From 6fc07742f8fca9d32db23243d374ea27e8ee4c1e Mon Sep 17 00:00:00 2001 From: rvelices Date: Thu, 20 Jun 2013 03:38:47 +0000 Subject: smarty 3 - first pass for tests git-svn-id: http://piwigo.org/svn/trunk@23384 68402e56-0260-453c-a942-63ccdbb3a9ee --- .../smarty/libs/plugins/function.html_image.php | 157 ++++++++++++--------- 1 file changed, 87 insertions(+), 70 deletions(-) (limited to 'include/smarty/libs/plugins/function.html_image.php') diff --git a/include/smarty/libs/plugins/function.html_image.php b/include/smarty/libs/plugins/function.html_image.php index 96cd795c2..6521966bb 100644 --- a/include/smarty/libs/plugins/function.html_image.php +++ b/include/smarty/libs/plugins/function.html_image.php @@ -1,43 +1,43 @@ * Name: html_image
* Date: Feb 24, 2003
* Purpose: format HTML tags for the image
- * Input:
- * - file = file (and path) of image (required) - * - height = image height (optional, default actual height) - * - width = image width (optional, default actual width) - * - basedir = base directory for absolute paths, default - * is environment variable DOCUMENT_ROOT - * - path_prefix = prefix for path output (optional, default empty) - * - * Examples: {html_image file="/images/masthead.gif"} - * Output: - * @link http://smarty.php.net/manual/en/language.function.html.image.php {html_image} + * Examples: {html_image file="/images/masthead.gif"}
+ * Output:
+ * Params: + * 
+ * - file        - (required) - file (and path) of image
+ * - height      - (optional) - image height (default actual height)
+ * - width       - (optional) - image width (default actual width)
+ * - basedir     - (optional) - base directory for absolute paths, default is environment variable DOCUMENT_ROOT
+ * - path_prefix - prefix for path output (optional, default empty)
+ *
+ * + * @link http://www.smarty.net/manual/en/language.function.html.image.php {html_image} * (Smarty online manual) - * @author Monte Ohrt - * @author credits to Duda - wrote first image function - * in repository, helped with lots of functionality - * @version 1.0 - * @param array - * @param Smarty - * @return string + * @author Monte Ohrt + * @author credits to Duda + * @version 1.0 + * @param array $params parameters + * @param Smarty_Internal_Template $template template object + * @return string * @uses smarty_function_escape_special_chars() */ -function smarty_function_html_image($params, &$smarty) +function smarty_function_html_image($params, $template) { - require_once $smarty->_get_plugin_filepath('shared','escape_special_chars'); - + require_once(SMARTY_PLUGINS_DIR . 'shared.escape_special_chars.php'); + $alt = ''; $file = ''; $height = ''; @@ -46,10 +46,9 @@ function smarty_function_html_image($params, &$smarty) $prefix = ''; $suffix = ''; $path_prefix = ''; - $server_vars = ($smarty->request_use_auto_globals) ? $_SERVER : $GLOBALS['HTTP_SERVER_VARS']; - $basedir = isset($server_vars['DOCUMENT_ROOT']) ? $server_vars['DOCUMENT_ROOT'] : ''; + $basedir = isset($_SERVER['DOCUMENT_ROOT']) ? $_SERVER['DOCUMENT_ROOT'] : ''; foreach($params as $_key => $_val) { - switch($_key) { + switch ($_key) { case 'file': case 'height': case 'width': @@ -60,11 +59,11 @@ function smarty_function_html_image($params, &$smarty) break; case 'alt': - if(!is_array($_val)) { + if (!is_array($_val)) { $$_key = smarty_function_escape_special_chars($_val); } else { - $smarty->trigger_error("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE); - } + throw new SmartyException ("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE); + } break; case 'link': @@ -74,69 +73,87 @@ function smarty_function_html_image($params, &$smarty) break; default: - if(!is_array($_val)) { - $extra .= ' '.$_key.'="'.smarty_function_escape_special_chars($_val).'"'; + if (!is_array($_val)) { + $extra .= ' ' . $_key . '="' . smarty_function_escape_special_chars($_val) . '"'; } else { - $smarty->trigger_error("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE); - } + throw new SmartyException ("html_image: extra attribute '$_key' cannot be an array", E_USER_NOTICE); + } break; - } - } + } + } if (empty($file)) { - $smarty->trigger_error("html_image: missing 'file' parameter", E_USER_NOTICE); + trigger_error("html_image: missing 'file' parameter", E_USER_NOTICE); return; - } + } - if (substr($file,0,1) == '/') { + if ($file[0] == '/') { $_image_path = $basedir . $file; } else { $_image_path = $file; } - if(!isset($params['width']) || !isset($params['height'])) { - if(!$_image_data = @getimagesize($_image_path)) { - if(!file_exists($_image_path)) { - $smarty->trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE); + // strip file protocol + if (stripos($params['file'], 'file://') === 0) { + $params['file'] = substr($params['file'], 7); + } + + $protocol = strpos($params['file'], '://'); + if ($protocol !== false) { + $protocol = strtolower(substr($params['file'], 0, $protocol)); + } + + if (isset($template->smarty->security_policy)) { + if ($protocol) { + // remote resource (or php stream, …) + if(!$template->smarty->security_policy->isTrustedUri($params['file'])) { + return; + } + } else { + // local file + if(!$template->smarty->security_policy->isTrustedResourceDir($params['file'])) { + return; + } + } + } + + if (!isset($params['width']) || !isset($params['height'])) { + // FIXME: (rodneyrehm) getimagesize() loads the complete file off a remote resource, use custom [jpg,png,gif]header reader! + if (!$_image_data = @getimagesize($_image_path)) { + if (!file_exists($_image_path)) { + trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE); return; - } else if(!is_readable($_image_path)) { - $smarty->trigger_error("html_image: unable to read '$_image_path'", E_USER_NOTICE); + } else if (!is_readable($_image_path)) { + trigger_error("html_image: unable to read '$_image_path'", E_USER_NOTICE); return; } else { - $smarty->trigger_error("html_image: '$_image_path' is not a valid image file", E_USER_NOTICE); + trigger_error("html_image: '$_image_path' is not a valid image file", E_USER_NOTICE); return; - } + } } - if ($smarty->security && - ($_params = array('resource_type' => 'file', 'resource_name' => $_image_path)) && - (require_once(SMARTY_CORE_DIR . 'core.is_secure.php')) && - (!smarty_core_is_secure($_params, $smarty)) ) { - $smarty->trigger_error("html_image: (secure) '$_image_path' not in secure directory", E_USER_NOTICE); - } - - if(!isset($params['width'])) { + + if (!isset($params['width'])) { $width = $_image_data[0]; - } - if(!isset($params['height'])) { + } + if (!isset($params['height'])) { $height = $_image_data[1]; - } - - } + } + } - if(isset($params['dpi'])) { - if(strstr($server_vars['HTTP_USER_AGENT'], 'Mac')) { + if (isset($params['dpi'])) { + if (strstr($_SERVER['HTTP_USER_AGENT'], 'Mac')) { + // FIXME: (rodneyrehm) wrong dpi assumption + // don't know who thought this up… even if it was true in 1998, it's definitely wrong in 2011. $dpi_default = 72; } else { $dpi_default = 96; - } - $_resize = $dpi_default/$params['dpi']; + } + $_resize = $dpi_default / $params['dpi']; $width = round($width * $_resize); $height = round($height * $_resize); - } - - return $prefix . ''.$alt.'' . $suffix; -} + } -/* vim: set expandtab: */ + return $prefix . '' . $alt . '' . $suffix; +} -?> +?> \ No newline at end of file -- cgit v1.2.3