84 lines
3.3 KiB
PHP
84 lines
3.3 KiB
PHP
<?php
|
|
// file deepcode ignore PT: Input is sanitized using realpath which is ignored by Snyk
|
|
// file deepcode ignore Ssrf: Input is sanitized using realpath which is ignored by Snyk
|
|
|
|
$filepath = "";
|
|
if (isset($_GET['url'])) {
|
|
$filepath = realpath($_GET['url']);
|
|
}
|
|
|
|
if ($filepath !== false && strlen($filepath) > 0 && strpos($_GET['url'], 'uploads/') === 0 && is_file($filepath)) {
|
|
if(isset($_GET['size'])) {
|
|
$availableSizes = ['thumb', 'small', 'medium', 'large', 'xlarge']; // we ignore full as its the original file
|
|
$requestedSize = strtolower($_GET['size']);
|
|
$requestedSizeIndex = array_search($requestedSize, $availableSizes);
|
|
|
|
// Loop through the array from the requested size index
|
|
if($requestedSizeIndex !== false) {
|
|
for ($i = $requestedSizeIndex; $i < count($availableSizes); $i++) {
|
|
$sizePath = pathinfo($filepath, PATHINFO_DIRNAME) . '/' . pathinfo($filepath, PATHINFO_FILENAME) . "-$availableSizes[$i]." . pathinfo($filepath, PATHINFO_EXTENSION);
|
|
if (file_exists($sizePath)) {
|
|
$filepath = $sizePath;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
// Output the original image to the browser
|
|
header('Content-Type: '. mime_content_type($filepath));
|
|
header('Content-Disposition: inline; filename=' . pathinfo($filepath, PATHINFO_FILENAME) . '.' . pathinfo($filepath, PATHINFO_EXTENSION));
|
|
readfile($filepath);
|
|
} else {
|
|
$newWidth = (isset($_GET['w']) ? intval($_GET['w']) : -1);
|
|
$newHeight = (isset($_GET['h']) ? intval($_GET['h']) : -1);
|
|
|
|
if($newWidth != -1 || $newHeight != -1) {
|
|
$image = imagecreatefromstring(file_get_contents($filepath));
|
|
|
|
$width = imagesx($image);
|
|
$height = imagesy($image);
|
|
|
|
$aspectRatio = $width / $height;
|
|
|
|
if($newWidth == -1) {
|
|
$newWidth = intval($newHeight * $aspectRatio);
|
|
}
|
|
|
|
if($newHeight == -1) {
|
|
$newHeight = intval($newWidth / $aspectRatio);
|
|
}
|
|
|
|
$newImage = imagecreatetruecolor($newWidth, $newHeight);
|
|
imagecopyresampled($newImage, $image, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height);
|
|
|
|
// Output the resized image to the browser
|
|
$mime_type = mime_content_type($_GET['url']);
|
|
header('Content-Type: ' . $mime_type);
|
|
switch($mime_type) {
|
|
case "image/jpeg":
|
|
imagejpeg($newImage);
|
|
break;
|
|
case "image/gif":
|
|
imagegif($newImage);
|
|
break;
|
|
case "image/png":
|
|
imagepng($newImage);
|
|
break;
|
|
}
|
|
imagedestroy($newImage);
|
|
|
|
// Clean up the image resources
|
|
imagedestroy($image);
|
|
} else {
|
|
// Output the original image to the browser
|
|
header('Content-Type: '. mime_content_type($filepath));
|
|
header('Content-Disposition: inline; filename=' . pathinfo($filepath, PATHINFO_FILENAME) . '.' . pathinfo($filepath, PATHINFO_EXTENSION));
|
|
readfile($filepath);
|
|
}
|
|
}
|
|
} else {
|
|
// Return a 404 error
|
|
header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
|
|
exit;
|
|
}
|