This commit is contained in:
Tom Canac 2015-06-30 15:19:34 +02:00
parent f2bbd37ec2
commit 91c06a9e4a

View file

@ -28,7 +28,7 @@ error_reporting(0);
$get_filename = $_GET['filename']; $get_filename = $_GET['filename'];
$get_size = @$_GET['size']; $get_size = @$_GET['size'];
if (empty($get_size)) $get_size = 120; if (empty($get_size)) $get_size = 120;
if (preg_match("/^\/.*/i", $get_filename)) die("Unauthorized access !");
if (preg_match("/.jpe?g$/i", $get_filename)) $get_filename_type = "JPG"; if (preg_match("/.jpe?g$/i", $get_filename)) $get_filename_type = "JPG";
if (preg_match("/.gif$/i", $get_filename)) $get_filename_type = "GIF"; if (preg_match("/.gif$/i", $get_filename)) $get_filename_type = "GIF";
if (preg_match("/.png$/i", $get_filename)) $get_filename_type = "PNG"; if (preg_match("/.png$/i", $get_filename)) $get_filename_type = "PNG";
@ -164,14 +164,13 @@ if (preg_match("/.jpg$|.jpeg$/i", $_GET['filename'])) {
$target = imagecreatetruecolor($get_size, $get_size); $target = imagecreatetruecolor($get_size, $get_size);
// if the picture can be transparent, add a white background instead a black // if the picture can be transparent, add a white background
if (in_array($get_filename_type, array("GIF", "PNG"))) if (in_array($get_filename_type, array("GIF", "PNG")))
{ {
$backgroundColor = imagecolorallocate($target, 255, 255, 255); $backgroundColor = imagecolorallocate($target, 255, 255, 255);
imagefill($target, 0, 0, $backgroundColor); imagefill($target, 0, 0, $backgroundColor);
} }
if ($get_filename_type == "JPG") $source = imagecreatefromjpeg($get_filename); if ($get_filename_type == "JPG") $source = imagecreatefromjpeg($get_filename);
if ($get_filename_type == "GIF") $source = imagecreatefromgif($get_filename); if ($get_filename_type == "GIF") $source = imagecreatefromgif($get_filename);
if ($get_filename_type == "PNG") $source = imagecreatefrompng($get_filename); if ($get_filename_type == "PNG") $source = imagecreatefrompng($get_filename);
@ -209,6 +208,3 @@ if (is_writable(dirname($thumbname)))
fclose($fd); fclose($fd);
} }
} }
?>