Shortcodes Ultimate - Version 3.0.2

Version Description

Upgrade normally via your Wordpress admin -> Plugins panel.

Download this release

Release Info

Developer gn_themes
Plugin Icon 128x128 Shortcodes Ultimate
Version 3.0.2
Comparing to
See all releases

Code changes from version 3.0.1 to 3.0.2

Files changed (4) hide show
  1. lib/available.php +1 -1
  2. lib/timthumb.php +101 -82
  3. readme.txt +1 -1
  4. shortcodes-ultimate.php +1 -1
lib/available.php CHANGED
@@ -486,7 +486,7 @@
486
  # menu
487
  'menu' => array(
488
  'name' => 'Menu',
489
- 'type' => 'wrap',
490
  'atts' => array(
491
  'name' => array(
492
  'values' => array( ),
486
  # menu
487
  'menu' => array(
488
  'name' => 'Menu',
489
+ 'type' => 'single',
490
  'atts' => array(
491
  'name' => array(
492
  'values' => array( ),
lib/timthumb.php CHANGED
@@ -3,7 +3,7 @@
3
  * TimThumb by Ben Gillbanks and Mark Maunder
4
  * Based on work done by Tim McDaniels and Darren Hoyt
5
  * http://code.google.com/p/timthumb/
6
- *
7
  * GNU General Public License, version 2
8
  * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9
  *
@@ -11,41 +11,51 @@
11
  * http://www.binarymoon.co.uk/projects/timthumb/
12
  */
13
 
14
- //Main config vars
15
- define ('VERSION', '2.4'); // Version of this script
16
- define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
17
- define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy
18
- define ('MEMORY_LIMIT', '30M'); // Set PHP memory limit
19
- define ('BLOCK_EXTERNAL_LEECHERS', false); // If the image or webshot is being loaded on an external site, display a red "No Hotlinking" gif.
 
 
 
 
 
 
 
 
 
 
20
 
21
  //Image fetching and caching
22
- define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
23
- define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
24
- define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
25
- define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
26
- define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
27
- define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
28
- define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
29
- define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
30
- define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
31
- define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
32
  //Browser caching
33
- define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
34
- define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
35
 
36
  //Image size
37
- define ('MAX_WIDTH', 1500); // Maximum image width
38
- define ('MAX_HEIGHT', 1500); // Maximum image height
39
 
40
  //Image compression is enabled if either of these point to valid paths
41
- define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
42
- define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
43
 
44
  /*
45
  -------====Website Screenshots configuration - BETA====-------
46
-
47
- If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
48
-
49
  If you would like to get website screenshots set up, you will need root access to your own server.
50
 
51
  Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
@@ -64,7 +74,7 @@ define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_P
64
  9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
65
  10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
66
 
67
- Notes on performance:
68
  The first time a webshot loads, it will take a few seconds.
69
  From then on it uses the regular timthumb caching mechanism with the configurable options above
70
  and loading will be very fast.
@@ -72,39 +82,41 @@ define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_P
72
  --ADVANCED USERS ONLY--
73
  If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
74
  nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
75
- Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
76
  You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
77
- You will also need to take responsibility for server security if you're running Xvfb as root.
78
 
79
 
80
  */
81
- define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
82
- define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
83
- define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
84
- define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
85
- define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
86
- define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
87
- define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
88
- define ('WEBSHOT_TIMEOUT', '300'); //Seconds to wait for a webshot
89
- define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
90
- define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
91
- define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
92
- define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
93
- define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
94
- define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
95
-
96
-
97
- // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
98
- $ALLOWED_SITES = array (
99
- 'flickr.com',
100
- 'picasa.com',
101
- 'img.youtube.com',
102
- 'upload.wikimedia.org',
103
- 'photobucket.com',
104
- 'imgur.com',
105
- 'imageshack.us',
106
- 'tinypic.com'
107
- );
 
 
108
  // -------------------------------------------------------------
109
  // -------------- STOP EDITING CONFIGURATION HERE --------------
110
  // -------------------------------------------------------------
@@ -126,7 +138,6 @@ class timthumb {
126
  protected $cacheDirectory = '';
127
  protected $startTime = 0;
128
  protected $lastBenchTime = 0;
129
- protected $isOwnHost = false;
130
  protected $cropTop = false;
131
  protected $salt = "";
132
  protected $fileCacheVersion = 1; //Generally if timthumb.php is modifed (upgraded) then the salt changes and all cache files are recreated. This is a backup mechanism to force regen.
@@ -171,9 +182,9 @@ class timthumb {
171
  } else {
172
  $this->cacheDirectory = sys_get_temp_dir();
173
  }
174
- //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
175
  $this->cleanCache();
176
-
177
  $this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
178
  $this->src = $this->param('src');
179
  $this->url = parse_url($this->src);
@@ -193,7 +204,7 @@ class timthumb {
193
  exit(0);
194
  }
195
  if(preg_match('/https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $this->src)){
196
- $this->isOwnHost = true;
197
  }
198
  if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
199
  $this->debug(2, "Is a request for an external URL: " . $this->src);
@@ -206,8 +217,8 @@ class timthumb {
206
  return false;
207
  }
208
  if($this->isURL){
209
- if(ALLOW_ALL_EXTERNAL_SITES || $this->isOwnHost){
210
- $this->debug(2, "Fetching from all external sites is enabled or this is our own server.");
211
  } else {
212
  $this->debug(2, "Fetching only from selected external sites is enabled.");
213
  $allowed = false;
@@ -273,9 +284,9 @@ class timthumb {
273
  return true;
274
  }
275
  protected function handleErrors(){
276
- if($this->haveErrors()){
277
- $this->serveErrors();
278
- exit(0);
279
  }
280
  return false;
281
  }
@@ -332,7 +343,7 @@ class timthumb {
332
  } else {
333
  $this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
334
  $this->error("An error occured fetching image.");
335
- return false;
336
  }
337
  }
338
  } else {
@@ -391,14 +402,14 @@ class timthumb {
391
  if($this->processImageAndWriteToCache($this->localImage)){
392
  $this->serveCacheFile();
393
  return true;
394
- } else {
395
  return false;
396
  }
397
  }
398
  protected function cleanCache(){
399
  $this->debug(3, "cleanCache() called");
400
  $lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
401
-
402
  //If this is a new timthumb installation we need to create the file
403
  if(! is_file($lastCleanFile)){
404
  $this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
@@ -424,7 +435,10 @@ class timthumb {
424
  return false;
425
  }
426
  protected function processImageAndWriteToCache($localImage){
427
- $mimeType = $this->getMimeType($localImage);
 
 
 
428
  $this->debug(3, "Mime type of image is $mimeType");
429
  if(! preg_match('/^image\/(?:gif|jpg|jpeg|png)$/i', $mimeType)){
430
  return $this->error("The image being resized is not a valid gif, jpg or png.");
@@ -657,12 +671,17 @@ class timthumb {
657
  imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset);
658
 
659
  }
 
 
 
 
 
660
  $imgType = "";
661
  $tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
662
- if(preg_match('/^image\/(?:jpg|jpeg)$/i', $mimeType)){
663
  $imgType = 'jpg';
664
- imagejpeg($canvas, $tempfile, $quality);
665
- } else if(preg_match('/^image\/png$/i', $mimeType)){
666
  $imgType = 'png';
667
  imagepng($canvas, $tempfile, floor($quality * 0.09));
668
  } else if(preg_match('/^image\/gif$/i', $mimeType)){
@@ -714,7 +733,7 @@ class timthumb {
714
  $tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
715
  $context = stream_context_create ();
716
  $fp = fopen($tempfile,'r',0,$context);
717
- file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
718
  file_put_contents($tempfile4, $fp, FILE_APPEND);
719
  fclose($fp);
720
  @unlink($tempfile);
@@ -742,19 +761,19 @@ class timthumb {
742
  }
743
  protected function calcDocRoot(){
744
  $docRoot = @$_SERVER['DOCUMENT_ROOT'];
745
- if(!isset($docRoot)){
746
  $this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
747
  if(isset($_SERVER['SCRIPT_FILENAME'])){
748
  $docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
749
  $this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
750
- }
751
  }
752
- if(!isset($docRoot)){
753
  $this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
754
  if(isset($_SERVER['PATH_TRANSLATED'])){
755
  $docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
756
  $this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
757
- }
758
  }
759
  if($docRoot){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
760
  $this->debug(3, "Doc root is: " . $docRoot);
@@ -804,7 +823,7 @@ class timthumb {
804
  if(file_exists($base . $src)){
805
  $this->debug(3, "Found file as: " . $base . $src);
806
  $real = realpath($base . $src);
807
- if(strpos($real, $realDocRoot) === 0){
808
  return $real;
809
  } else {
810
  $this->debug(1, "Security block: The file specified occurs outside the document root.");
@@ -845,8 +864,8 @@ class timthumb {
845
  return $this->error("Invalid URL supplied.");
846
  }
847
  $url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,\;\=]+/', '', $url); //RFC 3986
848
- //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
849
- // which AFAIKT can't be used for shell injection.
850
  if(WEBSHOT_XVFB_RUNNING){
851
  putenv('DISPLAY=:100.0');
852
  $command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
@@ -994,7 +1013,7 @@ class timthumb {
994
  $rem = @$_SERVER["REMOTE_ADDR"];
995
  $ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
996
  $ci = @$_SERVER["HTTP_CLIENT_IP"];
997
- if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){
998
  if($ff){ return $ff; }
999
  if($ci){ return $ci; }
1000
  return $rem;
@@ -1067,7 +1086,7 @@ class timthumb {
1067
  curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1068
  @curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1069
  @curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1070
-
1071
  $curlResult = curl_exec($curl);
1072
  fclose(self::$curlFH);
1073
 
3
  * TimThumb by Ben Gillbanks and Mark Maunder
4
  * Based on work done by Tim McDaniels and Darren Hoyt
5
  * http://code.google.com/p/timthumb/
6
+ *
7
  * GNU General Public License, version 2
8
  * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9
  *
11
  * http://www.binarymoon.co.uk/projects/timthumb/
12
  */
13
 
14
+ /*
15
+ -----TimThumb CONFIGURATION-----
16
+ You can either edit the configuration variables manually here, or you can
17
+ create a file called timthumb-config.php and define variables you want
18
+ to customize in there. It will automatically be loaded by timthumb.
19
+ This will save you having to re-edit these variables everytime you download
20
+ a new version of timthumb.
21
+
22
+ */
23
+ define ('VERSION', '2.5'); // Version of this script
24
+ //Load a config file if it exists. Otherwise, use the values below.
25
+ if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
26
+ if(! defined( 'DEBUG_ON' ) ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
27
+ if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy
28
+ if(! defined('MEMORY_LIMIT') ) define ('MEMORY_LIMIT', '30M'); // Set PHP memory limit
29
+ if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', false); // If the image or webshot is being loaded on an external site, display a red "No Hotlinking" gif.
30
 
31
  //Image fetching and caching
32
+ if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33
+ if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34
+ if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35
+ if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36
+ if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
37
+ if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
38
+ if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
39
+ if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
40
+ if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
41
+ if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
42
  //Browser caching
43
+ if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
44
+ if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
45
 
46
  //Image size
47
+ if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
48
+ if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
49
 
50
  //Image compression is enabled if either of these point to valid paths
51
+ if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
52
+ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
53
 
54
  /*
55
  -------====Website Screenshots configuration - BETA====-------
56
+
57
+ If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
58
+
59
  If you would like to get website screenshots set up, you will need root access to your own server.
60
 
61
  Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
74
  9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
75
  10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
76
 
77
+ Notes on performance:
78
  The first time a webshot loads, it will take a few seconds.
79
  From then on it uses the regular timthumb caching mechanism with the configurable options above
80
  and loading will be very fast.
82
  --ADVANCED USERS ONLY--
83
  If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
84
  nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
85
+ Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
86
  You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
87
+ You will also need to take responsibility for server security if you're running Xvfb as root.
88
 
89
 
90
  */
91
+ if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
92
+ if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
93
+ if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
94
+ if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
95
+ if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
96
+ if(! defined('WEBSHOT_COLOR_DEPTH') ) define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
97
+ if(! defined('WEBSHOT_IMAGE_FORMAT') ) define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
98
+ if(! defined('WEBSHOT_TIMEOUT') ) define ('WEBSHOT_TIMEOUT', '300'); //Seconds to wait for a webshot
99
+ if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
100
+ if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
101
+ if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
102
+ if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
103
+ if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
104
+ if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
105
+
106
+
107
+ // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
108
+ if(! isset($ALLOWED_SITES)){
109
+ $ALLOWED_SITES = array (
110
+ 'flickr.com',
111
+ 'picasa.com',
112
+ 'img.youtube.com',
113
+ 'upload.wikimedia.org',
114
+ 'photobucket.com',
115
+ 'imgur.com',
116
+ 'imageshack.us',
117
+ 'tinypic.com'
118
+ );
119
+ }
120
  // -------------------------------------------------------------
121
  // -------------- STOP EDITING CONFIGURATION HERE --------------
122
  // -------------------------------------------------------------
138
  protected $cacheDirectory = '';
139
  protected $startTime = 0;
140
  protected $lastBenchTime = 0;
 
141
  protected $cropTop = false;
142
  protected $salt = "";
143
  protected $fileCacheVersion = 1; //Generally if timthumb.php is modifed (upgraded) then the salt changes and all cache files are recreated. This is a backup mechanism to force regen.
182
  } else {
183
  $this->cacheDirectory = sys_get_temp_dir();
184
  }
185
+ //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
186
  $this->cleanCache();
187
+
188
  $this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
189
  $this->src = $this->param('src');
190
  $this->url = parse_url($this->src);
204
  exit(0);
205
  }
206
  if(preg_match('/https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $this->src)){
207
+ $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
208
  }
209
  if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
210
  $this->debug(2, "Is a request for an external URL: " . $this->src);
217
  return false;
218
  }
219
  if($this->isURL){
220
+ if(ALLOW_ALL_EXTERNAL_SITES){
221
+ $this->debug(2, "Fetching from all external sites is enabled.");
222
  } else {
223
  $this->debug(2, "Fetching only from selected external sites is enabled.");
224
  $allowed = false;
284
  return true;
285
  }
286
  protected function handleErrors(){
287
+ if($this->haveErrors()){
288
+ $this->serveErrors();
289
+ exit(0);
290
  }
291
  return false;
292
  }
343
  } else {
344
  $this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
345
  $this->error("An error occured fetching image.");
346
+ return false;
347
  }
348
  }
349
  } else {
402
  if($this->processImageAndWriteToCache($this->localImage)){
403
  $this->serveCacheFile();
404
  return true;
405
+ } else {
406
  return false;
407
  }
408
  }
409
  protected function cleanCache(){
410
  $this->debug(3, "cleanCache() called");
411
  $lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
412
+
413
  //If this is a new timthumb installation we need to create the file
414
  if(! is_file($lastCleanFile)){
415
  $this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
435
  return false;
436
  }
437
  protected function processImageAndWriteToCache($localImage){
438
+ $sData = getimagesize($localImage);
439
+ $origType = $sData[2];
440
+ $mimeType = $sData['mime'];
441
+
442
  $this->debug(3, "Mime type of image is $mimeType");
443
  if(! preg_match('/^image\/(?:gif|jpg|jpeg|png)$/i', $mimeType)){
444
  return $this->error("The image being resized is not a valid gif, jpg or png.");
671
  imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset);
672
 
673
  }
674
+ //Straight from Wordpress core code. Reduces filesize by up to 70% for PNG's
675
+ if ( IMAGETYPE_PNG == $origType && function_exists('imageistruecolor') && !imageistruecolor( $image ) ){
676
+ imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) );
677
+ }
678
+
679
  $imgType = "";
680
  $tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
681
+ if(preg_match('/^image\/(?:jpg|jpeg)$/i', $mimeType)){
682
  $imgType = 'jpg';
683
+ imagejpeg($canvas, $tempfile, $quality);
684
+ } else if(preg_match('/^image\/png$/i', $mimeType)){
685
  $imgType = 'png';
686
  imagepng($canvas, $tempfile, floor($quality * 0.09));
687
  } else if(preg_match('/^image\/gif$/i', $mimeType)){
733
  $tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
734
  $context = stream_context_create ();
735
  $fp = fopen($tempfile,'r',0,$context);
736
+ file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
737
  file_put_contents($tempfile4, $fp, FILE_APPEND);
738
  fclose($fp);
739
  @unlink($tempfile);
761
  }
762
  protected function calcDocRoot(){
763
  $docRoot = @$_SERVER['DOCUMENT_ROOT'];
764
+ if(!isset($docRoot)){
765
  $this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
766
  if(isset($_SERVER['SCRIPT_FILENAME'])){
767
  $docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
768
  $this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
769
+ }
770
  }
771
+ if(!isset($docRoot)){
772
  $this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
773
  if(isset($_SERVER['PATH_TRANSLATED'])){
774
  $docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
775
  $this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
776
+ }
777
  }
778
  if($docRoot){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
779
  $this->debug(3, "Doc root is: " . $docRoot);
823
  if(file_exists($base . $src)){
824
  $this->debug(3, "Found file as: " . $base . $src);
825
  $real = realpath($base . $src);
826
+ if(strpos($real, $realDocRoot) === 0){
827
  return $real;
828
  } else {
829
  $this->debug(1, "Security block: The file specified occurs outside the document root.");
864
  return $this->error("Invalid URL supplied.");
865
  }
866
  $url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,\;\=]+/', '', $url); //RFC 3986
867
+ //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
868
+ // which AFAIKT can't be used for shell injection.
869
  if(WEBSHOT_XVFB_RUNNING){
870
  putenv('DISPLAY=:100.0');
871
  $command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
1013
  $rem = @$_SERVER["REMOTE_ADDR"];
1014
  $ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1015
  $ci = @$_SERVER["HTTP_CLIENT_IP"];
1016
+ if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){
1017
  if($ff){ return $ff; }
1018
  if($ci){ return $ci; }
1019
  return $rem;
1086
  curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1087
  @curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1088
  @curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1089
+
1090
  $curlResult = curl_exec($curl);
1091
  fclose(self::$curlFH);
1092
 
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://ilovecode.ru/donate/
4
  Tags: shortcode, shortcodes, short code, shortcodes, tab, tabs, button, buttons, jquery, box, boxes, toggle, spoiler, column, columns, services, service, pullquote, list, lists, frame, images, image, links, fancy, fancy link, fancy links, fancy buttons, jquery tabs, accordeon, slider, nivo, nivo slider, plugin, admin, photoshop, gallery, bloginfo, list pages, sub pages, navigation, siblings pages, children pages, permalink, permalinks, feed, document, member, members, documents, jcarousel, rss
5
  Requires at least: 3.0
6
  Tested up to: 3.2.9
7
- Stable tag: 3.0.1
8
 
9
  Provides support for multiple useful shortcodes
10
 
4
  Tags: shortcode, shortcodes, short code, shortcodes, tab, tabs, button, buttons, jquery, box, boxes, toggle, spoiler, column, columns, services, service, pullquote, list, lists, frame, images, image, links, fancy, fancy link, fancy links, fancy buttons, jquery tabs, accordeon, slider, nivo, nivo slider, plugin, admin, photoshop, gallery, bloginfo, list pages, sub pages, navigation, siblings pages, children pages, permalink, permalinks, feed, document, member, members, documents, jcarousel, rss
5
  Requires at least: 3.0
6
  Tested up to: 3.2.9
7
+ Stable tag: 3.0.2
8
 
9
  Provides support for multiple useful shortcodes
10
 
shortcodes-ultimate.php CHANGED
@@ -2,7 +2,7 @@
2
  /*
3
  Plugin Name: Shortcodes Ultimate
4
  Plugin URI: http://ilovecode.ru/?p=122
5
- Version: 3.0.1
6
  Author: Vladimir Anokhin
7
  Author URI: http://ilovecode.ru/
8
  Description: Provides support for many easy to use shortcodes
2
  /*
3
  Plugin Name: Shortcodes Ultimate
4
  Plugin URI: http://ilovecode.ru/?p=122
5
+ Version: 3.0.2
6
  Author: Vladimir Anokhin
7
  Author URI: http://ilovecode.ru/
8
  Description: Provides support for many easy to use shortcodes