Ultimate Posts Widget - Version 1.4.5

Version Description

Updates screenshot

Release Info

Developer	bostondv
Plugin	Ultimate Posts Widget
Version	1.4.5
Comparing to
See all releases

Version 1.4.5

Files changed (5) hide show

.gitignore +1 -0
readme.txt +85 -0
screenshot-1.png +0 -0
thumb.php +1234 -0
ultimate-posts-widget.php +505 -0

.gitignore ADDED Viewed

	@@ -0,0 +1 @@


1	+ cache

readme.txt ADDED Viewed

	@@ -0,0 +1,85 @@


1	+ === Ultimate Posts Widget ===
2	+ Contributors: bostondv
3	+ Donate link: http://www.pomelodesign.com/donate
4	+ Tags: widget, recent posts, custom post types, sticky posts, featured image, post thumbnail, excerpts, category
5	+ Requires at least: 3.0
6	+ Tested up to: 3.4
7	+ Stable tag: 1.4.5
8	+ License: GPL2
9	+ License URI: http://www.gnu.org/licenses/gpl-2.0.html
10	+
11	+ The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.
12	+
13	+ == Description ==
14	+
15	+ The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.
16	+
17	+ Options:
18	+
19	+ * Filter by categories
20	+ * Filter by current category
21	+ * Filter by custom post types
22	+ * Filter by sticky posts
23	+ * Select number of posts to display
24	+ * Display title
25	+ * Display publish date
26	+ * Display excerpt
27	+ * Display read more link
28	+ * Display featured image
29	+ * Display more button link
30	+ * Custom read more link text
31	+ * Custom excerpt length (in words)
32	+ * Custom featured image size
33	+ * Order by date, title, number of comments or random
34	+
35	+ For support please use [github issues](https://github.com/bostondv/ultimate-posts-widget/issues). Visit [our website](http://pomelodesign.com), follow [@pomelod](http://twitter.com/pomelod/) or like [on facebook](http://www.facebook.com/pomelodesign/) for updates.
36	+
37	+ == Frequently Asked Questions ==
38	+
39	+ Nothing right now.
40	+
41	+ == Screenshots ==
42	+
43	+ 1. Widget options
44	+
45	+ == Changelog ==
46	+
47	+ = 1.4.5 =
48	+
49	+ * Updates screenshot
50	+
51	+ = 1.4.4 =
52	+
53	+ * Fixes show_readmore function
54	+ * Adds more button link option
55	+
56	+ = 1.4 =
57	+
58	+ * Cleaner widget options
59	+ * Code refactoring and fixes
60	+ * Adds order by option
61	+
62	+ = 1.3 =
63	+
64	+ * Sticky posts only now optional
65	+
66	+ = 1.2 =
67	+
68	+ * Added post type filter option.
69	+ * Code cleanup.
70	+ * Better selection mechanism for categories.
71	+
72	+ = 1.1 =
73	+
74	+ * Added category filter option.
75	+
76	+ = 1.0 =
77	+
78	+ * First release.
79	+
80	+ == Installation ==
81	+
82	+ 1. Download and extract the zip archive
83	+ 2. Upload `ultimate-posts-widget` folder to `/wp-content/plugins/`
84	+ 3. Activate the plugin through the 'Plugins' menu in WordPress
85	+ 4. Add the widget to a sidebar and configure the options as desired

screenshot-1.png ADDED Viewed

Binary file

thumb.php ADDED Viewed

	@@ -0,0 +1,1234 @@


1	+ <?php
2	+ /**
3	+ * TimThumb by Ben Gillbanks and Mark Maunder
4	+ * Based on work done by Tim McDaniels and Darren Hoyt
5	+ * http://code.google.com/p/timthumb/
6	+ *
7	+ * GNU General Public License, version 2
8	+ * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9	+ *
10	+ * Examples and documentation available on the project homepage
11	+ * http://www.binarymoon.co.uk/projects/timthumb/
12	+ *
13	+ * $Rev$
14	+ */
15	+
16	+ /*
17	+ * --- TimThumb CONFIGURATION ---
18	+ * To edit the configs it is best to create a file called timthumb-config.php
19	+ * and define variables you want to customize in there. It will automatically be
20	+ * loaded by timthumb. This will save you having to re-edit these variables
21	+ * everytime you download a new version
22	+ */
23	+ define ('VERSION', '2.8.10'); // Version of this script
24	+ //Load a config file if it exists. Otherwise, use the values below
25	+ if( file_exists(dirname(__FILE__) . '/timthumb-config.php')) require_once('timthumb-config.php');
26	+ if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
27	+ if(! defined('DEBUG_LEVEL') ) define ('DEBUG_LEVEL', 1); // Debug level 1 is less noisy and 3 is the most noisy
28	+ if(! defined('MEMORY_LIMIT') ) define ('MEMORY_LIMIT', '30M'); // Set PHP memory limit
29	+ if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', false); // If the image or webshot is being loaded on an external site, display a red "No Hotlinking" gif.
30	+
31	+ //Image fetching and caching
32	+ if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33	+ if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34	+ if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35	+ if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36	+
37	+ if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
38	+ if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
39	+ if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the beg of all files in the cache directory so we can identify them
40	+ if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
41	+ if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
42	+ if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
43	+ if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
44	+
45	+ //Browser caching
46	+ if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
47	+ if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false); // Use for testing if you want to disable all browser caching
48	+
49	+ //Image size and defaults
50	+ if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
51	+ if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
52	+ if(! defined('NOT_FOUND_IMAGE') ) define ('NOT_FOUND_IMAGE', ''); // Image to serve if any 404 occurs
53	+ if(! defined('ERROR_IMAGE') ) define ('ERROR_IMAGE', ''); // Image to serve if an error occurs instead of showing error message
54	+ if(! defined('PNG_IS_TRANSPARENT') ) define ('PNG_IS_TRANSPARENT', FALSE); //42 Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour
55	+ if(! defined('DEFAULT_Q') ) define ('DEFAULT_Q', 90); // Default image quality. Allows overrid in timthumb-config.php
56	+ if(! defined('DEFAULT_ZC') ) define ('DEFAULT_ZC', 1); // Default zoom/crop setting. Allows overrid in timthumb-config.php
57	+ if(! defined('DEFAULT_F') ) define ('DEFAULT_F', ''); // Default image filters. Allows overrid in timthumb-config.php
58	+ if(! defined('DEFAULT_S') ) define ('DEFAULT_S', 0); // Default sharpen value. Allows overrid in timthumb-config.php
59	+ if(! defined('DEFAULT_CC') ) define ('DEFAULT_CC', 'ffffff'); // Default canvas colour. Allows overrid in timthumb-config.php
60	+
61	+
62	+ //Image compression is enabled if either of these point to valid paths
63	+
64	+ //These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate.
65	+ //They only work for PNGs. GIFs and JPEGs are not affected.
66	+ if(! defined('OPTIPNG_ENABLED') ) define ('OPTIPNG_ENABLED', false);
67	+ if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
68	+ if(! defined('PNGCRUSH_ENABLED') ) define ('PNGCRUSH_ENABLED', false);
69	+ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
70	+
71	+ /*
72	+ -------====Website Screenshots configuration - BETA====-------
73	+
74	+ If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
75	+
76	+ If you would like to get website screenshots set up, you will need root access to your own server.
77	+
78	+ Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
79	+ Enable BLOCK_EXTERNAL_LEECHERS so that your site doesn't generate thumbnails for the whole Internet.
80	+
81	+ Instructions to get website screenshots enabled on Ubuntu Linux:
82	+
83	+ 1. Install Xvfb with the following command: sudo apt-get install subversion libqt4-webkit libqt4-dev g++ xvfb
84	+ 2. Go to a directory where you can download some code
85	+ 3. Check-out the latest version of CutyCapt with the following command: svn co https://cutycapt.svn.sourceforge.net/svnroot/cutycapt
86	+ 4. Compile CutyCapt by doing: cd cutycapt/CutyCapt
87	+ 5. qmake
88	+ 6. make
89	+ 7. cp CutyCapt /usr/local/bin/
90	+ 8. Test it by running: xvfb-run --server-args="-screen 0, 1024x768x24" CutyCapt --url="http://markmaunder.com/" --out=test.png
91	+ 9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
92	+ 10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
93	+
94	+ Notes on performance:
95	+ The first time a webshot loads, it will take a few seconds.
96	+ From then on it uses the regular timthumb caching mechanism with the configurable options above
97	+ and loading will be very fast.
98	+
99	+ --ADVANCED USERS ONLY--
100	+ If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
101	+ nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
102	+ Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
103	+ You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
104	+ You will also need to take responsibility for server security if you're running Xvfb as root.
105	+
106	+
107	+ */
108	+ if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
109	+ if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
110	+ if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
111	+ if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
112	+ if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
113	+ if(! defined('WEBSHOT_COLOR_DEPTH') ) define ('WEBSHOT_COLOR_DEPTH', '24'); //I haven't tested anything besides 24
114	+ if(! defined('WEBSHOT_IMAGE_FORMAT') ) define ('WEBSHOT_IMAGE_FORMAT', 'png'); //png is about 2.5 times the size of jpg but is a LOT better quality
115	+ if(! defined('WEBSHOT_TIMEOUT') ) define ('WEBSHOT_TIMEOUT', '20'); //Seconds to wait for a webshot
116	+ if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.18) Gecko/20110614 Firefox/3.6.18"); //I hate to do this, but a non-browser robot user agent might not show what humans see. So we pretend to be Firefox
117	+ if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
118	+ if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
119	+ if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
120	+ if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
121	+ if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
122	+
123	+
124	+ // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
125	+ if(! isset($ALLOWED_SITES)){
126	+ $ALLOWED_SITES = array ();
127	+ }
128	+ // -------------------------------------------------------------
129	+ // -------------- STOP EDITING CONFIGURATION HERE --------------
130	+ // -------------------------------------------------------------
131	+
132	+ timthumb::start();
133	+
134	+ class timthumb {
135	+ protected $src = "";
136	+ protected $is404 = false;
137	+ protected $docRoot = "";
138	+ protected $lastURLError = false;
139	+ protected $localImage = "";
140	+ protected $localImageMTime = 0;
141	+ protected $url = false;
142	+ protected $myHost = "";
143	+ protected $isURL = false;
144	+ protected $cachefile = '';
145	+ protected $errors = array();
146	+ protected $toDeletes = array();
147	+ protected $cacheDirectory = '';
148	+ protected $startTime = 0;
149	+ protected $lastBenchTime = 0;
150	+ protected $cropTop = false;
151	+ protected $salt = "";
152	+ protected $fileCacheVersion = 1; //Generally if timthumb.php is modifed (upgraded) then the salt changes and all cache files are recreated. This is a backup mechanism to force regen.
153	+ protected $filePrependSecurityBlock = "<?php die('Execution denied!'); //"; //Designed to have three letter mime type, space, question mark and greater than symbol appended. 6 bytes total.
154	+ protected static $curlDataWritten = 0;
155	+ protected static $curlFH = false;
156	+ public static function start(){
157	+ $tim = new timthumb();
158	+ $tim->handleErrors();
159	+ $tim->securityChecks();
160	+ if($tim->tryBrowserCache()){
161	+ exit(0);
162	+ }
163	+ $tim->handleErrors();
164	+ if(FILE_CACHE_ENABLED && $tim->tryServerCache()){
165	+ exit(0);
166	+ }
167	+ $tim->handleErrors();
168	+ $tim->run();
169	+ $tim->handleErrors();
170	+ exit(0);
171	+ }
172	+ public function __construct(){
173	+ global $ALLOWED_SITES;
174	+ $this->startTime = microtime(true);
175	+ date_default_timezone_set('UTC');
176	+ $this->debug(1, "Starting new request from " . $this->getIP() . " to " . $_SERVER['REQUEST_URI']);
177	+ $this->calcDocRoot();
178	+ //On windows systems I'm assuming fileinode returns an empty string or a number that doesn't change. Check this.
179	+ $this->salt = @filemtime(__FILE__) . '-' . @fileinode(__FILE__);
180	+ $this->debug(3, "Salt is: " . $this->salt);
181	+ if(FILE_CACHE_DIRECTORY){
182	+ if(! is_dir(FILE_CACHE_DIRECTORY)){
183	+ @mkdir(FILE_CACHE_DIRECTORY);
184	+ if(! is_dir(FILE_CACHE_DIRECTORY)){
185	+ $this->error("Could not create the file cache directory.");
186	+ return false;
187	+ }
188	+ }
189	+ $this->cacheDirectory = FILE_CACHE_DIRECTORY;
190	+ if (!touch($this->cacheDirectory . '/index.html')) {
191	+ $this->error("Could not create the index.html file - to fix this create an empty file named index.html file in the cache directory.");
192	+ }
193	+ } else {
194	+ $this->cacheDirectory = sys_get_temp_dir();
195	+ }
196	+ //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
197	+ $this->cleanCache();
198	+
199	+ $this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
200	+ $this->src = $this->param('src');
201	+ $this->url = parse_url($this->src);
202	+ $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
203	+
204	+ if(strlen($this->src) <= 3){
205	+ $this->error("No image specified");
206	+ return false;
207	+ }
208	+ if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$\|\/)/i', $_SERVER['HTTP_REFERER']))){
209	+ // base64 encoded red image that says 'no hotlinkers'
210	+ // nothing to worry about! :)
211	+ $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
212	+ header('Content-Type: image/gif');
213	+ header('Content-Length: ' . sizeof($imgData));
214	+ header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
215	+ header("Pragma: no-cache");
216	+ header('Expires: ' . gmdate ('D, d M Y H:i:s', time()));
217	+ echo $imgData;
218	+ return false;
219	+ exit(0);
220	+ }
221	+ if(preg_match('/^https?:\/\/[^\/]+/i', $this->src)){
222	+ $this->debug(2, "Is a request for an external URL: " . $this->src);
223	+ $this->isURL = true;
224	+ } else {
225	+ $this->debug(2, "Is a request for an internal file: " . $this->src);
226	+ }
227	+ if($this->isURL && (! ALLOW_EXTERNAL)){
228	+ $this->error("You are not allowed to fetch images from an external website.");
229	+ return false;
230	+ }
231	+ if($this->isURL){
232	+ if(ALLOW_ALL_EXTERNAL_SITES){
233	+ $this->debug(2, "Fetching from all external sites is enabled.");
234	+ } else {
235	+ $this->debug(2, "Fetching only from selected external sites is enabled.");
236	+ $allowed = false;
237	+ foreach($ALLOWED_SITES as $site){
238	+ if ((strtolower(substr($this->url['host'],-strlen($site)-1)) === strtolower(".$site")) \|\| (strtolower($this->url['host'])===strtolower($site))) {
239	+ $this->debug(3, "URL hostname {$this->url['host']} matches $site so allowing.");
240	+ $allowed = true;
241	+ }
242	+ }
243	+ if(! $allowed){
244	+ return $this->error("You may not fetch images from that site. To enable this site in timthumb, you can either add it to \$ALLOWED_SITES and set ALLOW_EXTERNAL=true. Or you can set ALLOW_ALL_EXTERNAL_SITES=true, depending on your security needs.");
245	+ }
246	+ }
247	+ }
248	+
249	+ $cachePrefix = ($this->isURL ? '_ext_' : '_int_');
250	+ if($this->isURL){
251	+ $arr = explode('&', $_SERVER ['QUERY_STRING']);
252	+ asort($arr);
253	+ $this->cachefile = $this->cacheDirectory . '/' . FILE_CACHE_PREFIX . $cachePrefix . md5($this->salt . implode('', $arr) . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
254	+ } else {
255	+ $this->localImage = $this->getLocalImagePath($this->src);
256	+ if(! $this->localImage){
257	+ $this->debug(1, "Could not find the local image: {$this->localImage}");
258	+ $this->error("Could not find the internal image you specified.");
259	+ $this->set404();
260	+ return false;
261	+ }
262	+ $this->debug(1, "Local image path is {$this->localImage}");
263	+ $this->localImageMTime = @filemtime($this->localImage);
264	+ //We include the mtime of the local file in case in changes on disk.
265	+ $this->cachefile = $this->cacheDirectory . '/' . FILE_CACHE_PREFIX . $cachePrefix . md5($this->salt . $this->localImageMTime . $_SERVER ['QUERY_STRING'] . $this->fileCacheVersion) . FILE_CACHE_SUFFIX;
266	+ }
267	+ $this->debug(2, "Cache file is: " . $this->cachefile);
268	+
269	+ return true;
270	+ }
271	+ public function __destruct(){
272	+ foreach($this->toDeletes as $del){
273	+ $this->debug(2, "Deleting temp file $del");
274	+ @unlink($del);
275	+ }
276	+ }
277	+ public function run(){
278	+ if($this->isURL){
279	+ if(! ALLOW_EXTERNAL){
280	+ $this->debug(1, "Got a request for an external image but ALLOW_EXTERNAL is disabled so returning error msg.");
281	+ $this->error("You are not allowed to fetch images from an external website.");
282	+ return false;
283	+ }
284	+ $this->debug(3, "Got request for external image. Starting serveExternalImage.");
285	+ if($this->param('webshot')){
286	+ if(WEBSHOT_ENABLED){
287	+ $this->debug(3, "webshot param is set, so we're going to take a webshot.");
288	+ $this->serveWebshot();
289	+ } else {
290	+ $this->error("You added the webshot parameter but webshots are disabled on this server. You need to set WEBSHOT_ENABLED == true to enable webshots.");
291	+ }
292	+ } else {
293	+ $this->debug(3, "webshot is NOT set so we're going to try to fetch a regular image.");
294	+ $this->serveExternalImage();
295	+
296	+ }
297	+ } else {
298	+ $this->debug(3, "Got request for internal image. Starting serveInternalImage()");
299	+ $this->serveInternalImage();
300	+ }
301	+ return true;
302	+ }
303	+ protected function handleErrors(){
304	+ if($this->haveErrors()){
305	+ if(NOT_FOUND_IMAGE && $this->is404()){
306	+ if($this->serveImg(NOT_FOUND_IMAGE)){
307	+ exit(0);
308	+ } else {
309	+ $this->error("Additionally, the 404 image that is configured could not be found or there was an error serving it.");
310	+ }
311	+ }
312	+ if(ERROR_IMAGE){
313	+ if($this->serveImg(ERROR_IMAGE)){
314	+ exit(0);
315	+ } else {
316	+ $this->error("Additionally, the error image that is configured could not be found or there was an error serving it.");
317	+ }
318	+ }
319	+ $this->serveErrors();
320	+ exit(0);
321	+ }
322	+ return false;
323	+ }
324	+ protected function tryBrowserCache(){
325	+ if(BROWSER_CACHE_DISABLE){ $this->debug(3, "Browser caching is disabled"); return false; }
326	+ if(!empty($_SERVER['HTTP_IF_MODIFIED_SINCE']) ){
327	+ $this->debug(3, "Got a conditional get");
328	+ $mtime = false;
329	+ //We've already checked if the real file exists in the constructor
330	+ if(! is_file($this->cachefile)){
331	+ //If we don't have something cached, regenerate the cached image.
332	+ return false;
333	+ }
334	+ if($this->localImageMTime){
335	+ $mtime = $this->localImageMTime;
336	+ $this->debug(3, "Local real file's modification time is $mtime");
337	+ } else if(is_file($this->cachefile)){ //If it's not a local request then use the mtime of the cached file to determine the 304
338	+ $mtime = @filemtime($this->cachefile);
339	+ $this->debug(3, "Cached file's modification time is $mtime");
340	+ }
341	+ if(! $mtime){ return false; }
342	+
343	+ $iftime = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
344	+ $this->debug(3, "The conditional get's if-modified-since unixtime is $iftime");
345	+ if($iftime < 1){
346	+ $this->debug(3, "Got an invalid conditional get modified since time. Returning false.");
347	+ return false;
348	+ }
349	+ if($iftime < $mtime){ //Real file or cache file has been modified since last request, so force refetch.
350	+ $this->debug(3, "File has been modified since last fetch.");
351	+ return false;
352	+ } else { //Otherwise serve a 304
353	+ $this->debug(3, "File has not been modified since last get, so serving a 304.");
354	+ header ($_SERVER['SERVER_PROTOCOL'] . ' 304 Not Modified');
355	+ $this->debug(1, "Returning 304 not modified");
356	+ return true;
357	+ }
358	+ }
359	+ return false;
360	+ }
361	+ protected function tryServerCache(){
362	+ $this->debug(3, "Trying server cache");
363	+ if(file_exists($this->cachefile)){
364	+ $this->debug(3, "Cachefile {$this->cachefile} exists");
365	+ if($this->isURL){
366	+ $this->debug(3, "This is an external request, so checking if the cachefile is empty which means the request failed previously.");
367	+ if(filesize($this->cachefile) < 1){
368	+ $this->debug(3, "Found an empty cachefile indicating a failed earlier request. Checking how old it is.");
369	+ //Fetching error occured previously
370	+ if(time() - @filemtime($this->cachefile) > WAIT_BETWEEN_FETCH_ERRORS){
371	+ $this->debug(3, "File is older than " . WAIT_BETWEEN_FETCH_ERRORS . " seconds. Deleting and returning false so app can try and load file.");
372	+ @unlink($this->cachefile);
373	+ return false; //to indicate we didn't serve from cache and app should try and load
374	+ } else {
375	+ $this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
376	+ $this->set404();
377	+ $this->error("An error occured fetching image.");
378	+ return false;
379	+ }
380	+ }
381	+ } else {
382	+ $this->debug(3, "Trying to serve cachefile {$this->cachefile}");
383	+ }
384	+ if($this->serveCacheFile()){
385	+ $this->debug(3, "Succesfully served cachefile {$this->cachefile}");
386	+ return true;
387	+ } else {
388	+ $this->debug(3, "Failed to serve cachefile {$this->cachefile} - Deleting it from cache.");
389	+ //Image serving failed. We can't retry at this point, but lets remove it from cache so the next request recreates it
390	+ @unlink($this->cachefile);
391	+ return true;
392	+ }
393	+ }
394	+ }
395	+ protected function error($err){
396	+ $this->debug(3, "Adding error message: $err");
397	+ $this->errors[] = $err;
398	+ return false;
399	+
400	+ }
401	+ protected function haveErrors(){
402	+ if(sizeof($this->errors) > 0){
403	+ return true;
404	+ }
405	+ return false;
406	+ }
407	+ protected function serveErrors(){
408	+ header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
409	+ $html = '<ul>';
410	+ foreach($this->errors as $err){
411	+ $html .= '<li>' . htmlentities($err) . '</li>';
412	+ }
413	+ $html .= '</ul>';
414	+ echo '<h1>A TimThumb error has occured</h1>The following error(s) occured:<br />' . $html . '<br />';
415	+ echo '<br />Query String : ' . htmlentities ($_SERVER['QUERY_STRING']);
416	+ echo '<br />TimThumb version : ' . VERSION . '</pre>';
417	+ }
418	+ protected function serveInternalImage(){
419	+ $this->debug(3, "Local image path is $this->localImage");
420	+ if(! $this->localImage){
421	+ $this->sanityFail("localImage not set after verifying it earlier in the code.");
422	+ return false;
423	+ }
424	+ $fileSize = filesize($this->localImage);
425	+ if($fileSize > MAX_FILE_SIZE){
426	+ $this->error("The file you specified is greater than the maximum allowed file size.");
427	+ return false;
428	+ }
429	+ if($fileSize <= 0){
430	+ $this->error("The file you specified is <= 0 bytes.");
431	+ return false;
432	+ }
433	+ $this->debug(3, "Calling processImageAndWriteToCache() for local image.");
434	+ if($this->processImageAndWriteToCache($this->localImage)){
435	+ $this->serveCacheFile();
436	+ return true;
437	+ } else {
438	+ return false;
439	+ }
440	+ }
441	+ protected function cleanCache(){
442	+ if (FILE_CACHE_TIME_BETWEEN_CLEANS < 0) {
443	+ return;
444	+ }
445	+ $this->debug(3, "cleanCache() called");
446	+ $lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
447	+
448	+ //If this is a new timthumb installation we need to create the file
449	+ if(! is_file($lastCleanFile)){
450	+ $this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
451	+ if (!touch($lastCleanFile)) {
452	+ $this->error("Could not create cache clean timestamp file.");
453	+ }
454	+ return;
455	+ }
456	+ if(@filemtime($lastCleanFile) < (time() - FILE_CACHE_TIME_BETWEEN_CLEANS) ){ //Cache was last cleaned more than 1 day ago
457	+ $this->debug(1, "Cache was last cleaned more than " . FILE_CACHE_TIME_BETWEEN_CLEANS . " seconds ago. Cleaning now.");
458	+ // Very slight race condition here, but worst case we'll have 2 or 3 servers cleaning the cache simultaneously once a day.
459	+ if (!touch($lastCleanFile)) {
460	+ $this->error("Could not create cache clean timestamp file.");
461	+ }
462	+ $files = glob($this->cacheDirectory . '/*' . FILE_CACHE_SUFFIX);
463	+ if ($files) {
464	+ $timeAgo = time() - FILE_CACHE_MAX_FILE_AGE;
465	+ foreach($files as $file){
466	+ if(@filemtime($file) < $timeAgo){
467	+ $this->debug(3, "Deleting cache file $file older than max age: " . FILE_CACHE_MAX_FILE_AGE . " seconds");
468	+ @unlink($file);
469	+ }
470	+ }
471	+ }
472	+ return true;
473	+ } else {
474	+ $this->debug(3, "Cache was cleaned less than " . FILE_CACHE_TIME_BETWEEN_CLEANS . " seconds ago so no cleaning needed.");
475	+ }
476	+ return false;
477	+ }
478	+ protected function processImageAndWriteToCache($localImage){
479	+ $sData = getimagesize($localImage);
480	+ $origType = $sData[2];
481	+ $mimeType = $sData['mime'];
482	+
483	+ $this->debug(3, "Mime type of image is $mimeType");
484	+ if(! preg_match('/^image\/(?:gif\|jpg\|jpeg\|png)$/i', $mimeType)){
485	+ return $this->error("The image being resized is not a valid gif, jpg or png.");
486	+ }
487	+
488	+ if (!function_exists ('imagecreatetruecolor')) {
489	+ return $this->error('GD Library Error: imagecreatetruecolor does not exist - please contact your webhost and ask them to install the GD library');
490	+ }
491	+
492	+ if (function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) {
493	+ $imageFilters = array (
494	+ 1 => array (IMG_FILTER_NEGATE, 0),
495	+ 2 => array (IMG_FILTER_GRAYSCALE, 0),
496	+ 3 => array (IMG_FILTER_BRIGHTNESS, 1),
497	+ 4 => array (IMG_FILTER_CONTRAST, 1),
498	+ 5 => array (IMG_FILTER_COLORIZE, 4),
499	+ 6 => array (IMG_FILTER_EDGEDETECT, 0),
500	+ 7 => array (IMG_FILTER_EMBOSS, 0),
501	+ 8 => array (IMG_FILTER_GAUSSIAN_BLUR, 0),
502	+ 9 => array (IMG_FILTER_SELECTIVE_BLUR, 0),
503	+ 10 => array (IMG_FILTER_MEAN_REMOVAL, 0),
504	+ 11 => array (IMG_FILTER_SMOOTH, 0),
505	+ );
506	+ }
507	+
508	+ // get standard input properties
509	+ $new_width = (int) abs ($this->param('w', 0));
510	+ $new_height = (int) abs ($this->param('h', 0));
511	+ $zoom_crop = (int) $this->param('zc', DEFAULT_ZC);
512	+ $quality = (int) abs ($this->param('q', DEFAULT_Q));
513	+ $align = $this->cropTop ? 't' : $this->param('a', 'c');
514	+ $filters = $this->param('f', DEFAULT_F);
515	+ $sharpen = (bool) $this->param('s', DEFAULT_S);
516	+ $canvas_color = $this->param('cc', DEFAULT_CC);
517	+ $canvas_trans = (bool) $this->param('ct', '1');
518	+
519	+ // set default width and height if neither are set already
520	+ if ($new_width == 0 && $new_height == 0) {
521	+ $new_width = 100;
522	+ $new_height = 100;
523	+ }
524	+
525	+ // ensure size limits can not be abused
526	+ $new_width = min ($new_width, MAX_WIDTH);
527	+ $new_height = min ($new_height, MAX_HEIGHT);
528	+
529	+ // set memory limit to be able to have enough space to resize larger images
530	+ $this->setMemoryLimit();
531	+
532	+ // open the existing image
533	+ $image = $this->openImage ($mimeType, $localImage);
534	+ if ($image === false) {
535	+ return $this->error('Unable to open image.');
536	+ }
537	+
538	+ // Get original width and height
539	+ $width = imagesx ($image);
540	+ $height = imagesy ($image);
541	+ $origin_x = 0;
542	+ $origin_y = 0;
543	+
544	+ // generate new w/h if not provided
545	+ if ($new_width && !$new_height) {
546	+ $new_height = floor ($height * ($new_width / $width));
547	+ } else if ($new_height && !$new_width) {
548	+ $new_width = floor ($width * ($new_height / $height));
549	+ }
550	+
551	+ // scale down and add borders
552	+ if ($zoom_crop == 3) {
553	+
554	+ $final_height = $height * ($new_width / $width);
555	+
556	+ if ($final_height > $new_height) {
557	+ $new_width = $width * ($new_height / $height);
558	+ } else {
559	+ $new_height = $final_height;
560	+ }
561	+
562	+ }
563	+
564	+ // create a new true color image
565	+ $canvas = imagecreatetruecolor ($new_width, $new_height);
566	+ imagealphablending ($canvas, false);
567	+
568	+ if (strlen($canvas_color) == 3) { //if is 3-char notation, edit string into 6-char notation
569	+ $canvas_color = str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2);
570	+ } else if (strlen($canvas_color) != 6) {
571	+ $canvas_color = DEFAULT_CC; // on error return default canvas color
572	+ }
573	+
574	+ $canvas_color_R = hexdec (substr ($canvas_color, 0, 2));
575	+ $canvas_color_G = hexdec (substr ($canvas_color, 2, 2));
576	+ $canvas_color_B = hexdec (substr ($canvas_color, 4, 2));
577	+
578	+ // Create a new transparent color for image
579	+ // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency
580	+ // (and if is set a canvas color show it in the background)
581	+ if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){
582	+ $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);
583	+ }else{
584	+ $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 0);
585	+ }
586	+
587	+
588	+ // Completely fill the background of the new image with allocated color.
589	+ imagefill ($canvas, 0, 0, $color);
590	+
591	+ // scale down and add borders
592	+ if ($zoom_crop == 2) {
593	+
594	+ $final_height = $height * ($new_width / $width);
595	+
596	+ if ($final_height > $new_height) {
597	+
598	+ $origin_x = $new_width / 2;
599	+ $new_width = $width * ($new_height / $height);
600	+ $origin_x = round ($origin_x - ($new_width / 2));
601	+
602	+ } else {
603	+
604	+ $origin_y = $new_height / 2;
605	+ $new_height = $final_height;
606	+ $origin_y = round ($origin_y - ($new_height / 2));
607	+
608	+ }
609	+
610	+ }
611	+
612	+ // Restore transparency blending
613	+ imagesavealpha ($canvas, true);
614	+
615	+ if ($zoom_crop > 0) {
616	+
617	+ $src_x = $src_y = 0;
618	+ $src_w = $width;
619	+ $src_h = $height;
620	+
621	+ $cmp_x = $width / $new_width;
622	+ $cmp_y = $height / $new_height;
623	+
624	+ // calculate x or y coordinate and width or height of source
625	+ if ($cmp_x > $cmp_y) {
626	+
627	+ $src_w = round ($width / $cmp_x * $cmp_y);
628	+ $src_x = round (($width - ($width / $cmp_x * $cmp_y)) / 2);
629	+
630	+ } else if ($cmp_y > $cmp_x) {
631	+
632	+ $src_h = round ($height / $cmp_y * $cmp_x);
633	+ $src_y = round (($height - ($height / $cmp_y * $cmp_x)) / 2);
634	+
635	+ }
636	+
637	+ // positional cropping!
638	+ if ($align) {
639	+ if (strpos ($align, 't') !== false) {
640	+ $src_y = 0;
641	+ }
642	+ if (strpos ($align, 'b') !== false) {
643	+ $src_y = $height - $src_h;
644	+ }
645	+ if (strpos ($align, 'l') !== false) {
646	+ $src_x = 0;
647	+ }
648	+ if (strpos ($align, 'r') !== false) {
649	+ $src_x = $width - $src_w;
650	+ }
651	+ }
652	+
653	+ imagecopyresampled ($canvas, $image, $origin_x, $origin_y, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h);
654	+
655	+ } else {
656	+
657	+ // copy and resize part of an image with resampling
658	+ imagecopyresampled ($canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height);
659	+
660	+ }
661	+
662	+ if ($filters != '' && function_exists ('imagefilter') && defined ('IMG_FILTER_NEGATE')) {
663	+ // apply filters to image
664	+ $filterList = explode ('\|', $filters);
665	+ foreach ($filterList as $fl) {
666	+
667	+ $filterSettings = explode (',', $fl);
668	+ if (isset ($imageFilters[$filterSettings[0]])) {
669	+
670	+ for ($i = 0; $i < 4; $i ++) {
671	+ if (!isset ($filterSettings[$i])) {
672	+ $filterSettings[$i] = null;
673	+ } else {
674	+ $filterSettings[$i] = (int) $filterSettings[$i];
675	+ }
676	+ }
677	+
678	+ switch ($imageFilters[$filterSettings[0]][1]) {
679	+
680	+ case 1:
681	+
682	+ imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]);
683	+ break;
684	+
685	+ case 2:
686	+
687	+ imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]);
688	+ break;
689	+
690	+ case 3:
691	+
692	+ imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]);
693	+ break;
694	+
695	+ case 4:
696	+
697	+ imagefilter ($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3], $filterSettings[4]);
698	+ break;
699	+
700	+ default:
701	+
702	+ imagefilter ($canvas, $imageFilters[$filterSettings[0]][0]);
703	+ break;
704	+
705	+ }
706	+ }
707	+ }
708	+ }
709	+
710	+ // sharpen image
711	+ if ($sharpen && function_exists ('imageconvolution')) {
712	+
713	+ $sharpenMatrix = array (
714	+ array (-1,-1,-1),
715	+ array (-1,16,-1),
716	+ array (-1,-1,-1),
717	+ );
718	+
719	+ $divisor = 8;
720	+ $offset = 0;
721	+
722	+ imageconvolution ($canvas, $sharpenMatrix, $divisor, $offset);
723	+
724	+ }
725	+ //Straight from Wordpress core code. Reduces filesize by up to 70% for PNG's
726	+ if ( (IMAGETYPE_PNG == $origType \|\| IMAGETYPE_GIF == $origType) && function_exists('imageistruecolor') && !imageistruecolor( $image ) && imagecolortransparent( $image ) > 0 ){
727	+ imagetruecolortopalette( $canvas, false, imagecolorstotal( $image ) );
728	+ }
729	+
730	+ $imgType = "";
731	+ $tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
732	+ if(preg_match('/^image\/(?:jpg\|jpeg)$/i', $mimeType)){
733	+ $imgType = 'jpg';
734	+ imagejpeg($canvas, $tempfile, $quality);
735	+ } else if(preg_match('/^image\/png$/i', $mimeType)){
736	+ $imgType = 'png';
737	+ imagepng($canvas, $tempfile, floor($quality * 0.09));
738	+ } else if(preg_match('/^image\/gif$/i', $mimeType)){
739	+ $imgType = 'gif';
740	+ imagegif($canvas, $tempfile);
741	+ } else {
742	+ return $this->sanityFail("Could not match mime type after verifying it previously.");
743	+ }
744	+
745	+ if($imgType == 'png' && OPTIPNG_ENABLED && OPTIPNG_PATH && @is_file(OPTIPNG_PATH)){
746	+ $exec = OPTIPNG_PATH;
747	+ $this->debug(3, "optipng'ing $tempfile");
748	+ $presize = filesize($tempfile);
749	+ $out = `$exec -o1 $tempfile`; //you can use up to -o7 but it really slows things down
750	+ clearstatcache();
751	+ $aftersize = filesize($tempfile);
752	+ $sizeDrop = $presize - $aftersize;
753	+ if($sizeDrop > 0){
754	+ $this->debug(1, "optipng reduced size by $sizeDrop");
755	+ } else if($sizeDrop < 0){
756	+ $this->debug(1, "optipng increased size! Difference was: $sizeDrop");
757	+ } else {
758	+ $this->debug(1, "optipng did not change image size.");
759	+ }
760	+ } else if($imgType == 'png' && PNGCRUSH_ENABLED && PNGCRUSH_PATH && @is_file(PNGCRUSH_PATH)){
761	+ $exec = PNGCRUSH_PATH;
762	+ $tempfile2 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
763	+ $this->debug(3, "pngcrush'ing $tempfile to $tempfile2");
764	+ $out = `$exec $tempfile $tempfile2`;
765	+ $todel = "";
766	+ if(is_file($tempfile2)){
767	+ $sizeDrop = filesize($tempfile) - filesize($tempfile2);
768	+ if($sizeDrop > 0){
769	+ $this->debug(1, "pngcrush was succesful and gave a $sizeDrop byte size reduction");
770	+ $todel = $tempfile;
771	+ $tempfile = $tempfile2;
772	+ } else {
773	+ $this->debug(1, "pngcrush did not reduce file size. Difference was $sizeDrop bytes.");
774	+ $todel = $tempfile2;
775	+ }
776	+ } else {
777	+ $this->debug(3, "pngcrush failed with output: $out");
778	+ $todel = $tempfile2;
779	+ }
780	+ @unlink($todel);
781	+ }
782	+
783	+ $this->debug(3, "Rewriting image with security header.");
784	+ $tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
785	+ $context = stream_context_create ();
786	+ $fp = fopen($tempfile,'r',0,$context);
787	+ file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
788	+ file_put_contents($tempfile4, $fp, FILE_APPEND);
789	+ fclose($fp);
790	+ @unlink($tempfile);
791	+ $this->debug(3, "Locking and replacing cache file.");
792	+ $lockFile = $this->cachefile . '.lock';
793	+ $fh = fopen($lockFile, 'w');
794	+ if(! $fh){
795	+ return $this->error("Could not open the lockfile for writing an image.");
796	+ }
797	+ if(flock($fh, LOCK_EX)){
798	+ @unlink($this->cachefile); //rename generally overwrites, but doing this in case of platform specific quirks. File might not exist yet.
799	+ rename($tempfile4, $this->cachefile);
800	+ flock($fh, LOCK_UN);
801	+ fclose($fh);
802	+ @unlink($lockFile);
803	+ } else {
804	+ fclose($fh);
805	+ @unlink($lockFile);
806	+ @unlink($tempfile4);
807	+ return $this->error("Could not get a lock for writing.");
808	+ }
809	+ $this->debug(3, "Done image replace with security header. Cleaning up and running cleanCache()");
810	+ imagedestroy($canvas);
811	+ imagedestroy($image);
812	+ return true;
813	+ }
814	+ protected function calcDocRoot(){
815	+ $docRoot = @$_SERVER['DOCUMENT_ROOT'];
816	+ if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
817	+ $docRoot = LOCAL_FILE_BASE_DIRECTORY;
818	+ }
819	+ if(!isset($docRoot)){
820	+ $this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
821	+ if(isset($_SERVER['SCRIPT_FILENAME'])){
822	+ $docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
823	+ $this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
824	+ }
825	+ }
826	+ if(!isset($docRoot)){
827	+ $this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
828	+ if(isset($_SERVER['PATH_TRANSLATED'])){
829	+ $docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
830	+ $this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
831	+ }
832	+ }
833	+ if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
834	+ $this->debug(3, "Doc root is: " . $docRoot);
835	+ $this->docRoot = $docRoot;
836	+
837	+ }
838	+ protected function getLocalImagePath($src){
839	+ $src = ltrim($src, '/'); //strip off the leading '/'
840	+ if(! $this->docRoot){
841	+ $this->debug(3, "We have no document root set, so as a last resort, lets check if the image is in the current dir and serve that.");
842	+ //We don't support serving images outside the current dir if we don't have a doc root for security reasons.
843	+ $file = preg_replace('/^.*?([^\/\\\\]+)$/', '$1', $src); //strip off any path info and just leave the filename.
844	+ if(is_file($file)){
845	+ return $this->realpath($file);
846	+ }
847	+ return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons.");
848	+ } //Do not go past this point without docRoot set
849	+
850	+ //Try src under docRoot
851	+ if(file_exists ($this->docRoot . '/' . $src)) {
852	+ $this->debug(3, "Found file as " . $this->docRoot . '/' . $src);
853	+ $real = $this->realpath($this->docRoot . '/' . $src);
854	+ if(stripos($real, $this->docRoot) === 0){
855	+ return $real;
856	+ } else {
857	+ $this->debug(1, "Security block: The file specified occurs outside the document root.");
858	+ //allow search to continue
859	+ }
860	+ }
861	+ //Check absolute paths and then verify the real path is under doc root
862	+ $absolute = $this->realpath('/' . $src);
863	+ if($absolute && file_exists($absolute)){ //realpath does file_exists check, so can probably skip the exists check here
864	+ $this->debug(3, "Found absolute path: $absolute");
865	+ if(! $this->docRoot){ $this->sanityFail("docRoot not set when checking absolute path."); }
866	+ if(stripos($absolute, $this->docRoot) === 0){
867	+ return $absolute;
868	+ } else {
869	+ $this->debug(1, "Security block: The file specified occurs outside the document root.");
870	+ //and continue search
871	+ }
872	+ }
873	+
874	+ $base = $this->docRoot;
875	+
876	+ // account for Windows directory structure
877	+ if (strstr($_SERVER['SCRIPT_FILENAME'],':')) {
878	+ $sub_directories = explode('\\', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));
879	+ } else {
880	+ $sub_directories = explode('/', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));
881	+ }
882	+
883	+ foreach ($sub_directories as $sub){
884	+ $base .= $sub . '/';
885	+ $this->debug(3, "Trying file as: " . $base . $src);
886	+ if(file_exists($base . $src)){
887	+ $this->debug(3, "Found file as: " . $base . $src);
888	+ $real = $this->realpath($base . $src);
889	+ if(stripos($real, $this->realpath($this->docRoot)) === 0){
890	+ return $real;
891	+ } else {
892	+ $this->debug(1, "Security block: The file specified occurs outside the document root.");
893	+ //And continue search
894	+ }
895	+ }
896	+ }
897	+ return false;
898	+ }
899	+ protected function realpath($path){
900	+ //try to remove any relative paths
901	+ $remove_relatives = '/\w+\/\.\.\//';
902	+ while(preg_match($remove_relatives,$path)){
903	+ $path = preg_replace($remove_relatives, '', $path);
904	+ }
905	+ //if any remain use PHP realpath to strip them out, otherwise return $path
906	+ //if using realpath, any symlinks will also be resolved
907	+ return preg_match('#^\.\./\|/\.\./#', $path) ? realpath($path) : $path;
908	+ }
909	+ protected function toDelete($name){
910	+ $this->debug(3, "Scheduling file $name to delete on destruct.");
911	+ $this->toDeletes[] = $name;
912	+ }
913	+ protected function serveWebshot(){
914	+ $this->debug(3, "Starting serveWebshot");
915	+ $instr = "Please follow the instructions at http://code.google.com/p/timthumb/ to set your server up for taking website screenshots.";
916	+ if(! is_file(WEBSHOT_CUTYCAPT)){
917	+ return $this->error("CutyCapt is not installed. $instr");
918	+ }
919	+ if(! is_file(WEBSHOT_XVFB)){
920	+ return $this->Error("Xvfb is not installed. $instr");
921	+ }
922	+ $cuty = WEBSHOT_CUTYCAPT;
923	+ $xv = WEBSHOT_XVFB;
924	+ $screenX = WEBSHOT_SCREEN_X;
925	+ $screenY = WEBSHOT_SCREEN_Y;
926	+ $colDepth = WEBSHOT_COLOR_DEPTH;
927	+ $format = WEBSHOT_IMAGE_FORMAT;
928	+ $timeout = WEBSHOT_TIMEOUT * 1000;
929	+ $ua = WEBSHOT_USER_AGENT;
930	+ $jsOn = WEBSHOT_JAVASCRIPT_ON ? 'on' : 'off';
931	+ $javaOn = WEBSHOT_JAVA_ON ? 'on' : 'off';
932	+ $pluginsOn = WEBSHOT_PLUGINS_ON ? 'on' : 'off';
933	+ $proxy = WEBSHOT_PROXY ? ' --http-proxy=' . WEBSHOT_PROXY : '';
934	+ $tempfile = tempnam($this->cacheDirectory, 'timthumb_webshot');
935	+ $url = $this->src;
936	+ if(! preg_match('/^https?:\/\/[a-zA-Z0-9\.\-]+/i', $url)){
937	+ return $this->error("Invalid URL supplied.");
938	+ }
939	+ $url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\*\+\,\;\=]+/', '', $url); //RFC 3986
940	+ //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
941	+ // which AFAIKT can't be used for shell injection.
942	+ if(WEBSHOT_XVFB_RUNNING){
943	+ putenv('DISPLAY=:100.0');
944	+ $command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
945	+ } else {
946	+ $command = "$xv --server-args=\"-screen 0, {$screenX}x{$screenY}x{$colDepth}\" $cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
947	+ }
948	+ $this->debug(3, "Executing command: $command");
949	+ $out = `$command`;
950	+ $this->debug(3, "Received output: $out");
951	+ if(! is_file($tempfile)){
952	+ $this->set404();
953	+ return $this->error("The command to create a thumbnail failed.");
954	+ }
955	+ $this->cropTop = true;
956	+ if($this->processImageAndWriteToCache($tempfile)){
957	+ $this->debug(3, "Image processed succesfully. Serving from cache");
958	+ return $this->serveCacheFile();
959	+ } else {
960	+ return false;
961	+ }
962	+ }
963	+ protected function serveExternalImage(){
964	+ if(! preg_match('/^https?:\/\/[a-zA-Z0-9\-\.]+/i', $this->src)){
965	+ $this->error("Invalid URL supplied.");
966	+ return false;
967	+ }
968	+ $tempfile = tempnam($this->cacheDirectory, 'timthumb');
969	+ $this->debug(3, "Fetching external image into temporary file $tempfile");
970	+ $this->toDelete($tempfile);
971	+ #fetch file here
972	+ if(! $this->getURL($this->src, $tempfile)){
973	+ @unlink($this->cachefile);
974	+ touch($this->cachefile);
975	+ $this->debug(3, "Error fetching URL: " . $this->lastURLError);
976	+ $this->error("Error reading the URL you specified from remote host." . $this->lastURLError);
977	+ return false;
978	+ }
979	+
980	+ $mimeType = $this->getMimeType($tempfile);
981	+ if(! preg_match("/^image\/(?:jpg\|jpeg\|gif\|png)$/i", $mimeType)){
982	+ $this->debug(3, "Remote file has invalid mime type: $mimeType");
983	+ @unlink($this->cachefile);
984	+ touch($this->cachefile);
985	+ $this->error("The remote file is not a valid image.");
986	+ return false;
987	+ }
988	+ if($this->processImageAndWriteToCache($tempfile)){
989	+ $this->debug(3, "Image processed succesfully. Serving from cache");
990	+ return $this->serveCacheFile();
991	+ } else {
992	+ return false;
993	+ }
994	+ }
995	+ public static function curlWrite($h, $d){
996	+ fwrite(self::$curlFH, $d);
997	+ self::$curlDataWritten += strlen($d);
998	+ if(self::$curlDataWritten > MAX_FILE_SIZE){
999	+ return 0;
1000	+ } else {
1001	+ return strlen($d);
1002	+ }
1003	+ }
1004	+ protected function serveCacheFile(){
1005	+ $this->debug(3, "Serving {$this->cachefile}");
1006	+ if(! is_file($this->cachefile)){
1007	+ $this->error("serveCacheFile called in timthumb but we couldn't find the cached file.");
1008	+ return false;
1009	+ }
1010	+ $fp = fopen($this->cachefile, 'rb');
1011	+ if(! $fp){ return $this->error("Could not open cachefile."); }
1012	+ fseek($fp, strlen($this->filePrependSecurityBlock), SEEK_SET);
1013	+ $imgType = fread($fp, 3);
1014	+ fseek($fp, 3, SEEK_CUR);
1015	+ if(ftell($fp) != strlen($this->filePrependSecurityBlock) + 6){
1016	+ @unlink($this->cachefile);
1017	+ return $this->error("The cached image file seems to be corrupt.");
1018	+ }
1019	+ $imageDataSize = filesize($this->cachefile) - (strlen($this->filePrependSecurityBlock) + 6);
1020	+ $this->sendImageHeaders($imgType, $imageDataSize);
1021	+ $bytesSent = @fpassthru($fp);
1022	+ fclose($fp);
1023	+ if($bytesSent > 0){
1024	+ return true;
1025	+ }
1026	+ $content = file_get_contents ($this->cachefile);
1027	+ if ($content != FALSE) {
1028	+ $content = substr($content, strlen($this->filePrependSecurityBlock) + 6);
1029	+ echo $content;
1030	+ $this->debug(3, "Served using file_get_contents and echo");
1031	+ return true;
1032	+ } else {
1033	+ $this->error("Cache file could not be loaded.");
1034	+ return false;
1035	+ }
1036	+ }
1037	+ protected function sendImageHeaders($mimeType, $dataSize){
1038	+ if(! preg_match('/^image\//i', $mimeType)){
1039	+ $mimeType = 'image/' . $mimeType;
1040	+ }
1041	+ if(strtolower($mimeType) == 'image/jpg'){
1042	+ $mimeType = 'image/jpeg';
1043	+ }
1044	+ $gmdate_expires = gmdate ('D, d M Y H:i:s', strtotime ('now +10 days')) . ' GMT';
1045	+ $gmdate_modified = gmdate ('D, d M Y H:i:s') . ' GMT';
1046	+ // send content headers then display image
1047	+ header ('Content-Type: ' . $mimeType);
1048	+ header ('Accept-Ranges: none'); //Changed this because we don't accept range requests
1049	+ header ('Last-Modified: ' . $gmdate_modified);
1050	+ header ('Content-Length: ' . $dataSize);
1051	+ if(BROWSER_CACHE_DISABLE){
1052	+ $this->debug(3, "Browser cache is disabled so setting non-caching headers.");
1053	+ header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
1054	+ header("Pragma: no-cache");
1055	+ header('Expires: ' . gmdate ('D, d M Y H:i:s', time()));
1056	+ } else {
1057	+ $this->debug(3, "Browser caching is enabled");
1058	+ header('Cache-Control: max-age=' . BROWSER_CACHE_MAX_AGE . ', must-revalidate');
1059	+ header('Expires: ' . $gmdate_expires);
1060	+ }
1061	+ return true;
1062	+ }
1063	+ protected function securityChecks(){
1064	+ }
1065	+ protected function param($property, $default = ''){
1066	+ if (isset ($_GET[$property])) {
1067	+ return $_GET[$property];
1068	+ } else {
1069	+ return $default;
1070	+ }
1071	+ }
1072	+ protected function openImage($mimeType, $src){
1073	+ switch ($mimeType) {
1074	+ case 'image/jpeg':
1075	+ $image = imagecreatefromjpeg ($src);
1076	+ break;
1077	+
1078	+ case 'image/png':
1079	+ $image = imagecreatefrompng ($src);
1080	+ break;
1081	+
1082	+ case 'image/gif':
1083	+ $image = imagecreatefromgif ($src);
1084	+ break;
1085	+
1086	+ default:
1087	+ $this->error("Unrecognised mimeType");
1088	+ }
1089	+
1090	+ return $image;
1091	+ }
1092	+ protected function getIP(){
1093	+ $rem = @$_SERVER["REMOTE_ADDR"];
1094	+ $ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1095	+ $ci = @$_SERVER["HTTP_CLIENT_IP"];
1096	+ if(preg_match('/^(?:192\.168\|172\.16\|10\.\|127\.)/', $rem)){
1097	+ if($ff){ return $ff; }
1098	+ if($ci){ return $ci; }
1099	+ return $rem;
1100	+ } else {
1101	+ if($rem){ return $rem; }
1102	+ if($ff){ return $ff; }
1103	+ if($ci){ return $ci; }
1104	+ return "UNKNOWN";
1105	+ }
1106	+ }
1107	+ protected function debug($level, $msg){
1108	+ if(DEBUG_ON && $level <= DEBUG_LEVEL){
1109	+ $execTime = sprintf('%.6f', microtime(true) - $this->startTime);
1110	+ $tick = sprintf('%.6f', 0);
1111	+ if($this->lastBenchTime > 0){
1112	+ $tick = sprintf('%.6f', microtime(true) - $this->lastBenchTime);
1113	+ }
1114	+ $this->lastBenchTime = microtime(true);
1115	+ error_log("TimThumb Debug line " . __LINE__ . " [$execTime : $tick]: $msg");
1116	+ }
1117	+ }
1118	+ protected function sanityFail($msg){
1119	+ return $this->error("There is a problem in the timthumb code. Message: Please report this error at <a href='http://code.google.com/p/timthumb/issues/list'>timthumb's bug tracking page</a>: $msg");
1120	+ }
1121	+ protected function getMimeType($file){
1122	+ $info = getimagesize($file);
1123	+ if(is_array($info) && $info['mime']){
1124	+ return $info['mime'];
1125	+ }
1126	+ return '';
1127	+ }
1128	+ protected function setMemoryLimit(){
1129	+ $inimem = ini_get('memory_limit');
1130	+ $inibytes = timthumb::returnBytes($inimem);
1131	+ $ourbytes = timthumb::returnBytes(MEMORY_LIMIT);
1132	+ if($inibytes < $ourbytes){
1133	+ ini_set ('memory_limit', MEMORY_LIMIT);
1134	+ $this->debug(3, "Increased memory from $inimem to " . MEMORY_LIMIT);
1135	+ } else {
1136	+ $this->debug(3, "Not adjusting memory size because the current setting is " . $inimem . " and our size of " . MEMORY_LIMIT . " is smaller.");
1137	+ }
1138	+ }
1139	+ protected static function returnBytes($size_str){
1140	+ switch (substr ($size_str, -1))
1141	+ {
1142	+ case 'M': case 'm': return (int)$size_str * 1048576;
1143	+ case 'K': case 'k': return (int)$size_str * 1024;
1144	+ case 'G': case 'g': return (int)$size_str * 1073741824;
1145	+ default: return $size_str;
1146	+ }
1147	+ }
1148	+ protected function getURL($url, $tempfile){
1149	+ $this->lastURLError = false;
1150	+ $url = preg_replace('/ /', '%20', $url);
1151	+ if(function_exists('curl_init')){
1152	+ $this->debug(3, "Curl is installed so using it to fetch URL.");
1153	+ self::$curlFH = fopen($tempfile, 'w');
1154	+ if(! self::$curlFH){
1155	+ $this->error("Could not open $tempfile for writing.");
1156	+ return false;
1157	+ }
1158	+ self::$curlDataWritten = 0;
1159	+ $this->debug(3, "Fetching url with curl: $url");
1160	+ $curl = curl_init($url);
1161	+ curl_setopt ($curl, CURLOPT_TIMEOUT, CURL_TIMEOUT);
1162	+ curl_setopt ($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30");
1163	+ curl_setopt ($curl, CURLOPT_RETURNTRANSFER, TRUE);
1164	+ curl_setopt ($curl, CURLOPT_HEADER, 0);
1165	+ curl_setopt ($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
1166	+ curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1167	+ @curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1168	+ @curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1169	+
1170	+ $curlResult = curl_exec($curl);
1171	+ fclose(self::$curlFH);
1172	+ $httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1173	+ if($httpStatus == 404){
1174	+ $this->set404();
1175	+ }
1176	+ if($curlResult){
1177	+ curl_close($curl);
1178	+ return true;
1179	+ } else {
1180	+ $this->lastURLError = curl_error($curl);
1181	+ curl_close($curl);
1182	+ return false;
1183	+ }
1184	+ } else {
1185	+ $img = @file_get_contents ($url);
1186	+ if($img === false){
1187	+ $err = error_get_last();
1188	+ if(is_array($err) && $err['message']){
1189	+ $this->lastURLError = $err['message'];
1190	+ } else {
1191	+ $this->lastURLError = $err;
1192	+ }
1193	+ if(preg_match('/404/', $this->lastURLError)){
1194	+ $this->set404();
1195	+ }
1196	+
1197	+ return false;
1198	+ }
1199	+ if(! file_put_contents($tempfile, $img)){
1200	+ $this->error("Could not write to $tempfile.");
1201	+ return false;
1202	+ }
1203	+ return true;
1204	+ }
1205	+
1206	+ }
1207	+ protected function serveImg($file){
1208	+ $s = getimagesize($file);
1209	+ if(! ($s && $s['mime'])){
1210	+ return false;
1211	+ }
1212	+ header ('Content-Type: ' . $s['mime']);
1213	+ header ('Content-Length: ' . filesize($file) );
1214	+ header ('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
1215	+ header ("Pragma: no-cache");
1216	+ $bytes = @readfile($file);
1217	+ if($bytes > 0){
1218	+ return true;
1219	+ }
1220	+ $content = @file_get_contents ($file);
1221	+ if ($content != FALSE){
1222	+ echo $content;
1223	+ return true;
1224	+ }
1225	+ return false;
1226	+
1227	+ }
1228	+ protected function set404(){
1229	+ $this->is404 = true;
1230	+ }
1231	+ protected function is404(){
1232	+ return $this->is404;
1233	+ }
1234	+ }

ultimate-posts-widget.php ADDED Viewed

	@@ -0,0 +1,505 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: Ultimate Posts Widget
4	+ Plugin URI: http://pomelodesign.com/ultimate-posts-widget
5	+ Description: The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.
6	+ Version: 1.4.5
7	+ Author: Pomelo Design
8	+ Author URI: http://pomelodesign.com
9	+ License: GPL2
10	+
11	+ This program is free software; you can redistribute it and/or modify
12	+ it under the terms of the GNU General Public License as published by
13	+ the Free Software Foundation; either version 2 of the License, or
14	+ (at your option) any later version.
15	+
16	+ This program is distributed in the hope that it will be useful,
17	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
18	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	+ GNU General Public License for more details.
20	+
21	+ You should have received a copy of the GNU General Public License
22	+ along with this program; if not, write to the Free Software
23	+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24	+ */
25	+
26	+ if ( !class_exists( 'WP_Widget_Ultimate_Posts' ) ) {
27	+
28	+ class WP_Widget_Ultimate_Posts extends WP_Widget {
29	+
30	+ function WP_Widget_Ultimate_Posts() {
31	+
32	+ $widget_ops = array( 'classname' => 'widget_ultimate_posts', 'description' => __( 'The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.' ) );
33	+ $this->WP_Widget( 'sticky-posts', __( 'Ultimate Posts' ), $widget_ops );
34	+ $this->alt_option_name = 'widget_ultimate_posts';
35	+
36	+ add_action( 'save_post', array( &$this, 'flush_widget_cache' ) );
37	+ add_action( 'deleted_post', array( &$this, 'flush_widget_cache' ) );
38	+ add_action( 'switch_theme', array( &$this, 'flush_widget_cache' ) );
39	+
40	+ }
41	+
42	+ function widget( $args, $instance ) {
43	+
44	+ if( !function_exists(get_image_path) ) {
45	+ function get_image_path($src) {
46	+ global $blog_id;
47	+ if(isset($blog_id) && $blog_id > 0) {
48	+ $imageParts = explode('/files/' , $src);
49	+ if(isset($imageParts[1])) {
50	+ $src = '/blogs.dir/' . $blog_id . '/files/' . $imageParts[1];
51	+ }
52	+ }
53	+ return $src;
54	+ }
55	+ }
56	+
57	+ $cache = wp_cache_get( 'widget_ultimate_posts', 'widget' );
58	+
59	+ if ( !is_array( $cache ) )
60	+ $cache = array();
61	+
62	+ if ( isset( $cache[$args['widget_id']] ) ) {
63	+ echo $cache[$args['widget_id']];
64	+ return;
65	+ }
66	+
67	+ ob_start();
68	+ extract( $args );
69	+
70	+ $title = apply_filters( 'widget_title', $instance['title'] );
71	+ $number = $instance['number'];
72	+ $cpt = $instance['types'];
73	+ if (!empty($cpt)) $types = explode(',', $cpt);
74	+ $categories = $instance['cats'];
75	+ if (!empty($categories)) $cats = explode(',', $categories);
76	+ $atcat = $instance['atcat'];
77	+ $thumb_w = $instance['thumb_w'];
78	+ $thumb_h = $instance['thumb_h'];
79	+ $excerpt_length = $instance['excerpt_length'];
80	+ $excerpt_readmore = $instance['excerpt_readmore'];
81	+ $sticky = $instance['sticky'];
82	+ $order = $instance['order'];
83	+
84	+ // If $atcat true and in category
85	+ if ($atcat && is_category()) {
86	+ $cats = get_query_var('cat');
87	+ }
88	+
89	+ // If $atcat true and is single post
90	+ if ($atcat && is_single()) {
91	+ $cats = '';
92	+ foreach (get_the_category() as $catt) {
93	+ $cats .= $catt->cat_ID.' ';
94	+ }
95	+ $cats = str_replace(" ", ",", trim($cats));
96	+ }
97	+
98	+ // If sticky
99	+ if ($sticky) {
100	+ $sticky_option = get_option( 'sticky_posts' );
101	+ }
102	+
103	+ //Excerpt more filter
104	+ $new_excerpt_more = create_function('$more', 'return "...";');
105	+ add_filter('excerpt_more', $new_excerpt_more);
106	+
107	+ // Excerpt length filter
108	+ $new_excerpt_length = create_function('$length', "return " . $excerpt_length . ";");
109	+ if ( $instance["excerpt_length"] > 0 ) add_filter('excerpt_length', $new_excerpt_length);
110	+
111	+ echo $before_widget;
112	+ if ( $title ) echo $before_title . $title . $after_title;
113	+
114	+ $args = array(
115	+ 'showposts' => $number,
116	+ 'orderby' => $order,
117	+ 'post__in' => $sticky_option,
118	+ 'category__in' => $cats,
119	+ 'post_type' => $types
120	+ );
121	+
122	+ $r = new WP_Query( $args );
123	+
124	+ if ( $r->have_posts() ) :
125	+
126	+ echo '<ul>';
127	+
128	+ while ( $r->have_posts() ) : $r->the_post(); ?>
129	+
130	+ <li>
131	+
132	+ <?php
133	+ if ( function_exists('the_post_thumbnail') &&
134	+ current_theme_supports("post-thumbnails") &&
135	+ $instance["show_thumbnail"] &&
136	+ has_post_thumbnail() ) :
137	+ $thumbnail = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID),'full');
138	+ $plugin_dir = 'ultimate-posts-widget';
139	+ ?>
140	+
141	+ <div class="upw-image">
142	+ <a href="<?php the_permalink(); ?>" title="<?php the_title_attribute(); ?>">
143	+ <img src="<?php echo WP_PLUGIN_URL . '/ultimate-posts-widget/thumb.php?src='. get_image_path($thumbnail[0]) .'&h='.$thumb_h.'&w='.$thumb_w.'&&zc=2'; ?>" alt="<?php the_title_attribute(); ?>" width="<?php echo $thumb_w; ?>" height="<?php echo $thumb_h; ?>" />
144	+ </a>
145	+ </div>
146	+
147	+ <?php endif; ?>
148	+
149	+ <div class="upw-content">
150	+
151	+ <?php if ( get_the_title() && $instance['show_title'] ) : ?>
152	+ <a class="post-title" href="<?php the_permalink(); ?>" title="<?php echo esc_attr( get_the_title() ? get_the_title() : get_the_ID() ); ?>">
153	+ <?php the_title(); ?>
154	+ </a>
155	+ <?php endif; ?>
156	+
157	+ <?php if ( $instance['show_date'] ) : ?>
158	+ <p class="post-date"><?php the_time("j M Y"); ?></p>
159	+ <?php endif; ?>
160	+
161	+ <?php if ( $instance['show_excerpt'] ) :
162	+ if ( $instance['show_readmore'] ) : $linkmore = ' <a href="'.get_permalink().'" class="more-link">'.$excerpt_readmore.'</a>'; else: $linkmore =''; endif; ?>
163	+ <p class="post-excerpt"><?php echo get_the_excerpt() . $linkmore; ?></p>
164	+ <?php endif; ?>
165	+
166	+ </div>
167	+
168	+ </li>
169	+
170	+ <?php
171	+ endwhile;
172	+ echo '</ul>';
173	+
174	+ if ( $instance['show_morebutton'] ) : ?>
175	+ <div class="upw-more">
176	+ <a href="<?php echo $instance['morebutton_url']; ?>" class="button"><?php echo $instance['morebutton_text']; ?></a>
177	+ </div>
178	+ <?php endif;
179	+
180	+ // Reset the global $the_post as this query will have stomped on it
181	+ wp_reset_postdata();
182	+
183	+ else :
184	+
185	+ echo __('No posts found.');
186	+
187	+ endif;
188	+
189	+ echo $after_widget;
190	+
191	+ $cache[$args['widget_id']] = ob_get_flush();
192	+ wp_cache_set( 'widget_ultimate_posts', $cache, 'widget' );
193	+ }
194	+
195	+ function update( $new_instance, $old_instance ) {
196	+ $instance = $old_instance;
197	+
198	+ //Let's turn that array into something the Wordpress database can store
199	+ $types = implode(',', (array)$new_instance['types']);
200	+ $cats = implode(',', (array)$new_instance['cats']);
201	+
202	+ $instance['title'] = strip_tags( $new_instance['title'] );
203	+ $instance['number'] = strip_tags( $new_instance['number'] );
204	+ $instance['types'] = $types;
205	+ $instance['cats'] = $cats;
206	+ $instance['atcat'] = strip_tags( $new_instance['atcat'] );
207	+ $instance['show_excerpt'] = strip_tags( $new_instance['show_excerpt'] );
208	+ $instance['show_thumbnail'] = strip_tags( $new_instance['show_thumbnail'] );
209	+ $instance['show_date'] = strip_tags( $new_instance['show_date'] );
210	+ $instance['show_title'] = strip_tags( $new_instance['show_title'] );
211	+ $instance['thumb_w'] = strip_tags( $new_instance['thumb_w'] );
212	+ $instance['thumb_h'] = strip_tags( $new_instance['thumb_h'] );
213	+ $instance['show_readmore'] = strip_tags( $new_instance['show_readmore'] );
214	+ $instance['excerpt_length'] = strip_tags( $new_instance['excerpt_length'] );
215	+ $instance['excerpt_readmore'] = strip_tags( $new_instance['excerpt_readmore'] );
216	+ $instance['sticky'] = strip_tags( $new_instance['sticky'] );
217	+ $instance['order'] = strip_tags( $new_instance['order'] );
218	+ $instance['show_morebutton'] = strip_tags( $new_instance['show_morebutton'] );
219	+ $instance['morebutton_url'] = strip_tags( $new_instance['morebutton_url'] );
220	+ $instance['morebutton_text'] = strip_tags( $new_instance['morebutton_text'] );
221	+
222	+
223	+ $this->flush_widget_cache();
224	+
225	+ $alloptions = wp_cache_get( 'alloptions', 'options' );
226	+ if ( isset( $alloptions['widget_ultimate_posts'] ) )
227	+ delete_option( 'widget_ultimate_posts' );
228	+
229	+ return $instance;
230	+
231	+ }
232	+
233	+ function flush_widget_cache() {
234	+
235	+ wp_cache_delete( 'widget_ultimate_posts', 'widget' );
236	+
237	+ }
238	+
239	+ function form( $instance ) {
240	+
241	+ // instance exist? if not set defaults
242	+ if ( $instance ) {
243	+ $title = $instance['title'];
244	+ $number = $instance['number'];
245	+ $types = $instance['types'];
246	+ $cats = $instance['cats'];
247	+ $thumb_w = $instance['thumb_w'];
248	+ $thumb_h = $instance['thumb_h'];
249	+ $excerpt_length = $instance['excerpt_length'];
250	+ $excerpt_readmore = $instance['excerpt_readmore'];
251	+ $order = $instance['order'];
252	+ $morebutton_text = $instance['morebutton_text'];
253	+ $morebutton_url = $instance['morebutton_url'];
254	+ } else {
255	+ //These are our defaults
256	+ $title = '';
257	+ $number = '5';
258	+ $types = 'post';
259	+ $cats = '';
260	+ $thumb_w = 100;
261	+ $thumb_h = 100;
262	+ $excerpt_length = 10;
263	+ $excerpt_readmore = 'Read more →';
264	+ $order = 'date';
265	+ $morebutton_text = 'View More Posts';
266	+ $morebutton_url = get_bloginfo('url');
267	+ }
268	+
269	+ //Let's turn $types and $cats into an array
270	+ $types = explode(',', $types);
271	+ $cats = explode(',', $cats);
272	+
273	+ //Count number of post types for select box sizing
274	+ $cpt_types = get_post_types( array( 'public' => true ), 'names' );
275	+ foreach ($cpt_types as $cpt ) {
276	+ $cpt_ar[] = $cpt;
277	+ }
278	+ $n = count($cpt_ar);
279	+ if($n > 10) { $n = 10; }
280	+
281	+ //Count number of categories for select box sizing
282	+ $cat_list = get_categories( 'hide_empty=0' );
283	+ foreach ($cat_list as $cat ) {
284	+ $cat_ar[] = $cat;
285	+ }
286	+ $c = count($cat_ar);
287	+ if($c > 10) { $c = 10; }
288	+
289	+ ?>
290	+
291	+ <p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:' ); ?></label>
292	+ <input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo $title; ?>" /></p>
293	+
294	+ <p><label for="<?php echo $this->get_field_id( 'number' ); ?>"><?php _e( 'Number of posts:' ); ?></label>
295	+ <input id="<?php echo $this->get_field_id( 'number' ); ?>" name="<?php echo $this->get_field_name( 'number' ); ?>" type="text" value="<?php echo $number; ?>" size="2" /></p>
296	+
297	+ <p>
298	+ <input class="checkbox" id="<?php echo $this->get_field_id( 'show_title' ); ?>" name="<?php echo $this->get_field_name( 'show_title' ); ?>" type="checkbox" <?php checked( (bool) $instance["show_title"], true ); ?> />
299	+ <label for="<?php echo $this->get_field_id( 'show_title' ); ?>"><?php _e( 'Show title' ); ?></label>
300	+ </p>
301	+
302	+ <p>
303	+ <input class="checkbox" id="<?php echo $this->get_field_id( 'show_date' ); ?>" name="<?php echo $this->get_field_name( 'show_date' ); ?>" type="checkbox" <?php checked( (bool) $instance["show_date"], true ); ?> />
304	+ <label for="<?php echo $this->get_field_id( 'show_date' ); ?>"><?php _e( 'Show date' ); ?></label>
305	+ </p>
306	+
307	+ <p>
308	+ <input class="checkbox" id="<?php echo $this->get_field_id( 'show_excerpt' ); ?>" name="<?php echo $this->get_field_name( 'show_excerpt' ); ?>" type="checkbox" <?php checked( (bool) $instance["show_excerpt"], true ); ?> />
309	+ <label for="<?php echo $this->get_field_id( 'show_excerpt' ); ?>"><?php _e( 'Show excerpt' ); ?></label>
310	+ </p>
311	+
312	+ <p>
313	+ <label for="<?php echo $this->get_field_id("excerpt_length"); ?>"><?php _e( 'Excerpt length (in words):' ); ?></label>
314	+ <input style="text-align: center;" type="text" id="<?php echo $this->get_field_id("excerpt_length"); ?>" name="<?php echo $this->get_field_name("excerpt_length"); ?>" value="<?php echo $excerpt_length; ?>" size="3" />
315	+ </p>
316	+
317	+ <p>
318	+ <label for="<?php echo $this->get_field_id('show_readmore'); ?>">
319	+ <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id("show_readmore"); ?>" name="<?php echo $this->get_field_name("show_readmore"); ?>"<?php checked( (bool) $instance["show_readmore"], true ); ?> />
320	+ <?php _e( 'Show read more link' ); ?>
321	+ </label>
322	+ </p>
323	+
324	+ <p class="<?php echo $this->get_field_id('excerpt_readmore'); ?>">
325	+ <label for="<?php echo $this->get_field_id('excerpt_readmore'); ?>"><?php _e( 'Read more text:' ); ?></label>
326	+ <input class="widefat" type="text" id="<?php echo $this->get_field_id('excerpt_readmore'); ?>" name="<?php echo $this->get_field_name("excerpt_readmore"); ?>" value="<?php echo $excerpt_readmore; ?>" />
327	+ </p>
328	+
329	+ <?php if ( function_exists('the_post_thumbnail') && current_theme_supports( 'post-thumbnails' ) ) : ?>
330	+
331	+ <p>
332	+ <input class="checkbox" id="<?php echo $this->get_field_id( 'show_thumbnail' ); ?>" name="<?php echo $this->get_field_name( 'show_thumbnail' ); ?>" type="checkbox" <?php checked( (bool) $instance["show_thumbnail"], true ); ?> />
333	+ <label for="<?php echo $this->get_field_id( 'show_thumbnail' ); ?>"><?php _e( 'Show thumbnail' ); ?></label>
334	+ </p>
335	+
336	+ <p>
337	+ <label><?php _e('Thumbnail size:'); ?></label>
338	+ <br />
339	+ <label for="<?php echo $this->get_field_id('thumb_w'); ?>">
340	+ W: <input class="widefat" style="width:40%;" type="text" id="<?php echo $this->get_field_id('thumb_w'); ?>" name="<?php echo $this->get_field_name('thumb_w'); ?>" value="<?php echo $thumb_w; ?>" />
341	+ </label>
342	+ <label for="<?php echo $this->get_field_id('thumb_h'); ?>">
343	+ H: <input class="widefat" style="width:40%;" type="text" id="<?php echo $this->get_field_id('thumb_h'); ?>" name="<?php echo $this->get_field_name('thumb_h'); ?>" value="<?php echo $thumb_h; ?>" />
344	+ </label>
345	+ </p>
346	+
347	+ <?php endif; ?>
348	+
349	+ <p>
350	+ <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('show_morebutton'); ?>" name="<?php echo $this->get_field_name('show_morebutton'); ?>" <?php checked( (bool) $instance['show_morebutton'], true ); ?> />
351	+ <label for="<?php echo $this->get_field_id('show_morebutton'); ?>"> <?php _e('Show more button'); ?></label>
352	+ </p>
353	+
354	+ <p class="<?php echo $this->get_field_id('morebutton_text'); ?>">
355	+ <label for="<?php echo $this->get_field_id('morebutton_text'); ?>"><?php _e( 'More button text:' ); ?></label>
356	+ <input class="widefat" type="text" id="<?php echo $this->get_field_id('morebutton_text'); ?>" name="<?php echo $this->get_field_name('morebutton_text'); ?>" value="<?php echo $morebutton_text; ?>" />
357	+ </p>
358	+
359	+ <p class="<?php echo $this->get_field_id('morebutton_url'); ?>">
360	+ <label for="<?php echo $this->get_field_id('morebutton_url'); ?>"><?php _e( 'More button URL:' ); ?></label>
361	+ <input class="widefat" type="text" id="<?php echo $this->get_field_id('morebutton_url'); ?>" name="<?php echo $this->get_field_name('morebutton_url'); ?>" value="<?php echo $morebutton_url; ?>" />
362	+ </p>
363	+
364	+ <p>
365	+ <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('sticky'); ?>" name="<?php echo $this->get_field_name('sticky'); ?>" <?php checked( (bool) $instance['sticky'], true ); ?> />
366	+ <label for="<?php echo $this->get_field_id('sticky'); ?>"> <?php _e('Show only sticky posts'); ?></label>
367	+ </p>
368	+
369	+ <p>
370	+ <input type="checkbox" class="checkbox" id="<?php echo $this->get_field_id('atcat'); ?>" name="<?php echo $this->get_field_name('atcat'); ?>" <?php checked( (bool) $instance['atcat'], true ); ?> />
371	+ <label for="<?php echo $this->get_field_id('atcat'); ?>"> <?php _e('Show posts only from current category');?></label>
372	+ </p>
373	+
374	+ <p>
375	+ <label for="<?php echo $this->get_field_id('cats'); ?>"><?php _e( 'Select categories:' ); ?></label>
376	+ <select name="<?php echo $this->get_field_name('cats'); ?>[]" id="<?php echo $this->get_field_id('cats'); ?>" class="widefat" style="height: auto;" size="<?php echo $c ?>" multiple>
377	+ <?php
378	+ $categories = get_categories( 'hide_empty=0' );
379	+ foreach ($categories as $category ) { ?>
380	+ <option value="<?php echo $category->term_id; ?>" <?php if( in_array($category->term_id, $cats)) { echo 'selected="selected"'; } ?>><?php echo $category->cat_name;?></option>
381	+ <?php } ?>
382	+ </select>
383	+ </p>
384	+
385	+ <p>
386	+ <label for="<?php echo $this->get_field_id('types'); ?>"><?php _e( 'Select post type(s):' ); ?></label>
387	+ <select name="<?php echo $this->get_field_name('types'); ?>[]" id="<?php echo $this->get_field_id('types'); ?>" class="widefat" style="height: auto;" size="<?php echo $n ?>" multiple>
388	+ <?php
389	+ $args = array( 'public' => true );
390	+ $post_types = get_post_types( $args, 'names' );
391	+ foreach ($post_types as $post_type ) { ?>
392	+ <option value="<?php echo $post_type; ?>" <?php if( in_array($post_type, $types)) { echo 'selected="selected"'; } ?>><?php echo $post_type;?></option>
393	+ <?php } ?>
394	+ </select>
395	+ </p>
396	+
397	+ <p>
398	+ <label for="<?php echo $this->get_field_id('order'); ?>"><?php _e( 'Order by:' ); ?></label>
399	+ <select name="<?php echo $this->get_field_name('order'); ?>" id="<?php echo $this->get_field_id('order'); ?>" class="widefat">
400	+ <option value="date" <?php if( $order == 'date') { echo 'selected="selected"'; } ?>><?php _e('Date'); ?></option>
401	+ <option value="title" <?php if( $order == 'title') { echo 'selected="selected"'; } ?>><?php _e('Title'); ?></option>
402	+ <option value="comment_count" <?php if( $order == 'comment_count') { echo 'selected="selected"'; } ?>><?php _e('Comments'); ?></option>
403	+ <option value="rand" <?php if( $order == 'rand') { echo 'selected="selected"'; } ?>><?php _e('Random'); ?></option>
404	+ </select>
405	+ </p>
406	+
407	+ <p class="credits"><small>Developed by <a href="http://pomelodesign.com">Pomelo Design</a></small></p>
408	+
409	+ <script>
410	+
411	+ jQuery(document).ready(function($){
412	+
413	+ var show_excerpt = $("#<?php echo $this->get_field_id( 'show_excerpt' ); ?>");
414	+ var show_readmore = $("#<?php echo $this->get_field_id( 'show_readmore' ); ?>");
415	+ var show_thumbnail = $("#<?php echo $this->get_field_id( 'show_thumbnail' ); ?>");
416	+ var excerpt_length = $("#<?php echo $this->get_field_id( 'excerpt_length' ); ?>").parents('p');
417	+ var excerpt_readmore = $("#<?php echo $this->get_field_id( 'excerpt_readmore' ); ?>").parents('p');
418	+ var thumb_w = $("#<?php echo $this->get_field_id( 'thumb_w' ); ?>").parents('p');
419	+ var show_morebutton = $("#<?php echo $this->get_field_id( 'show_morebutton' ); ?>");
420	+ var morebutton_text = $("#<?php echo $this->get_field_id( 'morebutton_text' ); ?>").parents('p');
421	+ var morebutton_url = $("#<?php echo $this->get_field_id( 'morebutton_url' ); ?>").parents('p');
422	+
423	+ <?php
424	+ // Use PHP to determine if not checked and hide if so
425	+ // jQuery method was acting up
426	+ if ( !$instance['show_excerpt'] ) {
427	+ echo 'excerpt_length.hide();';
428	+ }
429	+ if ( !$instance['show_readmore'] ) {
430	+ echo 'excerpt_readmore.hide();';
431	+ }
432	+ if ( !$instance['show_thumbnail'] ) {
433	+ echo 'thumb_w.hide();';
434	+ }
435	+ if ( !$instance['show_morebutton'] ) {
436	+ echo 'morebutton_text.hide();';
437	+ echo 'morebutton_url.hide();';
438	+ }
439	+ ?>
440	+
441	+ // Toggle excerpt length on click
442	+ show_excerpt.click(function(){
443	+
444	+ if ( $(this).is(":checked") ) {
445	+ excerpt_length.show("fast");
446	+ } else {
447	+ excerpt_length.hide("fast");
448	+ }
449	+
450	+ });
451	+
452	+ // Toggle excerpt length on click
453	+ show_readmore.click(function(){
454	+
455	+ if ( $(this).is(":checked") ) {
456	+ excerpt_readmore.show("fast");
457	+ } else {
458	+ excerpt_readmore.hide("fast");
459	+ }
460	+
461	+ });
462	+
463	+ // Toggle excerpt length on click
464	+ show_thumbnail.click(function(){
465	+
466	+ if ( $(this).is(":checked") ) {
467	+ thumb_w.show("fast");
468	+ } else {
469	+ thumb_w.hide("fast");
470	+ }
471	+
472	+ });
473	+
474	+ // Toggle more button on click
475	+ show_morebutton.click(function(){
476	+
477	+ if ( $(this).is(":checked") ) {
478	+ morebutton_text.show("fast");
479	+ morebutton_url.show("fast");
480	+ } else {
481	+ morebutton_text.hide("fast");
482	+ morebutton_url.hide("fast");
483	+ }
484	+
485	+ });
486	+
487	+ });
488	+
489	+ </script>
490	+
491	+ <?php
492	+
493	+ }
494	+
495	+ }
496	+
497	+ function init_WP_Widget_Ultimate_Posts() {
498	+
499	+ register_widget( 'WP_Widget_Ultimate_Posts' );
500	+
501	+ }
502	+
503	+ add_action( 'widgets_init', 'init_WP_Widget_Ultimate_Posts' );
504	+
505	+ }