Skip to content

Commit

Permalink
update phpthumb
Browse files Browse the repository at this point in the history
Pathologic committed Oct 7, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent d1b4640 commit 33de602
Showing 11 changed files with 140 additions and 88 deletions.
12 changes: 6 additions & 6 deletions assets/snippets/phpthumb/composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 8 additions & 8 deletions assets/snippets/phpthumb/vendor/composer/installed.json
Original file line number Diff line number Diff line change
@@ -2,17 +2,17 @@
"packages": [
{
"name": "james-heinrich/phpthumb",
"version": "v1.7.20",
"version_normalized": "1.7.20.0",
"version": "v1.7.21",
"version_normalized": "1.7.21.0",
"source": {
"type": "git",
"url": "https://github.com/JamesHeinrich/phpThumb.git",
"reference": "6c642aad3fa33ce88fe1307feaa6316edfc9ed76"
"reference": "7ee966b38ddd7eb4d8091389aa514604710711c8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/JamesHeinrich/phpThumb/zipball/6c642aad3fa33ce88fe1307feaa6316edfc9ed76",
"reference": "6c642aad3fa33ce88fe1307feaa6316edfc9ed76",
"url": "https://api.github.com/repos/JamesHeinrich/phpThumb/zipball/7ee966b38ddd7eb4d8091389aa514604710711c8",
"reference": "7ee966b38ddd7eb4d8091389aa514604710711c8",
"shasum": ""
},
"require": {
@@ -22,7 +22,7 @@
"ext-gd": "PHP GD library",
"ext-imagick": "PHP ImageMagick"
},
"time": "2023-01-09T14:23:26+00:00",
"time": "2023-07-14T21:25:25+00:00",
"type": "library",
"installation-source": "dist",
"autoload": {
@@ -56,11 +56,11 @@
],
"support": {
"issues": "https://github.com/JamesHeinrich/phpThumb/issues",
"source": "https://github.com/JamesHeinrich/phpThumb/tree/v1.7.20"
"source": "https://github.com/JamesHeinrich/phpThumb/tree/v1.7.21"
},
"install-path": "../james-heinrich/phpthumb"
}
],
"dev": false,
"dev": true,
"dev-package-names": []
}
20 changes: 10 additions & 10 deletions assets/snippets/phpthumb/vendor/composer/installed.php
Original file line number Diff line number Diff line change
@@ -1,28 +1,28 @@
<?php return array(
'root' => array(
'name' => '__root__',
'pretty_version' => '1.0.0+no-version-set',
'version' => '1.0.0.0',
'reference' => NULL,
'pretty_version' => '1.4.x-dev',
'version' => '1.4.9999999.9999999-dev',
'reference' => 'd1b46408a166eff5588bebd00018f671b111c8c4',
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
'dev' => false,
'dev' => true,
),
'versions' => array(
'__root__' => array(
'pretty_version' => '1.0.0+no-version-set',
'version' => '1.0.0.0',
'reference' => NULL,
'pretty_version' => '1.4.x-dev',
'version' => '1.4.9999999.9999999-dev',
'reference' => 'd1b46408a166eff5588bebd00018f671b111c8c4',
'type' => 'library',
'install_path' => __DIR__ . '/../../',
'aliases' => array(),
'dev_requirement' => false,
),
'james-heinrich/phpthumb' => array(
'pretty_version' => 'v1.7.20',
'version' => '1.7.20.0',
'reference' => '6c642aad3fa33ce88fe1307feaa6316edfc9ed76',
'pretty_version' => 'v1.7.21',
'version' => '1.7.21.0',
'reference' => '7ee966b38ddd7eb4d8091389aa514604710711c8',
'type' => 'library',
'install_path' => __DIR__ . '/../james-heinrich/phpthumb',
'aliases' => array(),
Original file line number Diff line number Diff line change
@@ -99,7 +99,8 @@
$img['anigif'] = 'images/animaple.gif';
$img['alpha'] = 'images/alpha.png';
//$img['alpha'] = 'images/North15.gif';
$img['whitespace'] = 'images/whitespace.jpg';
// $img['whitespace'] = 'images/whitespace.jpg'; // missing
$img['whitespace'] = 'images/bunnies.jpg';

$img['mask1'] = 'images/mask04.png';
$img['mask2'] = 'images/mask05.png';
@@ -135,7 +136,7 @@
$Examples[] = array('getstrings' => array('src='.$img['square'].'&w=300&q=10&sia=custom-filename'), 'description' => 'width=300px, JPEGquality=10%, SaveImageAs=custom-filename');
$Examples[] = array('getstrings' => array('src='.$img['watermark'].'&w=400&aoe=1&bg=ffffff'), 'description' => 'width=400px, AllowOutputEnlargement enabled');
$Examples[] = array('getstrings' => array('src='.$img['square'].'&w=250&sx=600&sy=5&sw=100&sh=100&aoe=1'), 'description' => 'section from (600x5 - 700x105) cropped and enlarged by 250%, AllowOutputEnlargement enabled');
$Examples[] = array('getstrings' => array('src='.urlencode('http://www.silisoftware.com/images/SiliSoft.gif').'&w=100'), 'description' => 'HTTP source image'.$only_gd);
$Examples[] = array('getstrings' => array('src='.urlencode('https://www.silisoftware.com/images/SiliSoft.gif').'&w=100'), 'description' => 'HTTP source image'.$only_gd);
$Examples[] = array('getstrings' => array('src='.$img['square'].'&w=300&fltr[]=wmi|'.$img['watermark'].'|BL'), 'description' => 'width=300px, watermark (bottom-left, 75% opacity)'.$only_gd);
$Examples[] = array('getstrings' => array('src='.$img['square'].'&w=300&fltr[]=wmi|'.$img['watermark'].'|*|25'), 'description' => 'width=300px, watermark (tiled, 25% opacity)'.$only_gd);
$Examples[] = array('getstrings' => array('src='.$img['square'].'&w=300&fltr[]=wmi|'.$img['watermark'].'|75x50|80|75|75|45'), 'description' => 'width=300px, watermark (absolute position (75x50), rotation (45), scaling (75x75)))'.$only_gd);
Original file line number Diff line number Diff line change
@@ -7,6 +7,15 @@
¤ = structure change or important new feature
* = less important new feature or change

v1.7.21-202307141720
* [bugfix: #215] PHP 8.2 compatibility
* [bugfix: #214] PHP 8.2 compatibility (Dynamic Properties are deprecated)
* [bugfix: #213] PHP 8.2 compatibility
* [bugfix: #212] PHP 8.2 compatibility
* [bugfix: #211] quality parameter fix for ImageMagick processing
* [bugfix: #208] PHP 8.2 compatibility
* [bugfix: #207] PHP 8.2 compatibility

v1.7.20-202212091316
* [bugfix: #203] Support https in file_get_contents polyfill
* [bugfix: #202] Test if property is set when testing array (@ operator fix)
Original file line number Diff line number Diff line change
@@ -242,6 +242,10 @@ $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = false; // if true, GETstring parameters w
//$PHPTHUMB_DEFAULTS['fltr'] = array('blur|10');
//$PHPTHUMB_DEFAULTS['q'] = 90;

// benchmark by https://www.industrialempathy.com/posts/avif-webp-quality-settings/ suggests:
// JPEG quality 50 60 70 80
// AVIF quality 48 51 56 64
// WebP quality 55 64 72 82

/* END DEFAULT PARAMETERS SECTION */

Original file line number Diff line number Diff line change
@@ -41,7 +41,7 @@ function SendSaveAsFileHeaderIfNeeded($getimagesize=false) {
//if (empty($_GET['sia']) && empty($_GET['down']) && !empty($phpThumb->thumbnail_image_width) && !empty($phpThumb->thumbnail_image_height)) {
if (empty($_GET['sia']) && empty($_GET['down']) && !empty($getimagesize[0]) && !empty($getimagesize[1])) {
// if we know the output image dimensions we can generate a better default filename
$downloadfilename = phpthumb_functions::SanitizeFilename((!empty($phpThumb->src) ? basename($phpThumb->src) : md5($phpThumb->rawImageData)).'-'.intval($getimagesize[0]).'x'.intval($getimagesize[1]).'.'.(!empty($_GET['f']) ? $_GET['f'] : 'jpg'));
$downloadfilename = phpthumb_functions::SanitizeFilename((!empty($phpThumb->src) ? basename($phpThumb->src) : md5((string)$phpThumb->rawImageData)).'-'.intval($getimagesize[0]).'x'.intval($getimagesize[1]).'.'.(!empty($_GET['f']) ? $_GET['f'] : 'jpg'));
}
if (!empty($downloadfilename)) {
$phpThumb->DebugMessage('SendSaveAsFileHeaderIfNeeded() sending header: Content-Disposition: '.(!empty($_GET['down']) ? 'attachment' : 'inline').'; filename="'.$downloadfilename.'"', __FILE__, __LINE__);
@@ -286,7 +286,7 @@ function RedirectToCachedFile() {
$phpThumb->ErrorImage('config_nooffsitelink_require_refer enabled and '.(@$parsed_url_referer['host'] ? '"'.$parsed_url_referer['host'].'" is not an allowed referer' : 'no HTTP_REFERER exists'));
}
$parsed_url_src = phpthumb_functions::ParseURLbetter(@$_GET['src']);
if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && preg_match('#^(f|ht)tps?://#i', @$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
if ($phpThumb->config_nohotlink_enabled && $phpThumb->config_nohotlink_erase_image && preg_match('#^(f|ht)tps?://#i', (string)@$_GET['src']) && !in_array(@$parsed_url_src['host'], $phpThumb->config_nohotlink_valid_domains)) {
$phpThumb->ErrorImage($phpThumb->config_nohotlink_text_message);
}

@@ -391,6 +391,8 @@ function RedirectToCachedFile() {
if (!empty($PHPTHUMB_DEFAULTS_DISABLEGETPARAMS) && ($key != 'src')) {
// disabled, do not set parameter
$phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
} elseif ($key == 'hash') {
// "hash" is for use in phpThumb.phpdoes only, should not be set on object
} elseif (in_array($key, $allowedGETparameters)) {
$phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
$phpThumb->setParameter($key, $value);
@@ -435,9 +437,9 @@ function RedirectToCachedFile() {
$CanPassThroughDirectly = true;
if ($phpThumb->rawImageData) {
// data from SQL, should be fine
} elseif (preg_match('#^https?\\://[^\\?&]+\\.(jpe?g|gif|png|webp|avif)$#i', $phpThumb->src)) {
} elseif (preg_match('#^https?\\://[^\\?&]+\\.(jpe?g|gif|png|webp|avif)$#i', (string)$phpThumb->src)) {
// assume is ok to passthru if no other parameters specified
} elseif (preg_match('#^(f|ht)tps?\\://#i', $phpThumb->src)) {
} elseif (preg_match('#^(f|ht)tps?\\://#i', (string)$phpThumb->src)) {
$phpThumb->DebugMessage('$CanPassThroughDirectly=false because preg_match("#^(f|ht)tps?://#i", '.$phpThumb->src.')', __FILE__, __LINE__);
$CanPassThroughDirectly = false;
} elseif (!@is_readable($phpThumb->sourceFilename)) {
@@ -456,7 +458,7 @@ function RedirectToCachedFile() {
case 'w':
case 'h':
// might be OK if exactly matches original
if (preg_match('#^https?\\://[^\\?&]+\\.(jpe?g|gif|png|webp|avif)$#i', $phpThumb->src)) {
if (preg_match('#^https?\\://[^\\?&]+\\.(jpe?g|gif|png|webp|avif)$#i', (string)$phpThumb->src)) {
// assume it is not ok for direct-passthru of remote image
$CanPassThroughDirectly = false;
}
Loading

0 comments on commit 33de602

Please sign in to comment.