Bug #24140 » 16485_43_v2.patch
| typo3/sysext/cms/tslib/class.tslib_content.php (Arbeitskopie) | ||
|---|---|---|
|
// imageFileLink:
|
||
|
if ($content==$string && @is_file($imageFile)) {
|
||
|
$params = '';
|
||
|
if ($conf['width']) {$params.='&width='.rawurlencode($conf['width']);}
|
||
|
if ($conf['height']) {$params.='&height='.rawurlencode($conf['height']);}
|
||
|
if ($conf['effects']) {$params.='&effects='.rawurlencode($conf['effects']);}
|
||
|
if ($conf['sample']) {$params.='&sample=1';}
|
||
|
if ($conf['alternativeTempPath']) {$params.='&alternativeTempPath='.rawurlencode($conf['alternativeTempPath']);}
|
||
|
$parameterNames = array('width', 'height', 'effects', 'alternativeTempPath', 'bodyTag', 'title', 'wrap');
|
||
|
$parameters = array();
|
||
|
// includes lines above in cache
|
||
|
$showPicContent = '
|
||
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
|
if (isset($conf['sample']) && $conf['sample']) {
|
||
|
$parameters['sample'] = 1;
|
||
|
}
|
||
|
<html>
|
||
|
<head>
|
||
|
<title>' . htmlspecialchars($conf['title'] ? $conf['title'] : 'Image') . '</title>
|
||
|
' . ($conf['title'] ? '' : '<meta name="robots" content="noindex,follow" />') . '
|
||
|
</head>
|
||
|
' . ($conf['bodyTag'] ? $conf['bodyTag'] : '<body>');
|
||
|
foreach ($parameterNames as $parameterName) {
|
||
|
if (isset($conf[$parameterName]) && $conf[$parameterName]) {
|
||
|
$parameters[$parameterName] = $conf[$parameterName];
|
||
|
}
|
||
|
}
|
||
|
$wrapParts = explode('|', $conf['wrap']);
|
||
|
$showPicContent .= trim($wrapParts[0]) . '###IMAGE###' . trim($wrapParts[1]);
|
||
|
$showPicContent .= '
|
||
|
</body>
|
||
|
</html>';
|
||
|
$contentHash = md5('showpic' . $showPicContent);
|
||
|
t3lib_pageSelect::storeHash($contentHash, $showPicContent, 'showpic');
|
||
|
$parametersEncoded = base64_encode(serialize($parameters));
|
||
|
$md5_value = md5(
|
||
|
$imageFile . '|' .
|
||
|
$conf['width'] . '|' .
|
||
|
$conf['height'] . '|' .
|
||
|
$conf['effects'] . '||||' .
|
||
|
$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . '|');
|
||
|
implode(
|
||
|
'|',
|
||
|
array($imageFile, $parametersEncoded, $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])
|
||
|
)
|
||
|
);
|
||
|
$params .= '&md5=' . $md5_value . '&contentHash=' . $contentHash;
|
||
|
$params = '&md5=' . $md5_value;
|
||
|
foreach (str_split($parametersEncoded, 64) as $index => $chunk) {
|
||
|
$params .= '¶meters[' . $index . ']=' . rawurlencode($chunk);
|
||
|
}
|
||
|
$url = $GLOBALS['TSFE']->absRefPrefix.'index.php?eID=tx_cms_showpic&file='.rawurlencode($imageFile).$params;
|
||
|
if ($conf['JSwindow.']['altUrl'] || $conf['JSwindow.']['altUrl.']) {
|
||
|
$altUrl = $this->stdWrap($conf['JSwindow.']['altUrl'], $conf['JSwindow.']['altUrl.']);
|
||
| typo3/sysext/cms/tslib/showpic.php (Arbeitskopie) | ||
|---|---|---|
|
var $title;
|
||
|
var $wrap;
|
||
|
var $md5;
|
||
|
var $contentHash;
|
||
|
/**
|
||
|
* @var string
|
||
|
*/
|
||
|
protected $parametersEncoded;
|
||
|
/**
|
||
|
* Init function, setting the input vars in the global space.
|
||
|
*
|
||
|
* @return void
|
||
| ... | ... | |
|
function init() {
|
||
|
// Loading internal vars with the GET/POST parameters from outside:
|
||
|
$this->file = t3lib_div::_GP('file');
|
||
|
$this->width = t3lib_div::_GP('width');
|
||
|
$this->height = t3lib_div::_GP('height');
|
||
|
$this->sample = t3lib_div::_GP('sample');
|
||
|
$this->alternativeTempPath = t3lib_div::_GP('alternativeTempPath');
|
||
|
$this->effects = t3lib_div::_GP('effects');
|
||
|
$this->parametersEncoded = implode(t3lib_div::_GP('parameters'));
|
||
|
$this->frame = t3lib_div::_GP('frame');
|
||
|
$this->bodyTag = t3lib_div::_GP('bodyTag');
|
||
|
$this->title = t3lib_div::_GP('title');
|
||
|
$this->wrap = t3lib_div::_GP('wrap');
|
||
|
$this->md5 = t3lib_div::_GP('md5');
|
||
|
$this->contentHash = t3lib_div::_GP('contentHash');
|
||
|
// ***********************
|
||
|
// Check parameters
|
||
| ... | ... | |
|
// Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters
|
||
|
$md5_value = md5(
|
||
|
$this->file.'|'.
|
||
|
$this->width.'|'.
|
||
|
$this->height.'|'.
|
||
|
$this->effects.'|'.
|
||
|
$this->bodyTag.'|'.
|
||
|
$this->title.'|'.
|
||
|
$this->wrap.'|'.
|
||
|
$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
|
||
|
implode(
|
||
|
'|',
|
||
|
array($this->file, $this->parametersEncoded, $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'])
|
||
|
)
|
||
|
);
|
||
|
if ($md5_value!=$this->md5) {
|
||
|
die('Parameter Error: Wrong parameters sent.');
|
||
|
}
|
||
|
// Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
|
||
|
$GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
|
||
|
$GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db);
|
||
|
if (TYPO3_UseCachingFramework) {
|
||
|
$GLOBALS['typo3CacheManager'] = t3lib_div::makeInstance('t3lib_cache_Manager');
|
||
|
$GLOBALS['typo3CacheFactory'] = t3lib_div::makeInstance('t3lib_cache_Factory');
|
||
|
$GLOBALS['typo3CacheFactory']->setCacheManager($GLOBALS['typo3CacheManager']);
|
||
|
t3lib_cache::initPageCache();
|
||
|
t3lib_cache::initPageSectionCache();
|
||
|
t3lib_cache::initContentHashCache();
|
||
|
$parameters = unserialize(base64_decode($this->parametersEncoded));
|
||
|
foreach ($parameters as $parameterName => $parameterValue) {
|
||
|
$this->$parameterName = $parameterValue;
|
||
|
}
|
||
|
// Check for the new content cache hash
|
||
|
if (strlen(t3lib_div::_GP('contentHash')) > 0) {
|
||
|
$this->content = t3lib_pageSelect::getHash($this->contentHash);
|
||
|
if (is_null($this->content)) {
|
||
|
die('Parameter Error: Content not available.');
|
||
|
}
|
||
|
}
|
||
|
// ***********************
|
||
|
// Check the file. If must be in a directory beneath the dir of this script...
|
||
|
// $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path
|
||
| ... | ... | |
|
$img->tempPath = $this->alternativeTempPath;
|
||
|
}
|
||
|
// Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
|
||
|
$GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
|
||
|
$GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db);
|
||
|
if (strstr($this->width.$this->height, 'm')) {$max='m';} else {$max='';}
|
||
|
$this->height = t3lib_div::intInRange($this->height,0);
|
||
| ... | ... | |
|
if ($this->frame) {$this->frame = intval($this->frame);}
|
||
|
$imgInfo = $img->imageMagickConvert($this->file,'web',$this->width.$max,$this->height,$img->IMparams($this->effects),$this->frame,'');
|
||
|
if (strlen($this->content) > 0) {
|
||
|
// insert image in cached HTML content
|
||
|
if (is_array($imgInfo)) {
|
||
|
$this->content = str_replace('###IMAGE###', $img->imgTag($imgInfo), $this->content);
|
||
|
}
|
||
|
} else {
|
||
|
// Create HTML output:
|
||
|
$this->content .= '
|
||
|
// Create HTML output:
|
||
|
$this->content='';
|
||
|
$this->content.='
|
||
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
|
<html>
|
||
| ... | ... | |
|
</head>
|
||
|
'.($this->bodyTag ? $this->bodyTag : '<body>');
|
||
|
if (is_array($imgInfo)) {
|
||
|
$wrapParts = explode('|',$this->wrap);
|
||
|
$this->content.=trim($wrapParts[0]).$img->imgTag($imgInfo).trim($wrapParts[1]);
|
||
|
}
|
||
|
$this->content.='
|
||
|
if (is_array($imgInfo)) {
|
||
|
$wrapParts = explode('|',$this->wrap);
|
||
|
$this->content.=trim($wrapParts[0]).$img->imgTag($imgInfo).trim($wrapParts[1]);
|
||
|
}
|
||
|
$this->content.='
|
||
|
</body>
|
||
|
</html>';
|
||
|
}
|
||
|
}
|
||
|
/**
|
||