4 * PHP script to stream out an image thumbnail.
5 * If the file exists, we make do with abridged MediaWiki initialisation.
8 define( 'MEDIAWIKI', true );
10 if ( isset( $_REQUEST['GLOBALS'] ) ) {
11 echo '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>';
15 $wgNoOutputBuffer = true;
17 require_once( './includes/Defines.php' );
18 require_once( './LocalSettings.php' );
19 require_once( 'GlobalFunctions.php' );
21 $wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
23 require_once( 'Image.php' );
24 require_once( 'StreamFile.php' );
26 // Get input parameters
28 if ( get_magic_quotes_gpc() ) {
29 $fileName = stripslashes( $_REQUEST['f'] );
30 $width = stripslashes( $_REQUEST['w'] );
32 $fileName = $_REQUEST['f'];
33 $width = $_REQUEST['w'];
36 $pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0";
38 // Some basic input validation
40 $width = intval( $width );
41 $fileName = strtr( $fileName, '\\/', '__' );
43 // Work out paths, carefully avoiding constructing an Image object because that won't work yet
45 $imagePath = wfImageDir( $fileName ) . '/' . $fileName;
46 $thumbName = "{$width}px-$fileName";
50 $thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
52 if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
53 wfStreamFile( $thumbPath );
57 // OK, no valid thumbnail, time to get out the heavy machinery
58 require_once( 'Setup.php' );
59 wfProfileIn( 'thumb.php' );
61 $img = Image
::newFromName( $fileName );
63 $thumb = $img->renderThumb( $width, false );
68 if ( $thumb && $thumb->path
) {
69 wfStreamFile( $thumb->path
);
71 $badtitle = wfMsg( 'badtitle' );
72 $badtitletext = wfMsg( 'badtitletext' );
74 <title>$badtitle</title>
81 wfProfileOut( 'thumb.php' );