Ultimate Posts Widget - Version 1.5.1

Version Description

Upgrade timthumb to 2.8.11
Load "Large" size post thumbnails which should eliminate large image errors
Improved FAQ for thumbnail troubleshooting

Release Info

Developer	bostondv
Plugin	Ultimate Posts Widget
Version	1.5.1
Comparing to
See all releases

Code changes from version 1.5 to 1.5.1

Files changed (3) hide show

readme.txt +20 -2
thumb.php +61 -54
ultimate-posts-widget.php +3 -3

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://www.pomelodesign.com/donate
4	Tags: widget, recent posts, custom post types, sticky posts, featured image, post thumbnail, excerpts, category
5	Requires at least: 3.0
6	Tested up to: 3.5.1
7	- Stable tag: 1.5
8	License: GPL2
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -36,9 +36,21 @@ Options:
36
37	For support please use [wordpress.org](http://wordpress.org/support/plugin/ultimate-posts-widget). Visit [our website](http://pomelodesign.com), follow [@pomelod](http://twitter.com/pomelod/) or like [on facebook](http://www.facebook.com/pomelodesign/) for updates.
38


39	== Frequently Asked Questions ==
40
41	- ~~Nothing~~ ~~right~~ ~~now.~~










42
43	== Screenshots ==
44
	@@ -46,6 +58,12 @@ Nothing right now.
46
47	== Changelog ==
48






49	= 1.5 =
50
51	* Adds crop mode option


4	Tags: widget, recent posts, custom post types, sticky posts, featured image, post thumbnail, excerpts, category
5	Requires at least: 3.0
6	Tested up to: 3.5.1
7	+ Stable tag: 1.5.1
8	License: GPL2
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

36
37	For support please use [wordpress.org](http://wordpress.org/support/plugin/ultimate-posts-widget). Visit [our website](http://pomelodesign.com), follow [@pomelod](http://twitter.com/pomelod/) or like [on facebook](http://www.facebook.com/pomelodesign/) for updates.
38
39	+ Fork or contribute on [Github](https://github.com/bostondv/ultimate-posts-widget)
40	+
41	== Frequently Asked Questions ==
42
43	+ = Thumbnail images are not displaying =
44	+
45	+ This plugin uses the [TimThumb library](http://www.binarymoon.co.uk/projects/timthumb/) to resize post thumbnails. Please review these requirements and troubleshooting tips if you are having problems displaying thumbnails.
46	+
47	+ * JetPack plugin - There is a known conflict between JetPack's "Photon" component, please disable it for compatibility with TimThumb.
48	+ * Server requirements - PHP and the GD image library must be installed on your web server. Normally most web servers include them by default.
49	+ * Cache permissions - The cache directory `wp-content/plugins/ultimate-posts-widget/cache` should be set to 777 or if that doesn't work, you may find 755 is ok.
50	+ * Image sizes - TimThumb is configured to only work for images smaller than 1500 x 1500. The plugin and automatically selects the "Large" size from Settings > Media, if it is greater than 1500 x 1500 you will need to reduce the size or modify the configuration in `thumb.php` to support larger image sizes.
51	+ * Right click > view image - If an image isn't loading then this is the first thing you should do. 9 times out of 10 it will tell you what the problem is in an easy to read error message.
52	+
53	+ Still stuck? See [additional troubleshooting tips](http://www.binarymoon.co.uk/2010/11/timthumb-hints-tips/) from the TimThumb author.
54
55	== Screenshots ==
56

58
59	== Changelog ==
60
61	+ = 1.5.1 =
62	+
63	+ * Upgrade timthumb to 2.8.11
64	+ * Load "Large" size post thumbnails which should eliminate large image errors
65	+ * Improved FAQ for thumbnail troubleshooting
66	+
67	= 1.5 =
68
69	* Adds crop mode option

thumb.php CHANGED Viewed

	@@ -3,13 +3,13 @@
3	* TimThumb by Ben Gillbanks and Mark Maunder
4	* Based on work done by Tim McDaniels and Darren Hoyt
5	* http://code.google.com/p/timthumb/
6	- *
7	* GNU General Public License, version 2
8	* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9	*
10	* Examples and documentation available on the project homepage
11	* http://www.binarymoon.co.uk/projects/timthumb/
12	- *
13	* $Rev$
14	*/
15
	@@ -20,7 +20,7 @@
20	* loaded by timthumb. This will save you having to re-edit these variables
21	* everytime you download a new version
22	*/
23	- define ('VERSION', '2.8.10'); // Version of this script
24	//Load a config file if it exists. Otherwise, use the values below
25	if( file_exists(dirname(__FILE__) . '/timthumb-config.php')) require_once('timthumb-config.php');
26	if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)
	@@ -30,17 +30,17 @@ if(! defined('BLOCK_EXTERNAL_LEECHERS') ) define ('BLOCK_EXTERNAL_LEECHERS', fa
30
31	//Image fetching and caching
32	if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33	- if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34	if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35	- if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36
37	if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
38	if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
39	if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the beg of all files in the cache directory so we can identify them
40	if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
41	- if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
42	if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
43	- if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); //Time to wait between errors fetching remote file
44
45	//Browser caching
46	if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser
	@@ -49,9 +49,9 @@ if(! defined('BROWSER_CACHE_DISABLE') ) define ('BROWSER_CACHE_DISABLE', false)
49	//Image size and defaults
50	if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
51	if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
52	- if(! defined('NOT_FOUND_IMAGE') ) define ('NOT_FOUND_IMAGE', ''); // Image to serve if any 404 occurs
53	- if(! defined('ERROR_IMAGE') ) define ('ERROR_IMAGE', ''); // Image to serve if an error occurs instead of showing error message
54	- if(! defined('PNG_IS_TRANSPARENT') ) define ('PNG_IS_TRANSPARENT', FALSE); //42 Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour
55	if(! defined('DEFAULT_Q') ) define ('DEFAULT_Q', 90); // Default image quality. Allows overrid in timthumb-config.php
56	if(! defined('DEFAULT_ZC') ) define ('DEFAULT_ZC', 1); // Default zoom/crop setting. Allows overrid in timthumb-config.php
57	if(! defined('DEFAULT_F') ) define ('DEFAULT_F', ''); // Default image filters. Allows overrid in timthumb-config.php
	@@ -61,18 +61,18 @@ if(! defined('DEFAULT_CC') ) define ('DEFAULT_CC', 'ffffff'); // Default
61
62	//Image compression is enabled if either of these point to valid paths
63
64	- //These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate.
65	//They only work for PNGs. GIFs and JPEGs are not affected.
66	- if(! defined('OPTIPNG_ENABLED') ) define ('OPTIPNG_ENABLED', false);
67	- if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
68	- if(! defined('PNGCRUSH_ENABLED') ) define ('PNGCRUSH_ENABLED', false);
69	if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
70
71	/*
72	-------====Website Screenshots configuration - BETA====-------
73	-
74	- If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
75	-
76	If you would like to get website screenshots set up, you will need root access to your own server.
77
78	Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.
	@@ -91,7 +91,7 @@ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush');
91	9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
92	10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
93
94	- Notes on performance:
95	The first time a webshot loads, it will take a few seconds.
96	From then on it uses the regular timthumb caching mechanism with the configurable options above
97	and loading will be very fast.
	@@ -99,14 +99,14 @@ if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush');
99	--ADVANCED USERS ONLY--
100	If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
101	nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
102	- Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
103	You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
104	- You will also need to take responsibility for server security if you're running Xvfb as root.
105
106
107	*/
108	if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
109	- if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
110	if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
111	if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
112	if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok
	@@ -117,11 +117,11 @@ if(! defined('WEBSHOT_USER_AGENT') ) define ('WEBSHOT_USER_AGENT', "Mozilla/5.0
117	if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
118	if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
119	if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
120	- if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
121	if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
122
123
124	- // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
125	if(! isset($ALLOWED_SITES)){
126	$ALLOWED_SITES = array ();
127	}
	@@ -193,14 +193,14 @@ class timthumb {
193	} else {
194	$this->cacheDirectory = sys_get_temp_dir();
195	}
196	- //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
197	$this->cleanCache();
198	-
199	$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
200	$this->src = $this->param('src');
201	$this->url = parse_url($this->src);
202	$this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
203	-
204	if(strlen($this->src) <= 3){
205	$this->error("No image specified");
206	return false;
	@@ -301,7 +301,7 @@ class timthumb {
301	return true;
302	}
303	protected function handleErrors(){
304	- if($this->haveErrors()){
305	if(NOT_FOUND_IMAGE && $this->is404()){
306	if($this->serveImg(NOT_FOUND_IMAGE)){
307	exit(0);
	@@ -316,8 +316,8 @@ class timthumb {
316	$this->error("Additionally, the error image that is configured could not be found or there was an error serving it.");
317	}
318	}
319	- $this->serveErrors();
320	- exit(0);
321	}
322	return false;
323	}
	@@ -375,7 +375,7 @@ class timthumb {
375	$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
376	$this->set404();
377	$this->error("An error occured fetching image.");
378	- return false;
379	}
380	}
381	} else {
	@@ -434,7 +434,7 @@ class timthumb {
434	if($this->processImageAndWriteToCache($this->localImage)){
435	$this->serveCacheFile();
436	return true;
437	- } else {
438	return false;
439	}
440	}
	@@ -444,7 +444,7 @@ class timthumb {
444	}
445	$this->debug(3, "cleanCache() called");
446	$lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
447	-
448	//If this is a new timthumb installation we need to create the file
449	if(! is_file($lastCleanFile)){
450	$this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");
	@@ -505,7 +505,7 @@ class timthumb {
505	);
506	}
507
508	- // get standard input properties
509	$new_width = (int) abs ($this->param('w', 0));
510	$new_height = (int) abs ($this->param('h', 0));
511	$zoom_crop = (int) $this->param('zc', DEFAULT_ZC);
	@@ -566,7 +566,7 @@ class timthumb {
566	imagealphablending ($canvas, false);
567
568	if (strlen($canvas_color) == 3) { //if is 3-char notation, edit string into 6-char notation
569	- $canvas_color = str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2);
570	} else if (strlen($canvas_color) != 6) {
571	$canvas_color = DEFAULT_CC; // on error return default canvas color
572	}
	@@ -576,10 +576,10 @@ class timthumb {
576	$canvas_color_B = hexdec (substr ($canvas_color, 4, 2));
577
578	// Create a new transparent color for image
579	- // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency
580	// (and if is set a canvas color show it in the background)
581	- if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){
582	- $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);
583	}else{
584	$color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 0);
585	}
	@@ -729,10 +729,10 @@ class timthumb {
729
730	$imgType = "";
731	$tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
732	- if(preg_match('/^image\/(?:jpg\|jpeg)$/i', $mimeType)){
733	$imgType = 'jpg';
734	- imagejpeg($canvas, $tempfile, $quality);
735	- } else if(preg_match('/^image\/png$/i', $mimeType)){
736	$imgType = 'png';
737	imagepng($canvas, $tempfile, floor($quality * 0.09));
738	} else if(preg_match('/^image\/gif$/i', $mimeType)){
	@@ -784,7 +784,7 @@ class timthumb {
784	$tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
785	$context = stream_context_create ();
786	$fp = fopen($tempfile,'r',0,$context);
787	- file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
788	file_put_contents($tempfile4, $fp, FILE_APPEND);
789	fclose($fp);
790	@unlink($tempfile);
	@@ -814,21 +814,21 @@ class timthumb {
814	protected function calcDocRoot(){
815	$docRoot = @$_SERVER['DOCUMENT_ROOT'];
816	if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
817	- $docRoot = LOCAL_FILE_BASE_DIRECTORY;
818	}
819	- if(!isset($docRoot)){
820	$this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
821	if(isset($_SERVER['SCRIPT_FILENAME'])){
822	$docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
823	$this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
824	- }
825	}
826	- if(!isset($docRoot)){
827	$this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
828	if(isset($_SERVER['PATH_TRANSLATED'])){
829	$docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
830	$this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
831	- }
832	}
833	if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
834	$this->debug(3, "Doc root is: " . $docRoot);
	@@ -870,9 +870,9 @@ class timthumb {
870	//and continue search
871	}
872	}
873	-
874	$base = $this->docRoot;
875	-
876	// account for Windows directory structure
877	if (strstr($_SERVER['SCRIPT_FILENAME'],':')) {
878	$sub_directories = explode('\\', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));
	@@ -937,8 +937,8 @@ class timthumb {
937	return $this->error("Invalid URL supplied.");
938	}
939	$url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\*\+\,\;\=]+/', '', $url); //RFC 3986
940	- //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
941	- // which AFAIKT can't be used for shell injection.
942	if(WEBSHOT_XVFB_RUNNING){
943	putenv('DISPLAY=:100.0');
944	$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";
	@@ -982,7 +982,7 @@ class timthumb {
982	$this->debug(3, "Remote file has invalid mime type: $mimeType");
983	@unlink($this->cachefile);
984	touch($this->cachefile);
985	- $this->error("The remote file is not a valid image.");
986	return false;
987	}
988	if($this->processImageAndWriteToCache($tempfile)){
	@@ -1077,12 +1077,14 @@ class timthumb {
1077
1078	case 'image/png':
1079	$image = imagecreatefrompng ($src);


1080	break;
1081
1082	case 'image/gif':
1083	$image = imagecreatefromgif ($src);
1084	break;
1085	-
1086	default:
1087	$this->error("Unrecognised mimeType");
1088	}
	@@ -1093,7 +1095,7 @@ class timthumb {
1093	$rem = @$_SERVER["REMOTE_ADDR"];
1094	$ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1095	$ci = @$_SERVER["HTTP_CLIENT_IP"];
1096	- if(preg_match('/^(?:192\.168\|172\.16\|10\.\|127\.)/', $rem)){
1097	if($ff){ return $ff; }
1098	if($ci){ return $ci; }
1099	return $rem;
	@@ -1145,6 +1147,7 @@ class timthumb {
1145	default: return $size_str;
1146	}
1147	}

1148	protected function getURL($url, $tempfile){
1149	$this->lastURLError = false;
1150	$url = preg_replace('/ /', '%20', $url);
	@@ -1166,13 +1169,17 @@ class timthumb {
1166	curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1167	@curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1168	@curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1169	-
1170	$curlResult = curl_exec($curl);
1171	fclose(self::$curlFH);
1172	$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1173	if($httpStatus == 404){
1174	$this->set404();
1175	}




1176	if($curlResult){
1177	curl_close($curl);
1178	return true;


3	* TimThumb by Ben Gillbanks and Mark Maunder
4	* Based on work done by Tim McDaniels and Darren Hoyt
5	* http://code.google.com/p/timthumb/
6	+ *
7	* GNU General Public License, version 2
8	* http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
9	*
10	* Examples and documentation available on the project homepage
11	* http://www.binarymoon.co.uk/projects/timthumb/
12	+ *
13	* $Rev$
14	*/
15

20	* loaded by timthumb. This will save you having to re-edit these variables
21	* everytime you download a new version
22	*/
23	+ define ('VERSION', '2.8.11'); // Version of this script
24	//Load a config file if it exists. Otherwise, use the values below
25	if( file_exists(dirname(__FILE__) . '/timthumb-config.php')) require_once('timthumb-config.php');
26	if(! defined('DEBUG_ON') ) define ('DEBUG_ON', false); // Enable debug logging to web server error log (STDERR)

30
31	//Image fetching and caching
32	if(! defined('ALLOW_EXTERNAL') ) define ('ALLOW_EXTERNAL', TRUE); // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
33	+ if(! defined('ALLOW_ALL_EXTERNAL_SITES') ) define ('ALLOW_ALL_EXTERNAL_SITES', false); // Less secure.
34	if(! defined('FILE_CACHE_ENABLED') ) define ('FILE_CACHE_ENABLED', TRUE); // Should we store resized/modified images on disk to speed things up?
35	+ if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400); // How often the cache is cleaned
36
37	if(! defined('FILE_CACHE_MAX_FILE_AGE') ) define ('FILE_CACHE_MAX_FILE_AGE', 86400); // How old does a file have to be to be deleted from the cache
38	if(! defined('FILE_CACHE_SUFFIX') ) define ('FILE_CACHE_SUFFIX', '.timthumb.txt'); // What to put at the end of all files in the cache directory so we can identify them
39	if(! defined('FILE_CACHE_PREFIX') ) define ('FILE_CACHE_PREFIX', 'timthumb'); // What to put at the beg of all files in the cache directory so we can identify them
40	if(! defined('FILE_CACHE_DIRECTORY') ) define ('FILE_CACHE_DIRECTORY', './cache'); // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
41	+ if(! defined('MAX_FILE_SIZE') ) define ('MAX_FILE_SIZE', 10485760); // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
42	if(! defined('CURL_TIMEOUT') ) define ('CURL_TIMEOUT', 20); // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
43	+ if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600); // Time to wait between errors fetching remote file
44
45	//Browser caching
46	if(! defined('BROWSER_CACHE_MAX_AGE') ) define ('BROWSER_CACHE_MAX_AGE', 864000); // Time to cache in the browser

49	//Image size and defaults
50	if(! defined('MAX_WIDTH') ) define ('MAX_WIDTH', 1500); // Maximum image width
51	if(! defined('MAX_HEIGHT') ) define ('MAX_HEIGHT', 1500); // Maximum image height
52	+ if(! defined('NOT_FOUND_IMAGE') ) define ('NOT_FOUND_IMAGE', ''); // Image to serve if any 404 occurs
53	+ if(! defined('ERROR_IMAGE') ) define ('ERROR_IMAGE', ''); // Image to serve if an error occurs instead of showing error message
54	+ if(! defined('PNG_IS_TRANSPARENT') ) define ('PNG_IS_TRANSPARENT', FALSE); // Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour
55	if(! defined('DEFAULT_Q') ) define ('DEFAULT_Q', 90); // Default image quality. Allows overrid in timthumb-config.php
56	if(! defined('DEFAULT_ZC') ) define ('DEFAULT_ZC', 1); // Default zoom/crop setting. Allows overrid in timthumb-config.php
57	if(! defined('DEFAULT_F') ) define ('DEFAULT_F', ''); // Default image filters. Allows overrid in timthumb-config.php

61
62	//Image compression is enabled if either of these point to valid paths
63
64	+ //These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate.
65	//They only work for PNGs. GIFs and JPEGs are not affected.
66	+ if(! defined('OPTIPNG_ENABLED') ) define ('OPTIPNG_ENABLED', false);
67	+ if(! defined('OPTIPNG_PATH') ) define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
68	+ if(! defined('PNGCRUSH_ENABLED') ) define ('PNGCRUSH_ENABLED', false);
69	if(! defined('PNGCRUSH_PATH') ) define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
70
71	/*
72	-------====Website Screenshots configuration - BETA====-------
73	+
74	+ If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
75	+
76	If you would like to get website screenshots set up, you will need root access to your own server.
77
78	Enable ALLOW_ALL_EXTERNAL_SITES so you can fetch any external web page. This is more secure now that we're using a non-web folder for cache.

91	9. If you get a file called test.png with something in it, it probably worked. Now test the script by accessing it as follows:
92	10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
93
94	+ Notes on performance:
95	The first time a webshot loads, it will take a few seconds.
96	From then on it uses the regular timthumb caching mechanism with the configurable options above
97	and loading will be very fast.

99	--ADVANCED USERS ONLY--
100	If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
101	nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
102	+ Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
103	You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
104	+ You will also need to take responsibility for server security if you're running Xvfb as root.
105
106
107	*/
108	if(! defined('WEBSHOT_ENABLED') ) define ('WEBSHOT_ENABLED', false); //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
109	+ if(! defined('WEBSHOT_CUTYCAPT') ) define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
110	if(! defined('WEBSHOT_XVFB') ) define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run'); //The path to the Xvfb server
111	if(! defined('WEBSHOT_SCREEN_X') ) define ('WEBSHOT_SCREEN_X', '1024'); //1024 works ok
112	if(! defined('WEBSHOT_SCREEN_Y') ) define ('WEBSHOT_SCREEN_Y', '768'); //768 works ok

117	if(! defined('WEBSHOT_JAVASCRIPT_ON') ) define ('WEBSHOT_JAVASCRIPT_ON', true); //Setting to false might give you a slight speedup and block ads. But it could cause other issues.
118	if(! defined('WEBSHOT_JAVA_ON') ) define ('WEBSHOT_JAVA_ON', false); //Have only tested this as fase
119	if(! defined('WEBSHOT_PLUGINS_ON') ) define ('WEBSHOT_PLUGINS_ON', true); //Enable flash and other plugins
120	+ if(! defined('WEBSHOT_PROXY') ) define ('WEBSHOT_PROXY', ''); //In case you're behind a proxy server.
121	if(! defined('WEBSHOT_XVFB_RUNNING') ) define ('WEBSHOT_XVFB_RUNNING', false); //ADVANCED: Enable this if you've got Xvfb running in the background.
122
123
124	+ // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
125	if(! isset($ALLOWED_SITES)){
126	$ALLOWED_SITES = array ();
127	}

193	} else {
194	$this->cacheDirectory = sys_get_temp_dir();
195	}
196	+ //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
197	$this->cleanCache();
198	+
199	$this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
200	$this->src = $this->param('src');
201	$this->url = parse_url($this->src);
202	$this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
203	+
204	if(strlen($this->src) <= 3){
205	$this->error("No image specified");
206	return false;

301	return true;
302	}
303	protected function handleErrors(){
304	+ if($this->haveErrors()){
305	if(NOT_FOUND_IMAGE && $this->is404()){
306	if($this->serveImg(NOT_FOUND_IMAGE)){
307	exit(0);

316	$this->error("Additionally, the error image that is configured could not be found or there was an error serving it.");
317	}
318	}
319	+ $this->serveErrors();
320	+ exit(0);
321	}
322	return false;
323	}

375	$this->debug(3, "Empty cachefile is still fresh so returning message saying we had an error fetching this image from remote host.");
376	$this->set404();
377	$this->error("An error occured fetching image.");
378	+ return false;
379	}
380	}
381	} else {

434	if($this->processImageAndWriteToCache($this->localImage)){
435	$this->serveCacheFile();
436	return true;
437	+ } else {
438	return false;
439	}
440	}

444	}
445	$this->debug(3, "cleanCache() called");
446	$lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
447	+
448	//If this is a new timthumb installation we need to create the file
449	if(! is_file($lastCleanFile)){
450	$this->debug(1, "File tracking last clean doesn't exist. Creating $lastCleanFile");

505	);
506	}
507
508	+ // get standard input properties
509	$new_width = (int) abs ($this->param('w', 0));
510	$new_height = (int) abs ($this->param('h', 0));
511	$zoom_crop = (int) $this->param('zc', DEFAULT_ZC);

566	imagealphablending ($canvas, false);
567
568	if (strlen($canvas_color) == 3) { //if is 3-char notation, edit string into 6-char notation
569	+ $canvas_color = str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2);
570	} else if (strlen($canvas_color) != 6) {
571	$canvas_color = DEFAULT_CC; // on error return default canvas color
572	}

576	$canvas_color_B = hexdec (substr ($canvas_color, 4, 2));
577
578	// Create a new transparent color for image
579	+ // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency
580	// (and if is set a canvas color show it in the background)
581	+ if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){
582	+ $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);
583	}else{
584	$color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 0);
585	}

729
730	$imgType = "";
731	$tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
732	+ if(preg_match('/^image\/(?:jpg\|jpeg)$/i', $mimeType)){
733	$imgType = 'jpg';
734	+ imagejpeg($canvas, $tempfile, $quality);
735	+ } else if(preg_match('/^image\/png$/i', $mimeType)){
736	$imgType = 'png';
737	imagepng($canvas, $tempfile, floor($quality * 0.09));
738	} else if(preg_match('/^image\/gif$/i', $mimeType)){

784	$tempfile4 = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
785	$context = stream_context_create ();
786	$fp = fopen($tempfile,'r',0,$context);
787	+ file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
788	file_put_contents($tempfile4, $fp, FILE_APPEND);
789	fclose($fp);
790	@unlink($tempfile);

814	protected function calcDocRoot(){
815	$docRoot = @$_SERVER['DOCUMENT_ROOT'];
816	if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
817	+ $docRoot = LOCAL_FILE_BASE_DIRECTORY;
818	}
819	+ if(!isset($docRoot)){
820	$this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
821	if(isset($_SERVER['SCRIPT_FILENAME'])){
822	$docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
823	$this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
824	+ }
825	}
826	+ if(!isset($docRoot)){
827	$this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
828	if(isset($_SERVER['PATH_TRANSLATED'])){
829	$docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
830	$this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
831	+ }
832	}
833	if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
834	$this->debug(3, "Doc root is: " . $docRoot);

870	//and continue search
871	}
872	}
873	+
874	$base = $this->docRoot;
875	+
876	// account for Windows directory structure
877	if (strstr($_SERVER['SCRIPT_FILENAME'],':')) {
878	$sub_directories = explode('\\', str_replace($this->docRoot, '', $_SERVER['SCRIPT_FILENAME']));

937	return $this->error("Invalid URL supplied.");
938	}
939	$url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\*\+\,\;\=]+/', '', $url); //RFC 3986
940	+ //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
941	+ // which AFAIKT can't be used for shell injection.
942	if(WEBSHOT_XVFB_RUNNING){
943	putenv('DISPLAY=:100.0');
944	$command = "$cuty $proxy --max-wait=$timeout --user-agent=\"$ua\" --javascript=$jsOn --java=$javaOn --plugins=$pluginsOn --js-can-open-windows=off --url=\"$url\" --out-format=$format --out=$tempfile";

982	$this->debug(3, "Remote file has invalid mime type: $mimeType");
983	@unlink($this->cachefile);
984	touch($this->cachefile);
985	+ $this->error("The remote file is not a valid image. Mimetype = '" . $mimeType . "'" . $tempfile);
986	return false;
987	}
988	if($this->processImageAndWriteToCache($tempfile)){

1077
1078	case 'image/png':
1079	$image = imagecreatefrompng ($src);
1080	+ imagealphablending( $image, true );
1081	+ imagesavealpha( $image, true );
1082	break;
1083
1084	case 'image/gif':
1085	$image = imagecreatefromgif ($src);
1086	break;
1087	+
1088	default:
1089	$this->error("Unrecognised mimeType");
1090	}

1095	$rem = @$_SERVER["REMOTE_ADDR"];
1096	$ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
1097	$ci = @$_SERVER["HTTP_CLIENT_IP"];
1098	+ if(preg_match('/^(?:192\.168\|172\.16\|10\.\|127\.)/', $rem)){
1099	if($ff){ return $ff; }
1100	if($ci){ return $ci; }
1101	return $rem;

1147	default: return $size_str;
1148	}
1149	}
1150	+
1151	protected function getURL($url, $tempfile){
1152	$this->lastURLError = false;
1153	$url = preg_replace('/ /', '%20', $url);

1169	curl_setopt ($curl, CURLOPT_WRITEFUNCTION, 'timthumb::curlWrite');
1170	@curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
1171	@curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
1172	+
1173	$curlResult = curl_exec($curl);
1174	fclose(self::$curlFH);
1175	$httpStatus = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1176	if($httpStatus == 404){
1177	$this->set404();
1178	}
1179	+ if($httpStatus == 302){
1180	+ $this->error("External Image is Redirecting. Try alternate image url");
1181	+ return false;
1182	+ }
1183	if($curlResult){
1184	curl_close($curl);
1185	return true;

ultimate-posts-widget.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: Ultimate Posts Widget
4	Plugin URI: http://pomelodesign.com/ultimate-posts-widget
5	Description: The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.
6	- Version: 1.5
7	Author: Pomelo Design
8	Author URI: http://pomelodesign.com
9	License: GPL2
	@@ -134,13 +134,13 @@ if ( !class_exists( 'WP_Widget_Ultimate_Posts' ) ) {
134	current_theme_supports("post-thumbnails") &&
135	$instance["show_thumbnail"] &&
136	has_post_thumbnail() ) :
137	- $thumbnail = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID),'~~full~~');
138	$plugin_dir = 'ultimate-posts-widget';
139	?>
140
141	<div class="upw-image">
142	<a href="<?php the_permalink(); ?>" title="<?php the_title_attribute(); ?>">
143	- <img src="<?php echo WP_PLUGIN_URL . '/ultimate-posts-widget/thumb.php?src='. get_image_path($thumbnail[0]) .'&h='.$thumb_h.'&w='.$thumb_w.'&zc='.$thumb_crop; ?>" alt="<?php the_title_attribute(); ?>" />
144	</a>
145	</div>
146


3	Plugin Name: Ultimate Posts Widget
4	Plugin URI: http://pomelodesign.com/ultimate-posts-widget
5	Description: The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.
6	+ Version: 1.5.1
7	Author: Pomelo Design
8	Author URI: http://pomelodesign.com
9	License: GPL2

134	current_theme_supports("post-thumbnails") &&
135	$instance["show_thumbnail"] &&
136	has_post_thumbnail() ) :
137	+ $thumbnail = wp_get_attachment_image_src(get_post_thumbnail_id($post->ID),'large');
138	$plugin_dir = 'ultimate-posts-widget';
139	?>
140
141	<div class="upw-image">
142	<a href="<?php the_permalink(); ?>" title="<?php the_title_attribute(); ?>">
143	+ <img src="<?php echo WP_PLUGIN_URL . '/ultimate-posts-widget/thumb.php?src='. get_image_path($thumbnail[0]) .'&h='.$thumb_h.'&w='.$thumb_w.'&zc='.$thumb_crop; ?>" alt="<?php the_title_attribute(); ?>" />
144	</a>
145	</div>
146