Shortcodes Ultimate - Version 3.2.1

Version Description

Upgrade normally via your Wordpress admin -> Plugins panel.

Download this release

Release Info

Developer gn_themes
Plugin Icon 128x128 Shortcodes Ultimate
Version 3.2.1
Comparing to
See all releases

Code changes from version 3.2.0 to 3.2.1

Files changed (3) hide show
  1. lib/timthumb.php +123 -51
  2. readme.txt +2 -3
  3. shortcodes-ultimate.php +1 -1
lib/timthumb.php CHANGED
@@ -3,7 +3,7 @@
3
* TimThumb by Ben Gillbanks and Mark Maunder
4
* Based on work done by Tim McDaniels and Darren Hoyt
5
* http://code.google.com/p/timthumb/
6
- *
7
* GNU General Public License, version 2
8
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9
*
@@ -13,14 +13,14 @@
13
14
/*
15
-----TimThumb CONFIGURATION-----
16
- You can either edit the configuration variables manually here, or you can
17
create a file called timthumb-config.php and define variables you want
18
to customize in there. It will automatically be loaded by timthumb.
19
This will save you having to re-edit these variables everytime you download
20
a new version of timthumb.
21
22
*/
23
- define ('VERSION', '2.5'); // Version of this script
24
//Load a config file if it exists. Otherwise, use the values below.
25
if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
26
if(! defined( 'DEBUG_ON' ) ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
@@ -30,32 +30,39 @@ if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', fa
30
31
//Image fetching and caching
32
if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33
- if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34
if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35
- if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36
if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
37
if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
38
if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
39
- if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
40
if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
41
if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
42
//Browser caching
43
if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
44
if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
45
46
- //Image size
47
if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
48
if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
49
50
//Image compression is enabled if either of these point to valid paths
51
- if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
52
if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
53
54
/*
55
-------====Website Screenshots configuration - BETA====-------
56
-
57
- If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
58
-
59
If you would like to get website screenshots set up, you will need root access to your own server.
60
61
Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
@@ -74,7 +81,7 @@ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush');
74
9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
75
10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
76
77
- Notes on performance:
78
The first time a webshot loads, it will take a few seconds.
79
From then on it uses the regular timthumb caching mechanism with the configurable options above
80
and loading will be very fast.
@@ -82,29 +89,29 @@ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush');
82
--ADVANCED USERS ONLY--
83
If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
84
nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
85
- Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
86
You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
87
- You will also need to take responsibility for server security if you're running Xvfb as root.
88
89
90
*/
91
if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
92
- if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
93
if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
94
if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
95
if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
96
if(! defined('WEBSHOT_COLOR_DEPTH') ) define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
97
if(! defined('WEBSHOT_IMAGE_FORMAT') ) define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
98
- if(! defined('WEBSHOT_TIMEOUT') ) define ('WEBSHOT_TIMEOUT', '300'); //Seconds to wait for a webshot
99
if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
100
if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
101
if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
102
if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
103
- if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
104
if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
105
106
107
- // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
108
if(! isset($ALLOWED_SITES)){
109
$ALLOWED_SITES = array (
110
'flickr.com',
@@ -125,6 +132,7 @@ timthumb::start();
125
126
class timthumb {
127
protected $src = "";
128
protected $docRoot = "";
129
protected $lastURLError = false;
130
protected $localImage = "";
@@ -177,14 +185,13 @@ class timthumb {
177
}
178
}
179
$this->cacheDirectory = FILE_CACHE_DIRECTORY;
180
- touch($this->cacheDirectory . '/index.php');
181
touch($this->cacheDirectory . '/index.html');
182
} else {
183
$this->cacheDirectory = sys_get_temp_dir();
184
}
185
- //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
186
$this->cleanCache();
187
-
188
$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
189
$this->src = $this->param('src');
190
$this->url = parse_url($this->src);
@@ -193,6 +200,8 @@ class timthumb {
193
return false;
194
}
195
if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
196
$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
197
header('Content-Type: image/gif');
198
header('Content-Length: ' . sizeof($imgData));
@@ -240,7 +249,9 @@ class timthumb {
240
} else {
241
$this->localImage = $this->getLocalImagePath($this->src);
242
if(! $this->localImage){
243
$this->error("Could not find the internal image you specified.");
244
return false;
245
}
246
$this->debug(1, "Local image path is {$this->localImage}");
@@ -276,6 +287,7 @@ class timthumb {
276
} else {
277
$this->debug(3, "webshot is NOT set so we're going to try to fetch a regular image.");
278
$this->serveExternalImage();
279
}
280
} else {
281
$this->debug(3, "Got request for internal image. Starting serveInternalImage()");
@@ -284,9 +296,24 @@ class timthumb {
284
return true;
285
}
286
protected function handleErrors(){
287
- if($this->haveErrors()){
288
- $this->serveErrors();
289
- exit(0);
290
}
291
return false;
292
}
@@ -342,8 +369,9 @@ class timthumb {
342
return false; //to indicate we didn't serve from cache and app should try and load
343
} else {
344
$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
345
$this->error("An error occured fetching image.");
346
- return false;
347
}
348
}
349
} else {
@@ -402,14 +430,14 @@ class timthumb {
402
if($this->processImageAndWriteToCache($this->localImage)){
403
$this->serveCacheFile();
404
return true;
405
- } else {
406
return false;
407
}
408
}
409
protected function cleanCache(){
410
$this->debug(3, "cleanCache() called");
411
$lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
412
-
413
//If this is a new timthumb installation we need to create the file
414
if(! is_file($lastCleanFile)){
415
$this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
@@ -672,26 +700,26 @@ class timthumb {
672
673
}
674
//Straight from Wordpress core code. Reduces filesize by up to 70% for PNG's
675
- if ( IMAGETYPE_PNG == $origType && function_exists('imageistruecolor') && !imageistruecolor( $image ) ){
676
imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) );
677
}
678
679
$imgType = "";
680
$tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
681
- if(preg_match('/^image\/(?:jpg|jpeg)#x2F;i', $mimeType)){
682
$imgType = 'jpg';
683
- imagejpeg($canvas, $tempfile, $quality);
684
- } else if(preg_match('/^image\/png#x2F;i', $mimeType)){
685
$imgType = 'png';
686
imagepng($canvas, $tempfile, floor($quality * 0.09));
687
} else if(preg_match('/^image\/gif#x2F;i', $mimeType)){
688
$imgType = 'gif';
689
- imagepng($canvas, $tempfile, floor($quality * 0.09));
690
} else {
691
return $this->sanityFail("Could not match mime type after verifying it previously.");
692
}
693
694
- if( OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
695
$exec = OPTIPNG_PATH;
696
$this->debug(3, "optipng'ing $tempfile");
697
$presize = filesize($tempfile);
@@ -706,7 +734,7 @@ class timthumb {
706
} else {
707
$this->debug(1, "optipng did not change image size.");
708
}
709
- } else if(PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
710
$exec = PNGCRUSH_PATH;
711
$tempfile2 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
712
$this->debug(3, "pngcrush'ing $tempfile to $tempfile2");
@@ -733,7 +761,7 @@ class timthumb {
733
$tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
734
$context = stream_context_create ();
735
$fp = fopen($tempfile,'r',0,$context);
736
- file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
737
file_put_contents($tempfile4, $fp, FILE_APPEND);
738
fclose($fp);
739
@unlink($tempfile);
@@ -757,23 +785,24 @@ class timthumb {
757
}
758
$this->debug(3, "Done image replace with security header. Cleaning up and running cleanCache()");
759
imagedestroy($canvas);
760
return true;
761
}
762
protected function calcDocRoot(){
763
$docRoot = @$_SERVER['DOCUMENT_ROOT'];
764
- if(!isset($docRoot)){
765
$this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
766
if(isset($_SERVER['SCRIPT_FILENAME'])){
767
$docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
768
$this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
769
- }
770
}
771
- if(!isset($docRoot)){
772
$this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
773
if(isset($_SERVER['PATH_TRANSLATED'])){
774
$docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
775
$this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
776
- }
777
}
778
if($docRoot){ $docRoot = preg_replace('/\/#x2F;', '', $docRoot); }
779
$this->debug(3, "Doc root is: " . $docRoot);
@@ -823,7 +852,7 @@ class timthumb {
823
if(file_exists($base . $src)){
824
$this->debug(3, "Found file as: " . $base . $src);
825
$real = realpath($base . $src);
826
- if(strpos($real, $realDocRoot) === 0){
827
return $real;
828
} else {
829
$this->debug(1, "Security block: The file specified occurs outside the document root.");
@@ -864,8 +893,8 @@ class timthumb {
864
return $this->error("Invalid URL supplied.");
865
}
866
$url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,\;\=]+/', '', $url); //RFC 3986
867
- //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
868
- // which AFAIKT can't be used for shell injection.
869
if(WEBSHOT_XVFB_RUNNING){
870
putenv('DISPLAY=:100.0');
871
$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
@@ -876,6 +905,7 @@ class timthumb {
876
$out = `$command`;
877
$this->debug(3, "Received output: $out");
878
if(! is_file($tempfile)){
879
return $this->error("The command to create a thumbnail failed.");
880
}
881
$this->cropTop = true;
@@ -961,6 +991,12 @@ class timthumb {
961
}
962
}
963
protected function sendImageHeaders($mimeType, $dataSize){
964
$gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT';
965
$gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT';
966
// send content headers then display image
@@ -991,9 +1027,7 @@ class timthumb {
991
}
992
protected function openImage($mimeType, $src){
993
switch ($mimeType) {
994
- case 'image/jpg':
995
- $image = imagecreatefromjpeg ($src);
996
- break;
997
case 'image/jpeg':
998
$image = imagecreatefromjpeg ($src);
999
break;
@@ -1013,7 +1047,7 @@ class timthumb {
1013
$rem = @$_SERVER["REMOTE_ADDR"];
1014
$ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1015
$ci = @$_SERVER["HTTP_CLIENT_IP"];
1016
- if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){
1017
if($ff){ return $ff; }
1018
if($ci){ return $ci; }
1019
return $rem;
@@ -1086,10 +1120,13 @@ class timthumb {
1086
curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1087
@curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1088
@curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1089
-
1090
$curlResult = curl_exec($curl);
1091
fclose(self::$curlFH);
1092
-
1093
if($curlResult){
1094
curl_close($curl);
1095
return true;
@@ -1101,7 +1138,16 @@ class timthumb {
1101
} else {
1102
$img = @file_get_contents ($url);
1103
if($img === false){
1104
- $this->lastURLError = error_get_last();
1105
return false;
1106
}
1107
if(! file_put_contents($tempfile, $img)){
@@ -1112,5 +1158,31 @@ class timthumb {
1112
}
1113
1114
}
1115
- }
1116
- ?>
3
* TimThumb by Ben Gillbanks and Mark Maunder
4
* Based on work done by Tim McDaniels and Darren Hoyt
5
* http://code.google.com/p/timthumb/
6
+ *
7
* GNU General Public License, version 2
8
* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9
*
13
14
/*
15
-----TimThumb CONFIGURATION-----
16
+ You can either edit the configuration variables manually here, or you can
17
create a file called timthumb-config.php and define variables you want
18
to customize in there. It will automatically be loaded by timthumb.
19
This will save you having to re-edit these variables everytime you download
20
a new version of timthumb.
21
22
*/
23
+ define ('VERSION', '2.8'); // Version of this script
24
//Load a config file if it exists. Otherwise, use the values below.
25
if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
26
if(! defined( 'DEBUG_ON' ) ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
30
31
//Image fetching and caching
32
if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33
+ if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34
if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35
+ if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36
if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
37
if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
38
if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
39
+ if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
40
if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
41
if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
42
//Browser caching
43
if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
44
if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
45
46
+ //Image size and defaults
47
if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
48
if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
49
+ if(! defined('NOT_FOUND_IMAGE') ) define ('NOT_FOUND_IMAGE', ''); //Image to serve if any 404 occurs
50
+ if(! defined('ERROR_IMAGE') ) define ('ERROR_IMAGE', ''); //Image to serve if an error occurs instead of showing error message
51
52
//Image compression is enabled if either of these point to valid paths
53
+
54
+ //These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate.
55
+ //They only work for PNGs. GIFs and JPEGs are not affected.
56
+ if(! defined('OPTIPNG_ENABLED') ) define ('OPTIPNG_ENABLED', false);
57
+ if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
58
+ if(! defined('PNGCRUSH_ENABLED') ) define ('PNGCRUSH_ENABLED', false);
59
if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
60
61
/*
62
-------====Website Screenshots configuration - BETA====-------
63
+
64
+ If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
65
+
66
If you would like to get website screenshots set up, you will need root access to your own server.
67
68
Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
81
9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
82
10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
83
84
+ Notes on performance:
85
The first time a webshot loads, it will take a few seconds.
86
From then on it uses the regular timthumb caching mechanism with the configurable options above
87
and loading will be very fast.
89
--ADVANCED USERS ONLY--
90
If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
91
nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
92
+ Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
93
You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
94
+ You will also need to take responsibility for server security if you're running Xvfb as root.
95
96
97
*/
98
if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
99
+ if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
100
if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
101
if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
102
if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
103
if(! defined('WEBSHOT_COLOR_DEPTH') ) define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
104
if(! defined('WEBSHOT_IMAGE_FORMAT') ) define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
105
+ if(! defined('WEBSHOT_TIMEOUT') ) define ('WEBSHOT_TIMEOUT', '20'); //Seconds to wait for a webshot
106
if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
107
if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
108
if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
109
if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
110
+ if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
111
if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
112
113
114
+ // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
115
if(! isset($ALLOWED_SITES)){
116
$ALLOWED_SITES = array (
117
'flickr.com',
132
133
class timthumb {
134
protected $src = "";
135
+ protected $is404 = false;
136
protected $docRoot = "";
137
protected $lastURLError = false;
138
protected $localImage = "";
185
}
186
}
187
$this->cacheDirectory = FILE_CACHE_DIRECTORY;
188
touch($this->cacheDirectory . '/index.html');
189
} else {
190
$this->cacheDirectory = sys_get_temp_dir();
191
}
192
+ //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
193
$this->cleanCache();
194
+
195
$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
196
$this->src = $this->param('src');
197
$this->url = parse_url($this->src);
200
return false;
201
}
202
if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
203
+ // base64 encoded red image that says 'no hotlinkers'
204
+ // nothing to worry about! :)
205
$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
206
header('Content-Type: image/gif');
207
header('Content-Length: ' . sizeof($imgData));
249
} else {
250
$this->localImage = $this->getLocalImagePath($this->src);
251
if(! $this->localImage){
252
+ $this->debug(1, "Could not find the local image: {$this->localImage}");
253
$this->error("Could not find the internal image you specified.");
254
+ $this->set404();
255
return false;
256
}
257
$this->debug(1, "Local image path is {$this->localImage}");
287
} else {
288
$this->debug(3, "webshot is NOT set so we're going to try to fetch a regular image.");
289
$this->serveExternalImage();
290
+
291
}
292
} else {
293
$this->debug(3, "Got request for internal image. Starting serveInternalImage()");
296
return true;
297
}
298
protected function handleErrors(){
299
+ if($this->haveErrors()){
300
+ if(NOT_FOUND_IMAGE && $this->is404()){
301
+ if($this->serveImg(NOT_FOUND_IMAGE)){
302
+ exit(0);
303
+ } else {
304
+ $this->error("Additionally, the 404 image that is configured could not be found or there was an error serving it.");
305
+ }
306
+ }
307
+ if(ERROR_IMAGE){
308
+ if($this->serveImg(ERROR_IMAGE)){
309
+ exit(0);
310
+ } else {
311
+ $this->error("Additionally, the error image that is configured could not be found or there was an error serving it.");
312
+ }
313
+ }
314
+
315
+ $this->serveErrors();
316
+ exit(0);
317
}
318
return false;
319
}
369
return false; //to indicate we didn't serve from cache and app should try and load
370
} else {
371
$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
372
+ $this->set404();
373
$this->error("An error occured fetching image.");
374
+ return false;
375
}
376
}
377
} else {
430
if($this->processImageAndWriteToCache($this->localImage)){
431
$this->serveCacheFile();
432
return true;
433
+ } else {
434
return false;
435
}
436
}
437
protected function cleanCache(){
438
$this->debug(3, "cleanCache() called");
439
$lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
440
+
441
//If this is a new timthumb installation we need to create the file
442
if(! is_file($lastCleanFile)){
443
$this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
700
701
}
702
//Straight from Wordpress core code. Reduces filesize by up to 70% for PNG's
703
+ if ( (IMAGETYPE_PNG == $origType || IMAGETYPE_GIF == $origType) && function_exists('imageistruecolor') && !imageistruecolor( $image ) && imagecolortransparent( $image ) > 0 ){
704
imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) );
705
}
706
707
$imgType = "";
708
$tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
709
+ if(preg_match('/^image\/(?:jpg|jpeg)#x2F;i', $mimeType)){
710
$imgType = 'jpg';
711
+ imagejpeg($canvas, $tempfile, $quality);
712
+ } else if(preg_match('/^image\/png#x2F;i', $mimeType)){
713
$imgType = 'png';
714
imagepng($canvas, $tempfile, floor($quality * 0.09));
715
} else if(preg_match('/^image\/gif#x2F;i', $mimeType)){
716
$imgType = 'gif';
717
+ imagegif($canvas, $tempfile);
718
} else {
719
return $this->sanityFail("Could not match mime type after verifying it previously.");
720
}
721
722
+ if($imgType == 'png' && OPTIPNG_ENABLED && OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
723
$exec = OPTIPNG_PATH;
724
$this->debug(3, "optipng'ing $tempfile");
725
$presize = filesize($tempfile);
734
} else {
735
$this->debug(1, "optipng did not change image size.");
736
}
737
+ } else if($imgType == 'png' && PNGCRUSH_ENABLED && PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
738
$exec = PNGCRUSH_PATH;
739
$tempfile2 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
740
$this->debug(3, "pngcrush'ing $tempfile to $tempfile2");
761
$tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
762
$context = stream_context_create ();
763
$fp = fopen($tempfile,'r',0,$context);
764
+ file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
765
file_put_contents($tempfile4, $fp, FILE_APPEND);
766
fclose($fp);
767
@unlink($tempfile);
785
}
786
$this->debug(3, "Done image replace with security header. Cleaning up and running cleanCache()");
787
imagedestroy($canvas);
788
+ imagedestroy($image);
789
return true;
790
}
791
protected function calcDocRoot(){
792
$docRoot = @$_SERVER['DOCUMENT_ROOT'];
793
+ if(!isset($docRoot)){
794
$this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
795
if(isset($_SERVER['SCRIPT_FILENAME'])){
796
$docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
797
$this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
798
+ }
799
}
800
+ if(!isset($docRoot)){
801
$this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
802
if(isset($_SERVER['PATH_TRANSLATED'])){
803
$docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
804
$this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
805
+ }
806
}
807
if($docRoot){ $docRoot = preg_replace('/\/#x2F;', '', $docRoot); }
808
$this->debug(3, "Doc root is: " . $docRoot);
852
if(file_exists($base . $src)){
853
$this->debug(3, "Found file as: " . $base . $src);
854
$real = realpath($base . $src);
855
+ if(strpos($real, $realDocRoot) === 0){
856
return $real;
857
} else {
858
$this->debug(1, "Security block: The file specified occurs outside the document root.");
893
return $this->error("Invalid URL supplied.");
894
}
895
$url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,\;\=]+/', '', $url); //RFC 3986
896
+ //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
897
+ // which AFAIKT can't be used for shell injection.
898
if(WEBSHOT_XVFB_RUNNING){
899
putenv('DISPLAY=:100.0');
900
$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
905
$out = `$command`;
906
$this->debug(3, "Received output: $out");
907
if(! is_file($tempfile)){
908
+ $this->set404();
909
return $this->error("The command to create a thumbnail failed.");
910
}
911
$this->cropTop = true;
991
}
992
}
993
protected function sendImageHeaders($mimeType, $dataSize){
994
+ if(! preg_match('/^image\//i', $mimeType)){
995
+ $mimeType = 'image/' . $mimeType;
996
+ }
997
+ if(strtolower($mimeType) == 'image/jpg'){
998
+ $mimeType = 'image/jpeg';
999
+ }
1000
$gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT';
1001
$gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT';
1002
// send content headers then display image
1027
}
1028
protected function openImage($mimeType, $src){
1029
switch ($mimeType) {
1030
+ case 'image/jpg': //This isn't a valid mime type so we should probably remove it
1031
case 'image/jpeg':
1032
$image = imagecreatefromjpeg ($src);
1033
break;
1047
$rem = @$_SERVER["REMOTE_ADDR"];
1048
$ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1049
$ci = @$_SERVER["HTTP_CLIENT_IP"];
1050
+ if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){
1051
if($ff){ return $ff; }
1052
if($ci){ return $ci; }
1053
return $rem;
1120
curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1121
@curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1122
@curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1123
+
1124
$curlResult = curl_exec($curl);
1125
fclose(self::$curlFH);
1126
+ $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1127
+ if($httpStatus == 404){
1128
+ $this->set404();
1129
+ }
1130
if($curlResult){
1131
curl_close($curl);
1132
return true;
1138
} else {
1139
$img = @file_get_contents ($url);
1140
if($img === false){
1141
+ $err = error_get_last();
1142
+ if(is_array($err) && $err['message']){
1143
+ $this->lastURLError = $err['message'];
1144
+ } else {
1145
+ $this->lastURLError = $err;
1146
+ }
1147
+ if(preg_match('/404/', $this->lastURLError)){
1148
+ $this->set404();
1149
+ }
1150
+
1151
return false;
1152
}
1153
if(! file_put_contents($tempfile, $img)){
1158
}
1159
1160
}
1161
+ protected function serveImg($file){
1162
+ $s = getimagesize($file);
1163
+ if(! ($s && $s['mime'])){
1164
+ return false;
1165
+ }
1166
+ header ('Content-Type: ' . $s['mime']);
1167
+ header ('Content-Length: ' . filesize($file) );
1168
+ header ('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
1169
+ header ("Pragma: no-cache");
1170
+ $bytes = @readfile($file);
1171
+ if($bytes > 0){
1172
+ return true;
1173
+ }
1174
+ $content = @file_get_contents ($file);
1175
+ if ($content != FALSE){
1176
+ echo $content;
1177
+ return true;
1178
+ }
1179
+ return false;
1180
+
1181
+ }
1182
+ protected function set404(){
1183
+ $this->is404 = true;
1184
+ }
1185
+ protected function is404(){
1186
+ return $this->is404;
1187
+ }
1188
+ }
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: http://ilovecode.ru/donate/
4
Tags: shortcode, shortcodes, short code, shortcodes, tab, tabs, button, buttons, jquery, box, boxes, toggle, spoiler, column, columns, services, service, pullquote, list, lists, frame, images, image, links, fancy, fancy link, fancy links, fancy buttons, jquery tabs, accordeon, slider, nivo, nivo slider, plugin, admin, photoshop, gallery, bloginfo, list pages, sub pages, navigation, siblings pages, children pages, permalink, permalinks, feed, document, member, members, documents, jcarousel, rss
5
Requires at least: 3.0
6
Tested up to: 3.2.9
7
- Stable tag: 3.2.0
8
9
Provides support for multiple useful shortcodes
10
@@ -20,8 +20,7 @@ With this plugin you can easily create buttons, boxes, different sliders and muc
20
* Frequently updates
21
22
= New in this version =
23
- * New shortcode: tweets
24
- * New toolbar in insert shortcode popup window
25
26
= Got a bug? =
27
* Forum - http://wordpress.org/tags/shortcodes-ultimate?forum_id=10
4
Tags: shortcode, shortcodes, short code, shortcodes, tab, tabs, button, buttons, jquery, box, boxes, toggle, spoiler, column, columns, services, service, pullquote, list, lists, frame, images, image, links, fancy, fancy link, fancy links, fancy buttons, jquery tabs, accordeon, slider, nivo, nivo slider, plugin, admin, photoshop, gallery, bloginfo, list pages, sub pages, navigation, siblings pages, children pages, permalink, permalinks, feed, document, member, members, documents, jcarousel, rss
5
Requires at least: 3.0
6
Tested up to: 3.2.9
7
+ Stable tag: 3.2.1
8
9
Provides support for multiple useful shortcodes
10
20
* Frequently updates
21
22
= New in this version =
23
+ * New timthumb.php (secure version 2.8)
24
25
= Got a bug? =
26
* Forum - http://wordpress.org/tags/shortcodes-ultimate?forum_id=10
shortcodes-ultimate.php CHANGED
@@ -2,7 +2,7 @@
2
/*
3
Plugin Name: Shortcodes Ultimate
4
Plugin URI: http://ilovecode.ru/?p=122
5
- Version: 3.2.0
6
Author: Vladimir Anokhin
7
Author URI: http://ilovecode.ru/
8
Description: Provides support for many easy to use shortcodes
2
/*
3
Plugin Name: Shortcodes Ultimate
4
Plugin URI: http://ilovecode.ru/?p=122
5
+ Version: 3.2.1
6
Author: Vladimir Anokhin
7
Author URI: http://ilovecode.ru/
8
Description: Provides support for many easy to use shortcodes