Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/thumb.php

187 lines
4.8 KiB
PHP
Raw Normal View History

Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
<?php
* s~ +$~~
2006-01-07 13:09:30 +00:00
/**
* PHP script to stream out an image thumbnail.
A few comment tag tweaks.
2007-07-11 08:09:21 +00:00
*
WARNING: HUGE COMMIT Doxygen documentation update: * Changed alls @addtogroup to @ingroup. @addtogroup adds the comment to the group description, but doesn't add the file, class, function, ... to the group like @ingroup does. See for example http://svn.wikimedia.org/doc/group__SpecialPage.html where it's impossible to see related files, classes, ... that should belong to that group. * Added @file to file description, it seems that it should be explicitely decalred for file descriptions, otherwise doxygen will think that the comment document the first class, variabled, function, ... that is in that file. * Removed some empty comments * Removed some ?> Added following groups: * ExternalStorage * JobQueue * MaintenanceLanguage One more thing: there are still a lot of warnings when generating the doc.
2008-05-20 17:13:28 +00:00
* @file
* @ingroup Media
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
*/
* Moved the main ob_start() from the default LocalSettings.php to WebStart.php. The ob_start() section should preferably be removed from older LocalSettings.php files. * Give Content-Length header for HTTP/1.0 clients. * Partial support for Flash cross-domain-policy filtering. Text entry points should be protected, but uploads are not.
2007-02-19 23:03:37 +00:00
define( 'MW_NO_OUTPUT_COMPRESSION', 1 );
Consolidated web initialisation code into includes/WebStart.php. Moved profiling setup to a hook file "StartProfiler.php", following Brion's suggestion to merge Wikimedia's early profiling patch into subversion. Renamed Profiling.php and logProfilingData(), removed unnecessary wfProfileClose() calls.
2006-07-14 05:35:31 +00:00
require_once( './includes/WebStart.php' );
* (bug 898) Mime type autodetection.
2005-05-21 07:46:17 +00:00
$wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
* Introduced media handler modules for file-type specific operations: thumbnailing, img_metadata, capabilities, etc. * Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally. * Fixed interaction of page parameter to ImagePage with the HTML file cache * Improved error reporting for image thumbnailing * Fixed MIME type for SVG files, will be silently changed from image/svg to image/svg+xml after loading from the database. * Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump instead. * Fixed odd behaviour in ImagePage on DjVu thumbnailing errors * Improved error reporting for image thumbnailing * Added sharpening option for ImageMagick thumbnailing * Removed Image::selectPage(), added page parameters to getWidth() and getHeight(), deprecated Image::renderThumb() and Image::getThumbnail() * Changed default contents of img_metadata to empty string instead of a:0:{} * Moved responsibility for respecting $wgGenerateThumbnailOnParse from the UI to Image.php
2007-04-20 12:31:36 +00:00
require_once( "$IP/includes/StreamFile.php" );
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
wfThumbMain();
wfLogProfilingData();
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
//--------------------------------------------------------------------------
* Introduced media handler modules for file-type specific operations: thumbnailing, img_metadata, capabilities, etc. * Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally. * Fixed interaction of page parameter to ImagePage with the HTML file cache * Improved error reporting for image thumbnailing * Fixed MIME type for SVG files, will be silently changed from image/svg to image/svg+xml after loading from the database. * Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump instead. * Fixed odd behaviour in ImagePage on DjVu thumbnailing errors * Improved error reporting for image thumbnailing * Added sharpening option for ImageMagick thumbnailing * Removed Image::selectPage(), added page parameters to getWidth() and getHeight(), deprecated Image::renderThumb() and Image::getThumbnail() * Changed default contents of img_metadata to empty string instead of a:0:{} * Moved responsibility for respecting $wgGenerateThumbnailOnParse from the UI to Image.php
2007-04-20 12:31:36 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
function wfThumbMain() {
wfProfileIn( __METHOD__ );
Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php). For backport to 1.15.
2010-03-08 22:39:14 +00:00
$headers = array();
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
// Get input parameters
if ( get_magic_quotes_gpc() ) {
$params = array_map( 'stripslashes', $_REQUEST );
} else {
$params = $_REQUEST;
}
$fileName = isset( $params['f'] ) ? $params['f'] : '';
unset( $params['f'] );
* (bug 898) Mime type autodetection.
2005-05-21 07:46:17 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
// Backwards compatibility parameters
if ( isset( $params['w'] ) ) {
$params['width'] = $params['w'];
unset( $params['w'] );
}
if ( isset( $params['p'] ) ) {
$params['page'] = $params['p'];
}
unset( $params['r'] );
check 'archived' param
2008-08-13 01:01:58 +00:00
// Is this a thumb of an archived file?
$isOld = (isset( $params['archived'] ) && $params['archived']);
unset( $params['archived'] );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
// Some basic input validation
$fileName = strtr( $fileName, '\\/', '__' );
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
check 'archived' param
2008-08-13 01:01:58 +00:00
// Actually fetch the image. Method depends on whether it is archived or not.
if( $isOld ) {
we need a $title here
2008-08-13 01:11:45 +00:00
// Format is <timestamp>!<name>
$bits = explode( '!', $fileName, 2 );
if( !isset($bits[1]) ) {
wfThumbError( 404, wfMsg( 'badtitletext' ) );
return;
}
Step 2 in NS_IMAGE -> NS_FILE transition (bug 44) (WARNING: huge commit). This is a global search and replace of NS_IMAGE and NS_IMAGE_TALK with NS_FILE and NS_FILE_TALK respectively in all core files, excluding those already updated in step 1 (r44004).
2008-12-01 17:14:30 +00:00
$title = Title::makeTitleSafe( NS_FILE, $bits[1] );
use makeTitleSafe()
2008-08-13 01:24:03 +00:00
if( is_null($title) ) {
wfThumbError( 404, wfMsg( 'badtitletext' ) );
return;
}
we need a $title here
2008-08-13 01:11:45 +00:00
$img = RepoGroup::singleton()->getLocalRepo()->newFromArchiveName( $title, $fileName );
check 'archived' param
2008-08-13 01:01:58 +00:00
} else {
Provisional revert of r56916 "(bug 20802) Fixed thumb.php redirect handling. Changed wfLocalFile call into RepoGroup::singleton()->getLocalRepo()->findFile" This appears to make thumb.php more permissive than it's indended and could lead to littering false-positive thumbnails around the server when used to implement 404 handlers as designed.
2009-09-30 19:00:48 +00:00
$img = wfLocalFile( $fileName );
check 'archived' param
2008-08-13 01:01:58 +00:00
}
Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php). For backport to 1.15.
2010-03-08 22:39:14 +00:00
// Check permissions if there are read restrictions
if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
if ( !$img->getTitle()->userCanRead() ) {
wfThumbError( 403, 'Access denied. You do not have permission to access ' .
'the source file.' );
return;
}
$headers[] = 'Cache-Control: private';
$headers[] = 'Vary: Cookie';
}
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
if ( !$img ) {
wfThumbError( 404, wfMsg( 'badtitletext' ) );
return;
}
if ( !$img->exists() ) {
wfThumbError( 404, 'The source file for the specified thumbnail does not exist.' );
return;
}
revert bogus change
2008-08-13 02:09:10 +00:00
$sourcePath = $img->getPath();
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
if ( $sourcePath === false ) {
wfThumbError( 500, 'The source file is not locally accessible.' );
return;
}
Output what was asked for. Don't dirty up a clean API like thumb.php with arbitrary defaults when invalid parameters are specified.
2007-05-04 15:05:42 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
// Check IMS against the source file
// This means that clients can keep a cached copy even after it has been deleted on the server
if ( !empty( $_SERVER['HTTP_IF_MODIFIED_SINCE'] ) ) {
// Fix IE brokenness
$imsString = preg_replace( '/;.*$/', '', $_SERVER["HTTP_IF_MODIFIED_SINCE"] );
// Calculate time
wfSuppressWarnings();
$imsUnix = strtotime( $imsString );
Removed error suppression operators (per bug 24159)
2010-07-18 13:16:18 +00:00
$stat = stat( $sourcePath );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
wfRestoreWarnings();
if ( $stat['mtime'] <= $imsUnix ) {
header( 'HTTP/1.1 304 Not Modified' );
return;
Output what was asked for. Don't dirty up a clean API like thumb.php with arbitrary defaults when invalid parameters are specified.
2007-05-04 15:05:42 +00:00
}
* Introduced media handler modules for file-type specific operations: thumbnailing, img_metadata, capabilities, etc. * Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally. * Fixed interaction of page parameter to ImagePage with the HTML file cache * Improved error reporting for image thumbnailing * Fixed MIME type for SVG files, will be silently changed from image/svg to image/svg+xml after loading from the database. * Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump instead. * Fixed odd behaviour in ImagePage on DjVu thumbnailing errors * Improved error reporting for image thumbnailing * Added sharpening option for ImageMagick thumbnailing * Removed Image::selectPage(), added page parameters to getWidth() and getHeight(), deprecated Image::renderThumb() and Image::getThumbnail() * Changed default contents of img_metadata to empty string instead of a:0:{} * Moved responsibility for respecting $wgGenerateThumbnailOnParse from the UI to Image.php
2007-04-20 12:31:36 +00:00
}
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
// Stream the file if it exists already
try {
if ( false != ( $thumbName = $img->thumbName( $params ) ) ) {
$thumbPath = $img->getThumbPath( $thumbName );
if ( is_file( $thumbPath ) ) {
Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php). For backport to 1.15.
2010-03-08 22:39:14 +00:00
wfStreamFile( $thumbPath, $headers );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
return;
}
}
} catch ( MWException $e ) {
wfThumbError( 500, $e->getHTML() );
return;
}
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
try {
Merged filerepo-work branch: * Added support for configuration of an arbitrary number of commons-style file repositories. * Split Image.php into filerepo/File.php and filerepo/LocalFile.php * Renamed Image::getImagePath() to File::getPath() * Added initial support for timestamp-based file fetching (OldLocalFile), to be expanded upon by aaron. * Changed the interface for Image/File object creation: use wfFindFile() or wfLocalFile() depending on semantics * ImageGallery::add() now accepts a title object as the first parameter * Moved file handling operations on upload from SpecialUpload to File * Removed path-related functions from ImageFunctions.php. Removed static path accessors from File. * Added a Content-Disposition header to thumb.php output * Improved thumb.php error handling * Updated the unit test suite to kind of partially work with modern computers. RunTests.php doesn't work just yet. Fixed an actual regression that the test suite detected -- moved some defines to Defines.php where they will be loaded consistently.
2007-05-30 21:02:32 +00:00
$thumb = $img->transform( $params, File::RENDER_NOW );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
} catch( Exception $ex ) {
// Tried to select a page on a non-paged file?
* Cleaner error behavior on thumb.php with invalid page selection
2006-10-02 21:12:28 +00:00
$thumb = false;
(bug 6420) Render thumbnails for djvu images, show multipage preview on image page
2006-08-13 17:34:48 +00:00
}
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
$errorMsg = false;
if ( !$thumb ) {
$errorMsg = wfMsgHtml( 'thumbnail_error', 'File::transform() returned false' );
} elseif ( $thumb->isError() ) {
$errorMsg = $thumb->getHtmlMsg();
} elseif ( !$thumb->getPath() ) {
$errorMsg = wfMsgHtml( 'thumbnail_error', 'No path supplied in thumbnail object' );
revert bogus change
2008-08-13 02:09:10 +00:00
} elseif ( $thumb->getPath() == $img->getPath() ) {
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
$errorMsg = wfMsgHtml( 'thumbnail_error', 'Image was not scaled, ' .
'is the requested width bigger than the source?' );
} else {
Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php). For backport to 1.15.
2010-03-08 22:39:14 +00:00
wfStreamFile( $thumb->getPath(), $headers );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
}
if ( $errorMsg !== false ) {
wfThumbError( 500, $errorMsg );
}
Optional thumbnail generation by client request, using thumb.php. This removes any need for access to image files on page view. Experimental, some aspects still haven't been tested.
2005-04-16 04:33:34 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
wfProfileOut( __METHOD__ );
}
* Introduced media handler modules for file-type specific operations: thumbnailing, img_metadata, capabilities, etc. * Deprecated $wgUseImageResize, thumbnailing will be enabled unconditionally. * Fixed interaction of page parameter to ImagePage with the HTML file cache * Improved error reporting for image thumbnailing * Fixed MIME type for SVG files, will be silently changed from image/svg to image/svg+xml after loading from the database. * Workaround for djvutoxml bug #1704049 (poor performance). Use djvudump instead. * Fixed odd behaviour in ImagePage on DjVu thumbnailing errors * Improved error reporting for image thumbnailing * Added sharpening option for ImageMagick thumbnailing * Removed Image::selectPage(), added page parameters to getWidth() and getHeight(), deprecated Image::renderThumb() and Image::getThumbnail() * Changed default contents of img_metadata to empty string instead of a:0:{} * Moved responsibility for respecting $wgGenerateThumbnailOnParse from the UI to Image.php
2007-04-20 12:31:36 +00:00
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
function wfThumbError( $status, $msg ) {
replace live hack: include debug info in thumb.php (switch it in with $wgShowHostnames)
2008-06-19 23:22:03 +00:00
global $wgShowHostnames;
Output what was asked for. Don't dirty up a clean API like thumb.php with arbitrary defaults when invalid parameters are specified.
2007-05-04 15:05:42 +00:00
header( 'Cache-Control: no-cache' );
header( 'Content-Type: text/html; charset=utf-8' );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
if ( $status == 404 ) {
header( 'HTTP/1.1 404 Not found' );
Fix data leakage from thumb.php for wikis where access to images is restricted (e.g. using img_auth.php). For backport to 1.15.
2010-03-08 22:39:14 +00:00
} elseif ( $status == 403 ) {
header( 'HTTP/1.1 403 Forbidden' );
header( 'Vary: Cookie' );
In thumb.php: * Return 404 response code for missing source file and bad title * Additionally check IMS against the source file timestamp, to allow for more aggressive purging of the server thumbnail directory. * Refactor
2008-01-30 06:12:35 +00:00
} else {
header( 'HTTP/1.1 500 Internal server error' );
}
replace live hack: include debug info in thumb.php (switch it in with $wgShowHostnames)
2008-06-19 23:22:03 +00:00
if( $wgShowHostnames ) {
Removed error suppression operators (per bug 24159)
2010-07-18 13:16:18 +00:00
$url = htmlspecialchars( isset( $_SERVER['REQUEST_URI'] ) ? $_SERVER['REQUEST_URI'] : '' );
replace live hack: include debug info in thumb.php (switch it in with $wgShowHostnames)
2008-06-19 23:22:03 +00:00
$hostname = htmlspecialchars( wfHostname() );
$debug = "<!-- $url -->\n<!-- $hostname -->\n";
} else {
$debug = "";
}
Output what was asked for. Don't dirty up a clean API like thumb.php with arbitrary defaults when invalid parameters are specified.
2007-05-04 15:05:42 +00:00
echo <<<EOT
<html><head><title>Error generating thumbnail</title></head>
<body>
<h1>Error generating thumbnail</h1>
<p>
$msg
</p>
replace live hack: include debug info in thumb.php (switch it in with $wgShowHostnames)
2008-06-19 23:22:03 +00:00
$debug
Output what was asked for. Don't dirty up a clean API like thumb.php with arbitrary defaults when invalid parameters are specified.
2007-05-04 15:05:42 +00:00
</body>
</html>
EOT;
}
Reference in a new issue Copy permalink