aboutsummaryrefslogtreecommitdiffstats
path: root/include/smarty/libs/plugins/function.html_image.php
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--include/smarty/libs/plugins/function.html_image.php157
1 files changed, 87 insertions, 70 deletions
diff --git a/include/smarty/libs/plugins/function.html_image.php b/include/smarty/libs/plugins/function.html_image.php
index 96cd795c2..6521966bb 100644
--- a/include/smarty/libs/plugins/function.html_image.php
+++ b/include/smarty/libs/plugins/function.html_image.php
@@ -1,43 +1,43 @@
<?php
/**
* Smarty plugin
+ *
* @package Smarty
- * @subpackage plugins
+ * @subpackage PluginsFunction
*/
-
/**
* Smarty {html_image} function plugin
- *
+ *
* Type: function<br>
* Name: html_image<br>
* Date: Feb 24, 2003<br>
* Purpose: format HTML tags for the image<br>
- * Input:<br>
- * - file = file (and path) of image (required)
- * - height = image height (optional, default actual height)
- * - width = image width (optional, default actual width)
- * - basedir = base directory for absolute paths, default
- * is environment variable DOCUMENT_ROOT
- * - path_prefix = prefix for path output (optional, default empty)
- *
- * Examples: {html_image file="/images/masthead.gif"}
- * Output: <img src="/images/masthead.gif" width=400 height=23>
- * @link http://smarty.php.net/manual/en/language.function.html.image.php {html_image}
+ * Examples: {html_image file="/images/masthead.gif"}<br>
+ * Output: <img src="/images/masthead.gif" width=400 height=23><br>
+ * Params:
+ * <pre>
+ * - file - (required) - file (and path) of image
+ * - height - (optional) - image height (default actual height)
+ * - width - (optional) - image width (default actual width)
+ * - basedir - (optional) - base directory for absolute paths, default is environment variable DOCUMENT_ROOT
+ * - path_prefix - prefix for path output (optional, default empty)
+ * </pre>
+ *
+ * @link http://www.smarty.net/manual/en/language.function.html.image.php {html_image}
* (Smarty online manual)
- * @author Monte Ohrt <monte at ohrt dot com>
- * @author credits to Duda <duda@big.hu> - wrote first image function
- * in repository, helped with lots of functionality
- * @version 1.0
- * @param array
- * @param Smarty
- * @return string
+ * @author Monte Ohrt <monte at ohrt dot com>
+ * @author credits to Duda <duda@big.hu>
+ * @version 1.0
+ * @param array $params parameters
+ * @param Smarty_Internal_Template $template template object
+ * @return string
* @uses smarty_function_escape_special_chars()
*/
-function smarty_function_html_image($params, &$smarty)
+function smarty_function_html_image($params, $template)
{
- require_once $smarty->_get_plugin_filepath('shared','escape_special_chars');
-
+ require_once(SMARTY_PLUGINS_DIR . 'shared.escape_special_chars.php');
+
$alt = '';
$file = '';
$height = '';
@@ -46,10 +46,9 @@ function smarty_function_html_image($params, &$smarty)
$prefix = '';
$suffix = '';
$path_prefix = '';
- $server_vars = ($smarty->request_use_auto_globals) ? $_SERVER : $GLOBALS['HTTP_SERVER_VARS'];
- $basedir = isset($server_vars['DOCUMENT_ROOT']) ? $server_vars['DOCUMENT_ROOT'] : '';
+ $basedir = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : '';
foreach($params as $_key => $_val) {
- switch($_key) {
+ switch ($_key) {
case 'file':
case 'height':
case 'width':
@@ -60,11 +59,11 @@ function smarty_function_html_image($params, &$smarty)
break;
case 'alt':
- if(!is_array($_val)) {
+ if (!is_array($_val)) {
$$_key = smarty_function_escape_special_chars($_val);
} else {
- $smarty->trigger_error("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
- }
+ throw new SmartyException ("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
+ }
break;
case 'link':
@@ -74,69 +73,87 @@ function smarty_function_html_image($params, &$smarty)
break;
default:
- if(!is_array($_val)) {
- $extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"';
+ if (!is_array($_val)) {
+ $extra .= ' ' . $_key . '="' . smarty_function_escape_special_chars($_val) . '"';
} else {
- $smarty->trigger_error("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
- }
+ throw new SmartyException ("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
+ }
break;
- }
- }
+ }
+ }
if (empty($file)) {
- $smarty->trigger_error("html_image: missing 'file' parameter", E_USER_NOTICE);
+ trigger_error("html_image: missing 'file' parameter", E_USER_NOTICE);
return;
- }
+ }
- if (substr($file,0,1) == '/') {
+ if ($file[0] == '/') {
$_image_path = $basedir . $file;
} else {
$_image_path = $file;
}
- if(!isset($params['width']) || !isset($params['height'])) {
- if(!$_image_data = @getimagesize($_image_path)) {
- if(!file_exists($_image_path)) {
- $smarty->trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE);
+ // strip file protocol
+ if (stripos($params['file'], 'file://') === 0) {
+ $params['file'] = substr($params['file'], 7);
+ }
+
+ $protocol = strpos($params['file'], '://');
+ if ($protocol !== false) {
+ $protocol = strtolower(substr($params['file'], 0, $protocol));
+ }
+
+ if (isset($template->smarty->security_policy)) {
+ if ($protocol) {
+ // remote resource (or php stream, …)
+ if(!$template->smarty->security_policy->isTrustedUri($params['file'])) {
+ return;
+ }
+ } else {
+ // local file
+ if(!$template->smarty->security_policy->isTrustedResourceDir($params['file'])) {
+ return;
+ }
+ }
+ }
+
+ if (!isset($params['width']) || !isset($params['height'])) {
+ // FIXME: (rodneyrehm) getimagesize() loads the complete file off a remote resource, use custom [jpg,png,gif]header reader!
+ if (!$_image_data = @getimagesize($_image_path)) {
+ if (!file_exists($_image_path)) {
+ trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE);
return;
- } else if(!is_readable($_image_path)) {
- $smarty->trigger_error("html_image: unable to read '$_image_path'", E_USER_NOTICE);
+ } else if (!is_readable($_image_path)) {
+ trigger_error("html_image: unable to read '$_image_path'", E_USER_NOTICE);
return;
} else {
- $smarty->trigger_error("html_image: '$_image_path' is not a valid image file", E_USER_NOTICE);
+ trigger_error("html_image: '$_image_path' is not a valid image file", E_USER_NOTICE);
return;
- }
+ }
}
- if ($smarty->security &&
- ($_params = array('resource_type' => 'file', 'resource_name' => $_image_path)) &&
- (require_once(SMARTY_CORE_DIR . 'core.is_secure.php')) &&
- (!smarty_core_is_secure($_params, $smarty)) ) {
- $smarty->trigger_error("html_image: (secure) '$_image_path' not in secure directory", E_USER_NOTICE);
- }
-
- if(!isset($params['width'])) {
+
+ if (!isset($params['width'])) {
$width = $_image_data[0];
- }
- if(!isset($params['height'])) {
+ }
+ if (!isset($params['height'])) {
$height = $_image_data[1];
- }
-
- }
+ }
+ }
- if(isset($params['dpi'])) {
- if(strstr($server_vars['HTTP_USER_AGENT'], 'Mac')) {
+ if (isset($params['dpi'])) {
+ if (strstr($_SERVER['HTTP_USER_AGENT'], 'Mac')) {
+ // FIXME: (rodneyrehm) wrong dpi assumption
+ // don't know who thought this up… even if it was true in 1998, it's definitely wrong in 2011.
$dpi_default = 72;
} else {
$dpi_default = 96;
- }
- $_resize = $dpi_default/$params['dpi'];
+ }
+ $_resize = $dpi_default / $params['dpi'];
$width = round($width * $_resize);
$height = round($height * $_resize);
- }
-
- return $prefix . '<img src="'.$path_prefix.$file.'" alt="'.$alt.'" width="'.$width.'" height="'.$height.'"'.$extra.'>' . $suffix;
-}
+ }
-/* vim: set expandtab: */
+ return $prefix . '<img src="' . $path_prefix . $file . '" alt="' . $alt . '" width="' . $width . '" height="' . $height . '"' . $extra . ' />' . $suffix;
+}
-?>
+?> \ No newline at end of file