4 * PHP script to stream out an image thumbnail.
5 * If the file exists, we make do with abridged MediaWiki initialisation.
8 define( 'MEDIAWIKI', true );
10 if ( isset( $_REQUEST['GLOBALS'] ) ) {
11 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
14 $wgNoOutputBuffer = true;
16 require_once( './includes/Defines.php' );
17 require_once( './LocalSettings.php' );
18 require_once( 'GlobalFunctions.php' );
20 $wgTrivialMimeDetection = true; //don't use fancy mime detection, just check the file extension for jpg/gif/png.
22 require_once( 'Image.php' );
23 require_once( 'StreamFile.php' );
25 // Get input parameters
27 if ( get_magic_quotes_gpc() ) {
28 $fileName = stripslashes( $_REQUEST['f'] );
29 $width = stripslashes( $_REQUEST['w'] );
31 $fileName = $_REQUEST['f'];
32 $width = $_REQUEST['w'];
35 $pre_render= isset($_REQUEST['r']) && $_REQUEST['r']!="0";
37 // Some basic input validation
39 $width = intval( $width );
40 $fileName = strtr( $fileName, '\\/', '__' );
42 // Work out paths, carefully avoiding constructing an Image object because that won't work yet
44 $imagePath = wfImageDir( $fileName ) . '/' . $fileName;
45 $thumbName = "{$width}px-$fileName";
49 $thumbPath = wfImageThumbDir( $fileName ) . '/' . $thumbName;
51 if ( file_exists( $thumbPath ) && filemtime( $thumbPath ) >= filemtime( $imagePath ) ) {
52 wfStreamFile( $thumbPath );
56 // OK, no valid thumbnail, time to get out the heavy machinery
57 require_once( 'Setup.php' );
58 wfProfileIn( 'thumb.php' );
60 $img = Image
::newFromName( $fileName );
62 $thumb = $img->renderThumb( $width, false );
67 if ( $thumb && $thumb->path
) {
68 wfStreamFile( $thumb->path
);
70 $badtitle = wfMsg( 'badtitle' );
71 $badtitletext = wfMsg( 'badtitletext' );
73 <title>$badtitle</title>
80 wfProfileOut( 'thumb.php' );