Shortcodes Ultimate - Version 3.2.1

Version Description

Upgrade normally via your Wordpress admin -> Plugins panel.

Release Info

Developer	gn_themes
Plugin	Shortcodes Ultimate
Version	3.2.1
Comparing to
See all releases

Code changes from version 3.2.0 to 3.2.1

Files changed (3) hide show

lib/timthumb.php +123 -51
readme.txt +2 -3
shortcodes-ultimate.php +1 -1

lib/timthumb.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* TimThumb by Ben Gillbanks and Mark Maunder
4	* Based on work done by Tim McDaniels and Darren Hoyt
5	* http://code.google.com/p/timthumb/
6	- *
7	* GNU General Public License, version 2
8	* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9	*
	@@ -13,14 +13,14 @@
13
14	/*
15	-----TimThumb CONFIGURATION-----
16	- You can either edit the configuration variables manually here, or you can
17	create a file called timthumb-config.php and define variables you want
18	to customize in there. It will automatically be loaded by timthumb.
19	This will save you having to re-edit these variables everytime you download
20	a new version of timthumb.
21
22	*/
23	- define ('VERSION', '2.5'); // Version of this script
24	//Load a config file if it exists. Otherwise, use the values below.
25	if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
26	if(! defined( 'DEBUG_ON' ) ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
	@@ -30,32 +30,39 @@ if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', fa
30
31	//Image fetching and caching
32	if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33	- if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34	if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35	- if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36	if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
37	if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
38	if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
39	- if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
40	if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
41	if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
42	//Browser caching
43	if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
44	if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
45
46	- //Image size
47	if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
48	if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height


49
50	//Image compression is enabled if either of these point to valid paths
51	- ~~if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.~~





52	if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
53
54	/*
55	-------====Website Screenshots configuration - BETA====-------
56	-
57	- If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
58	-
59	If you would like to get website screenshots set up, you will need root access to your own server.
60
61	Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
	@@ -74,7 +81,7 @@ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush');
74	9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
75	10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
76
77	- Notes on performance:
78	The first time a webshot loads, it will take a few seconds.
79	From then on it uses the regular timthumb caching mechanism with the configurable options above
80	and loading will be very fast.
	@@ -82,29 +89,29 @@ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush');
82	--ADVANCED USERS ONLY--
83	If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
84	nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
85	- Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
86	You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
87	- You will also need to take responsibility for server security if you're running Xvfb as root.
88
89
90	*/
91	if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
92	- if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
93	if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
94	if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
95	if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
96	if(! defined('WEBSHOT_COLOR_DEPTH') ) define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
97	if(! defined('WEBSHOT_IMAGE_FORMAT') ) define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
98	- if(! defined('WEBSHOT_TIMEOUT') ) define ('WEBSHOT_TIMEOUT', '~~300~~'); //Seconds to wait for a webshot
99	if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
100	if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
101	if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
102	if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
103	- if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
104	if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
105
106
107	- // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
108	if(! isset($ALLOWED_SITES)){
109	$ALLOWED_SITES = array (
110	'flickr.com',
	@@ -125,6 +132,7 @@ timthumb::start();
125
126	class timthumb {
127	protected $src = "";

128	protected $docRoot = "";
129	protected $lastURLError = false;
130	protected $localImage = "";
	@@ -177,14 +185,13 @@ class timthumb {
177	}
178	}
179	$this->cacheDirectory = FILE_CACHE_DIRECTORY;
180	- touch($this->cacheDirectory . '/index.php');
181	touch($this->cacheDirectory . '/index.html');
182	} else {
183	$this->cacheDirectory = sys_get_temp_dir();
184	}
185	- //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
186	$this->cleanCache();
187	-
188	$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
189	$this->src = $this->param('src');
190	$this->url = parse_url($this->src);
	@@ -193,6 +200,8 @@ class timthumb {
193	return false;
194	}
195	if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$\|\/)/i', $_SERVER['HTTP_REFERER']))){


196	$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
197	header('Content-Type: image/gif');
198	header('Content-Length: ' . sizeof($imgData));
	@@ -240,7 +249,9 @@ class timthumb {
240	} else {
241	$this->localImage = $this->getLocalImagePath($this->src);
242	if(! $this->localImage){

243	$this->error("Could not find the internal image you specified.");

244	return false;
245	}
246	$this->debug(1, "Local image path is {$this->localImage}");
	@@ -276,6 +287,7 @@ class timthumb {
276	} else {
277	$this->debug(3, "webshot is NOT set so we're going to try to fetch a regular image.");
278	$this->serveExternalImage();

279	}
280	} else {
281	$this->debug(3, "Got request for internal image. Starting serveInternalImage()");
	@@ -284,9 +296,24 @@ class timthumb {
284	return true;
285	}
286	protected function handleErrors(){
287	- if($this->haveErrors()){
288	- $this->~~serveErrors~~();
289	- ~~exit~~(0);















290	}
291	return false;
292	}
	@@ -342,8 +369,9 @@ class timthumb {
342	return false; //to indicate we didn't serve from cache and app should try and load
343	} else {
344	$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");

345	$this->error("An error occured fetching image.");
346	- return false;
347	}
348	}
349	} else {
	@@ -402,14 +430,14 @@ class timthumb {
402	if($this->processImageAndWriteToCache($this->localImage)){
403	$this->serveCacheFile();
404	return true;
405	- } else {
406	return false;
407	}
408	}
409	protected function cleanCache(){
410	$this->debug(3, "cleanCache() called");
411	$lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
412	-
413	//If this is a new timthumb installation we need to create the file
414	if(! is_file($lastCleanFile)){
415	$this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
	@@ -672,26 +700,26 @@ class timthumb {
672
673	}
674	//Straight from Wordpress core code. Reduces filesize by up to 70% for PNG's
675	- if ( IMAGETYPE_PNG == $origType && function_exists('imageistruecolor') && !imageistruecolor( $image ) ){
676	imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) );
677	}
678
679	$imgType = "";
680	$tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
681	- if(preg_match('/^image\/(?:jpg\|jpeg)$/i', $mimeType)){
682	$imgType = 'jpg';
683	- imagejpeg($canvas, $tempfile, $quality);
684	- } else if(preg_match('/^image\/png$/i', $mimeType)){
685	$imgType = 'png';
686	imagepng($canvas, $tempfile, floor($quality * 0.09));
687	} else if(preg_match('/^image\/gif$/i', $mimeType)){
688	$imgType = 'gif';
689	- ~~imagepng~~($canvas, $tempfile~~, floor($quality * 0.09~~));
690	} else {
691	return $this->sanityFail("Could not match mime type after verifying it previously.");
692	}
693
694	- if( OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
695	$exec = OPTIPNG_PATH;
696	$this->debug(3, "optipng'ing $tempfile");
697	$presize = filesize($tempfile);
	@@ -706,7 +734,7 @@ class timthumb {
706	} else {
707	$this->debug(1, "optipng did not change image size.");
708	}
709	- } else if(PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
710	$exec = PNGCRUSH_PATH;
711	$tempfile2 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
712	$this->debug(3, "pngcrush'ing $tempfile to $tempfile2");
	@@ -733,7 +761,7 @@ class timthumb {
733	$tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
734	$context = stream_context_create ();
735	$fp = fopen($tempfile,'r',0,$context);
736	- file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
737	file_put_contents($tempfile4, $fp, FILE_APPEND);
738	fclose($fp);
739	@unlink($tempfile);
	@@ -757,23 +785,24 @@ class timthumb {
757	}
758	$this->debug(3, "Done image replace with security header. Cleaning up and running cleanCache()");
759	imagedestroy($canvas);

760	return true;
761	}
762	protected function calcDocRoot(){
763	$docRoot = @$_SERVER['DOCUMENT_ROOT'];
764	- if(!isset($docRoot)){
765	$this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
766	if(isset($_SERVER['SCRIPT_FILENAME'])){
767	$docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
768	$this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
769	- }
770	}
771	- if(!isset($docRoot)){
772	$this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
773	if(isset($_SERVER['PATH_TRANSLATED'])){
774	$docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
775	$this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
776	- }
777	}
778	if($docRoot){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
779	$this->debug(3, "Doc root is: " . $docRoot);
	@@ -823,7 +852,7 @@ class timthumb {
823	if(file_exists($base . $src)){
824	$this->debug(3, "Found file as: " . $base . $src);
825	$real = realpath($base . $src);
826	- if(strpos($real, $realDocRoot) === 0){
827	return $real;
828	} else {
829	$this->debug(1, "Security block: The file specified occurs outside the document root.");
	@@ -864,8 +893,8 @@ class timthumb {
864	return $this->error("Invalid URL supplied.");
865	}
866	$url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\*\+\,\;\=]+/', '', $url); //RFC 3986
867	- //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
868	- // which AFAIKT can't be used for shell injection.
869	if(WEBSHOT_XVFB_RUNNING){
870	putenv('DISPLAY=:100.0');
871	$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
	@@ -876,6 +905,7 @@ class timthumb {
876	$out = `$command`;
877	$this->debug(3, "Received output: $out");
878	if(! is_file($tempfile)){

879	return $this->error("The command to create a thumbnail failed.");
880	}
881	$this->cropTop = true;
	@@ -961,6 +991,12 @@ class timthumb {
961	}
962	}
963	protected function sendImageHeaders($mimeType, $dataSize){






964	$gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT';
965	$gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT';
966	// send content headers then display image
	@@ -991,9 +1027,7 @@ class timthumb {
991	}
992	protected function openImage($mimeType, $src){
993	switch ($mimeType) {
994	- case 'image/jpg':
995	- $image = imagecreatefromjpeg ($src);
996	- break;
997	case 'image/jpeg':
998	$image = imagecreatefromjpeg ($src);
999	break;
	@@ -1013,7 +1047,7 @@ class timthumb {
1013	$rem = @$_SERVER["REMOTE_ADDR"];
1014	$ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1015	$ci = @$_SERVER["HTTP_CLIENT_IP"];
1016	- if(preg_match('/^(?:192\.168\|172\.16\|10\.\|127\.)/', $rem)){
1017	if($ff){ return $ff; }
1018	if($ci){ return $ci; }
1019	return $rem;
	@@ -1086,10 +1120,13 @@ class timthumb {
1086	curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1087	@curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1088	@curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1089	-
1090	$curlResult = curl_exec($curl);
1091	fclose(self::$curlFH);
1092	-



1093	if($curlResult){
1094	curl_close($curl);
1095	return true;
	@@ -1101,7 +1138,16 @@ class timthumb {
1101	} else {
1102	$img = @file_get_contents ($url);
1103	if($img === false){
1104	- $~~this->lastURLError~~ = error_get_last();









1105	return false;
1106	}
1107	if(! file_put_contents($tempfile, $img)){
	@@ -1112,5 +1158,31 @@ class timthumb {
1112	}
1113
1114	}
1115	- }
1116	- ?>


3	* TimThumb by Ben Gillbanks and Mark Maunder
4	* Based on work done by Tim McDaniels and Darren Hoyt
5	* http://code.google.com/p/timthumb/
6	+ *
7	* GNU General Public License, version 2
8	* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9	*

13
14	/*
15	-----TimThumb CONFIGURATION-----
16	+ You can either edit the configuration variables manually here, or you can
17	create a file called timthumb-config.php and define variables you want
18	to customize in there. It will automatically be loaded by timthumb.
19	This will save you having to re-edit these variables everytime you download
20	a new version of timthumb.
21
22	*/
23	+ define ('VERSION', '2.8'); // Version of this script
24	//Load a config file if it exists. Otherwise, use the values below.
25	if( file_exists('timthumb-config.php')) require_once('timthumb-config.php');
26	if(! defined( 'DEBUG_ON' ) ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)

30
31	//Image fetching and caching
32	if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33	+ if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34	if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35	+ if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36	if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
37	if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
38	if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
39	+ if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
40	if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
41	if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
42	//Browser caching
43	if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
44	if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
45
46	+ //Image size and defaults
47	if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
48	if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
49	+ if(! defined('NOT_FOUND_IMAGE') ) define ('NOT_FOUND_IMAGE', ''); //Image to serve if any 404 occurs
50	+ if(! defined('ERROR_IMAGE') ) define ('ERROR_IMAGE', ''); //Image to serve if an error occurs instead of showing error message
51
52	//Image compression is enabled if either of these point to valid paths
53	+
54	+ //These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate.
55	+ //They only work for PNGs. GIFs and JPEGs are not affected.
56	+ if(! defined('OPTIPNG_ENABLED') ) define ('OPTIPNG_ENABLED', false);
57	+ if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
58	+ if(! defined('PNGCRUSH_ENABLED') ) define ('PNGCRUSH_ENABLED', false);
59	if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
60
61	/*
62	-------====Website Screenshots configuration - BETA====-------
63	+
64	+ If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
65	+
66	If you would like to get website screenshots set up, you will need root access to your own server.
67
68	Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.

81	9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
82	10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
83
84	+ Notes on performance:
85	The first time a webshot loads, it will take a few seconds.
86	From then on it uses the regular timthumb caching mechanism with the configurable options above
87	and loading will be very fast.

89	--ADVANCED USERS ONLY--
90	If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
91	nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
92	+ Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
93	You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
94	+ You will also need to take responsibility for server security if you're running Xvfb as root.
95
96
97	*/
98	if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
99	+ if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
100	if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
101	if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
102	if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
103	if(! defined('WEBSHOT_COLOR_DEPTH') ) define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
104	if(! defined('WEBSHOT_IMAGE_FORMAT') ) define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
105	+ if(! defined('WEBSHOT_TIMEOUT') ) define ('WEBSHOT_TIMEOUT', '20'); //Seconds to wait for a webshot
106	if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
107	if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
108	if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
109	if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
110	+ if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
111	if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
112
113
114	+ // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
115	if(! isset($ALLOWED_SITES)){
116	$ALLOWED_SITES = array (
117	'flickr.com',

132
133	class timthumb {
134	protected $src = "";
135	+ protected $is404 = false;
136	protected $docRoot = "";
137	protected $lastURLError = false;
138	protected $localImage = "";

185	}
186	}
187	$this->cacheDirectory = FILE_CACHE_DIRECTORY;

188	touch($this->cacheDirectory . '/index.html');
189	} else {
190	$this->cacheDirectory = sys_get_temp_dir();
191	}
192	+ //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
193	$this->cleanCache();
194	+
195	$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
196	$this->src = $this->param('src');
197	$this->url = parse_url($this->src);

200	return false;
201	}
202	if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$\|\/)/i', $_SERVER['HTTP_REFERER']))){
203	+ // base64 encoded red image that says 'no hotlinkers'
204	+ // nothing to worry about! :)
205	$imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
206	header('Content-Type: image/gif');
207	header('Content-Length: ' . sizeof($imgData));

249	} else {
250	$this->localImage = $this->getLocalImagePath($this->src);
251	if(! $this->localImage){
252	+ $this->debug(1, "Could not find the local image: {$this->localImage}");
253	$this->error("Could not find the internal image you specified.");
254	+ $this->set404();
255	return false;
256	}
257	$this->debug(1, "Local image path is {$this->localImage}");

287	} else {
288	$this->debug(3, "webshot is NOT set so we're going to try to fetch a regular image.");
289	$this->serveExternalImage();
290	+
291	}
292	} else {
293	$this->debug(3, "Got request for internal image. Starting serveInternalImage()");

296	return true;
297	}
298	protected function handleErrors(){
299	+ if($this->haveErrors()){
300	+ if(NOT_FOUND_IMAGE && $this->is404()){
301	+ if($this->serveImg(NOT_FOUND_IMAGE)){
302	+ exit(0);
303	+ } else {
304	+ $this->error("Additionally, the 404 image that is configured could not be found or there was an error serving it.");
305	+ }
306	+ }
307	+ if(ERROR_IMAGE){
308	+ if($this->serveImg(ERROR_IMAGE)){
309	+ exit(0);
310	+ } else {
311	+ $this->error("Additionally, the error image that is configured could not be found or there was an error serving it.");
312	+ }
313	+ }
314	+
315	+ $this->serveErrors();
316	+ exit(0);
317	}
318	return false;
319	}

369	return false; //to indicate we didn't serve from cache and app should try and load
370	} else {
371	$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
372	+ $this->set404();
373	$this->error("An error occured fetching image.");
374	+ return false;
375	}
376	}
377	} else {

430	if($this->processImageAndWriteToCache($this->localImage)){
431	$this->serveCacheFile();
432	return true;
433	+ } else {
434	return false;
435	}
436	}
437	protected function cleanCache(){
438	$this->debug(3, "cleanCache() called");
439	$lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
440	+
441	//If this is a new timthumb installation we need to create the file
442	if(! is_file($lastCleanFile)){
443	$this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");

700
701	}
702	//Straight from Wordpress core code. Reduces filesize by up to 70% for PNG's
703	+ if ( (IMAGETYPE_PNG == $origType \|\| IMAGETYPE_GIF == $origType) && function_exists('imageistruecolor') && !imageistruecolor( $image ) && imagecolortransparent( $image ) > 0 ){
704	imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) );
705	}
706
707	$imgType = "";
708	$tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
709	+ if(preg_match('/^image\/(?:jpg\|jpeg)$/i', $mimeType)){
710	$imgType = 'jpg';
711	+ imagejpeg($canvas, $tempfile, $quality);
712	+ } else if(preg_match('/^image\/png$/i', $mimeType)){
713	$imgType = 'png';
714	imagepng($canvas, $tempfile, floor($quality * 0.09));
715	} else if(preg_match('/^image\/gif$/i', $mimeType)){
716	$imgType = 'gif';
717	+ imagegif($canvas, $tempfile);
718	} else {
719	return $this->sanityFail("Could not match mime type after verifying it previously.");
720	}
721
722	+ if($imgType == 'png' && OPTIPNG_ENABLED && OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
723	$exec = OPTIPNG_PATH;
724	$this->debug(3, "optipng'ing $tempfile");
725	$presize = filesize($tempfile);

734	} else {
735	$this->debug(1, "optipng did not change image size.");
736	}
737	+ } else if($imgType == 'png' && PNGCRUSH_ENABLED && PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
738	$exec = PNGCRUSH_PATH;
739	$tempfile2 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
740	$this->debug(3, "pngcrush'ing $tempfile to $tempfile2");

761	$tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
762	$context = stream_context_create ();
763	$fp = fopen($tempfile,'r',0,$context);
764	+ file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
765	file_put_contents($tempfile4, $fp, FILE_APPEND);
766	fclose($fp);
767	@unlink($tempfile);

785	}
786	$this->debug(3, "Done image replace with security header. Cleaning up and running cleanCache()");
787	imagedestroy($canvas);
788	+ imagedestroy($image);
789	return true;
790	}
791	protected function calcDocRoot(){
792	$docRoot = @$_SERVER['DOCUMENT_ROOT'];
793	+ if(!isset($docRoot)){
794	$this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
795	if(isset($_SERVER['SCRIPT_FILENAME'])){
796	$docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
797	$this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
798	+ }
799	}
800	+ if(!isset($docRoot)){
801	$this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
802	if(isset($_SERVER['PATH_TRANSLATED'])){
803	$docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
804	$this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
805	+ }
806	}
807	if($docRoot){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
808	$this->debug(3, "Doc root is: " . $docRoot);

852	if(file_exists($base . $src)){
853	$this->debug(3, "Found file as: " . $base . $src);
854	$real = realpath($base . $src);
855	+ if(strpos($real, $realDocRoot) === 0){
856	return $real;
857	} else {
858	$this->debug(1, "Security block: The file specified occurs outside the document root.");

893	return $this->error("Invalid URL supplied.");
894	}
895	$url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\*\+\,\;\=]+/', '', $url); //RFC 3986
896	+ //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
897	+ // which AFAIKT can't be used for shell injection.
898	if(WEBSHOT_XVFB_RUNNING){
899	putenv('DISPLAY=:100.0');
900	$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";

905	$out = `$command`;
906	$this->debug(3, "Received output: $out");
907	if(! is_file($tempfile)){
908	+ $this->set404();
909	return $this->error("The command to create a thumbnail failed.");
910	}
911	$this->cropTop = true;

991	}
992	}
993	protected function sendImageHeaders($mimeType, $dataSize){
994	+ if(! preg_match('/^image\//i', $mimeType)){
995	+ $mimeType = 'image/' . $mimeType;
996	+ }
997	+ if(strtolower($mimeType) == 'image/jpg'){
998	+ $mimeType = 'image/jpeg';
999	+ }
1000	$gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT';
1001	$gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT';
1002	// send content headers then display image

1027	}
1028	protected function openImage($mimeType, $src){
1029	switch ($mimeType) {
1030	+ case 'image/jpg': //This isn't a valid mime type so we should probably remove it


1031	case 'image/jpeg':
1032	$image = imagecreatefromjpeg ($src);
1033	break;

1047	$rem = @$_SERVER["REMOTE_ADDR"];
1048	$ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1049	$ci = @$_SERVER["HTTP_CLIENT_IP"];
1050	+ if(preg_match('/^(?:192\.168\|172\.16\|10\.\|127\.)/', $rem)){
1051	if($ff){ return $ff; }
1052	if($ci){ return $ci; }
1053	return $rem;

1120	curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1121	@curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1122	@curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1123	+
1124	$curlResult = curl_exec($curl);
1125	fclose(self::$curlFH);
1126	+ $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1127	+ if($httpStatus == 404){
1128	+ $this->set404();
1129	+ }
1130	if($curlResult){
1131	curl_close($curl);
1132	return true;

1138	} else {
1139	$img = @file_get_contents ($url);
1140	if($img === false){
1141	+ $err = error_get_last();
1142	+ if(is_array($err) && $err['message']){
1143	+ $this->lastURLError = $err['message'];
1144	+ } else {
1145	+ $this->lastURLError = $err;
1146	+ }
1147	+ if(preg_match('/404/', $this->lastURLError)){
1148	+ $this->set404();
1149	+ }
1150	+
1151	return false;
1152	}
1153	if(! file_put_contents($tempfile, $img)){

1158	}
1159
1160	}
1161	+ protected function serveImg($file){
1162	+ $s = getimagesize($file);
1163	+ if(! ($s && $s['mime'])){
1164	+ return false;
1165	+ }
1166	+ header ('Content-Type: ' . $s['mime']);
1167	+ header ('Content-Length: ' . filesize($file) );
1168	+ header ('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
1169	+ header ("Pragma: no-cache");
1170	+ $bytes = @readfile($file);
1171	+ if($bytes > 0){
1172	+ return true;
1173	+ }
1174	+ $content = @file_get_contents ($file);
1175	+ if ($content != FALSE){
1176	+ echo $content;
1177	+ return true;
1178	+ }
1179	+ return false;
1180	+
1181	+ }
1182	+ protected function set404(){
1183	+ $this->is404 = true;
1184	+ }
1185	+ protected function is404(){
1186	+ return $this->is404;
1187	+ }
1188	+ }

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://ilovecode.ru/donate/
4	Tags: shortcode, shortcodes, short code, shortcodes, tab, tabs, button, buttons, jquery, box, boxes, toggle, spoiler, column, columns, services, service, pullquote, list, lists, frame, images, image, links, fancy, fancy link, fancy links, fancy buttons, jquery tabs, accordeon, slider, nivo, nivo slider, plugin, admin, photoshop, gallery, bloginfo, list pages, sub pages, navigation, siblings pages, children pages, permalink, permalinks, feed, document, member, members, documents, jcarousel, rss
5	Requires at least: 3.0
6	Tested up to: 3.2.9
7	- Stable tag: 3.2.0
8
9	Provides support for multiple useful shortcodes
10
	@@ -20,8 +20,7 @@ With this plugin you can easily create buttons, boxes, different sliders and muc
20	* Frequently updates
21
22	= New in this version =
23	- * New ~~shortcode:~~ ~~tweets~~
24	- * New toolbar in insert shortcode popup window
25
26	= Got a bug? =
27	* Forum - http://wordpress.org/tags/shortcodes-ultimate?forum_id=10


4	Tags: shortcode, shortcodes, short code, shortcodes, tab, tabs, button, buttons, jquery, box, boxes, toggle, spoiler, column, columns, services, service, pullquote, list, lists, frame, images, image, links, fancy, fancy link, fancy links, fancy buttons, jquery tabs, accordeon, slider, nivo, nivo slider, plugin, admin, photoshop, gallery, bloginfo, list pages, sub pages, navigation, siblings pages, children pages, permalink, permalinks, feed, document, member, members, documents, jcarousel, rss
5	Requires at least: 3.0
6	Tested up to: 3.2.9
7	+ Stable tag: 3.2.1
8
9	Provides support for multiple useful shortcodes
10

20	* Frequently updates
21
22	= New in this version =
23	+ * New timthumb.php (secure version 2.8)

24
25	= Got a bug? =
26	* Forum - http://wordpress.org/tags/shortcodes-ultimate?forum_id=10

shortcodes-ultimate.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2	/*
3	Plugin Name: Shortcodes Ultimate
4	Plugin URI: http://ilovecode.ru/?p=122
5	- Version: 3.2.0
6	Author: Vladimir Anokhin
7	Author URI: http://ilovecode.ru/
8	Description: Provides support for many easy to use shortcodes


2	/*
3	Plugin Name: Shortcodes Ultimate
4	Plugin URI: http://ilovecode.ru/?p=122
5	+ Version: 3.2.1
6	Author: Vladimir Anokhin
7	Author URI: http://ilovecode.ru/
8	Description: Provides support for many easy to use shortcodes