('hsize');
237- if (!$tsize['h'] && requestVar('wsize')){
238- $tsize['w'] = requestVar('wsize');
236+ $tsize['h'] = intRequestVar('hsize');
237+ if (!$tsize['h'] && intRequestVar('wsize')){
238+ $tsize['w'] = intRequestVar('wsize');
239239 $tsize['h'] = intval($this->im_info[1] * $tsize['w'] / $this->im_info[0]);
240240 }
241241 if (!$tsize['h']) {
@@ -251,6 +251,11 @@ class NP_ExtractImage extends NucleusPlugin
251251 ImageCopyResampled( $im, $im_r, 0, 0, 0, 0, $tsize['w'], $tsize['h'], $this->im_info[0], $this->im_info[1] );
252252
253253 switch ($this->im_info[2]) {
254+ case 1:
255+ header ("Content-type: image/gif");
256+ ImageGif($im);
257+ imagedestroy($im);
258+ break;
254259 case 2:
255260 header ("Content-type: image/jpeg");
256261 ImageJpeg($im);
@@ -267,7 +272,7 @@ class NP_ExtractImage extends NucleusPlugin
267272 break;
268273
269274 default:
270- Header('Location: ' . $return);
275+ return 'No such action';
271276 break;
272277 //_=======
273278 }
Show on old repository browser