WordPress.org
Get WordPress

Plugin Directory

Changeset 2990259


Ignore:
Timestamp:
11/06/2023 10:11:46 PM (2 years ago)
Author:
ctltwp
Message:

XSS vulnerability fix

File:
1 edited

Legend:

Unmodified
Added
Removed

  • user-avatar/trunk/user-avatar-pic.php

    r537421 r2990259  
    44 * Based on work done by Tim McDaniels and Darren Hoyt
    55 * http://code.google.com/p/timthumb/
    6  * 
     6 *
    77 * GNU General Public License, version 2
    88 * http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
     
    1010 * Examples and documentation available on the project homepage
    1111 * http://www.binarymoon.co.uk/projects/timthumb/
    12  * 
     12 *
    1313 * $Rev$
    1414 */
     
    2121 * everytime you download a new version
    2222*/
    23 define ('VERSION', '2.8.10');                                                                       // Version of this script
     23define ('VERSION', '2.8.13');                                                                       // Version of this script
    2424//Load a config file if it exists. Otherwise, use the values below
    2525if( file_exists(dirname(__FILE__) . '/timthumb-config.php'))    require_once('timthumb-config.php');
     
    2828if(! defined('MEMORY_LIMIT') )              define ('MEMORY_LIMIT', '30M');                         // Set PHP memory limit
    2929if(! defined('BLOCK_EXTERNAL_LEECHERS') )   define ('BLOCK_EXTERNAL_LEECHERS', false);              // If the image or webshot is being loaded on an external site, display a red "No Hotlinking" gif.
    30 
     30if(! defined('DISPLAY_ERROR_MESSAGES') )    define ('DISPLAY_ERROR_MESSAGES', true);                // Display error messages. Set to false to turn off errors (good for production websites)
    3131//Image fetching and caching
    3232if(! defined('ALLOW_EXTERNAL') )            define ('ALLOW_EXTERNAL', TRUE);                        // Allow image fetching from external websites. Will check against ALLOWED_SITES if ALLOW_ALL_EXTERNAL_SITES is false
    33 if(! defined('ALLOW_ALL_EXTERNAL_SITES') )  define ('ALLOW_ALL_EXTERNAL_SITES', false);             // Less secure. 
     33if(! defined('ALLOW_ALL_EXTERNAL_SITES') )  define ('ALLOW_ALL_EXTERNAL_SITES', false);             // Less secure.
    3434if(! defined('FILE_CACHE_ENABLED') )        define ('FILE_CACHE_ENABLED', TRUE);                    // Should we store resized/modified images on disk to speed things up?
    35 if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400);   // How often the cache is cleaned 
     35if(! defined('FILE_CACHE_TIME_BETWEEN_CLEANS')) define ('FILE_CACHE_TIME_BETWEEN_CLEANS', 86400);   // How often the cache is cleaned
    3636
    3737if(! defined('FILE_CACHE_MAX_FILE_AGE') )   define ('FILE_CACHE_MAX_FILE_AGE', 86400);              // How old does a file have to be to be deleted from the cache
     
    3939if(! defined('FILE_CACHE_PREFIX') )         define ('FILE_CACHE_PREFIX', 'timthumb');               // What to put at the beg of all files in the cache directory so we can identify them
    4040if(! defined('FILE_CACHE_DIRECTORY') )      define ('FILE_CACHE_DIRECTORY', './cache');             // Directory where images are cached. Left blank it will use the system temporary directory (which is better for security)
    41 if(! defined('MAX_FILE_SIZE') )             define ('MAX_FILE_SIZE', 10485760);                     // 10 Megs is 10485760. This is the max internal or external file size that we'll process. 
     41if(! defined('MAX_FILE_SIZE') )             define ('MAX_FILE_SIZE', 10485760);                     // 10 Megs is 10485760. This is the max internal or external file size that we'll process.
    4242if(! defined('CURL_TIMEOUT') )              define ('CURL_TIMEOUT', 20);                            // Timeout duration for Curl. This only applies if you have Curl installed and aren't using PHP's default URL fetching mechanism.
    43 if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600);             //Time to wait between errors fetching remote file
     43if(! defined('WAIT_BETWEEN_FETCH_ERRORS') ) define ('WAIT_BETWEEN_FETCH_ERRORS', 3600);             // Time to wait between errors fetching remote file
    4444
    4545//Browser caching
     
    4848
    4949//Image size and defaults
    50 if(! defined('MAX_WIDTH') )             define ('MAX_WIDTH', 1500);                                 // Maximum image width
    51 if(! defined('MAX_HEIGHT') )            define ('MAX_HEIGHT', 1500);                                // Maximum image height
    52 if(! defined('NOT_FOUND_IMAGE') )       define ('NOT_FOUND_IMAGE', '');                             // Image to serve if any 404 occurs
    53 if(! defined('ERROR_IMAGE') )           define ('ERROR_IMAGE', '');                                 // Image to serve if an error occurs instead of showing error message
    54 if(! defined('PNG_IS_TRANSPARENT') )    define ('PNG_IS_TRANSPARENT', FALSE);  //42 Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour
    55 if(! defined('DEFAULT_Q') )             define ('DEFAULT_Q', 90);                                   // Default image quality. Allows overrid in timthumb-config.php
    56 if(! defined('DEFAULT_ZC') )            define ('DEFAULT_ZC', 1);                                   // Default zoom/crop setting. Allows overrid in timthumb-config.php
    57 if(! defined('DEFAULT_F') )             define ('DEFAULT_F', '');                                   // Default image filters. Allows overrid in timthumb-config.php
    58 if(! defined('DEFAULT_S') )             define ('DEFAULT_S', 0);                                    // Default sharpen value. Allows overrid in timthumb-config.php
    59 if(! defined('DEFAULT_CC') )            define ('DEFAULT_CC', 'ffffff');                            // Default canvas colour. Allows overrid in timthumb-config.php
    60 
     50if(! defined('MAX_WIDTH') )                 define ('MAX_WIDTH', 1500);                             // Maximum image width
     51if(! defined('MAX_HEIGHT') )                define ('MAX_HEIGHT', 1500);                            // Maximum image height
     52if(! defined('NOT_FOUND_IMAGE') )           define ('NOT_FOUND_IMAGE', '');                         // Image to serve if any 404 occurs
     53if(! defined('ERROR_IMAGE') )               define ('ERROR_IMAGE', '');                             // Image to serve if an error occurs instead of showing error message
     54if(! defined('PNG_IS_TRANSPARENT') )        define ('PNG_IS_TRANSPARENT', FALSE);                   // Define if a png image should have a transparent background color. Use False value if you want to display a custom coloured canvas_colour
     55if(! defined('DEFAULT_Q') )                 define ('DEFAULT_Q', 90);                               // Default image quality. Allows overrid in timthumb-config.php
     56if(! defined('DEFAULT_ZC') )                define ('DEFAULT_ZC', 1);                               // Default zoom/crop setting. Allows overrid in timthumb-config.php
     57if(! defined('DEFAULT_F') )                 define ('DEFAULT_F', '');                               // Default image filters. Allows overrid in timthumb-config.php
     58if(! defined('DEFAULT_S') )                 define ('DEFAULT_S', 0);                                // Default sharpen value. Allows overrid in timthumb-config.php
     59if(! defined('DEFAULT_CC') )                define ('DEFAULT_CC', 'ffffff');                        // Default canvas colour. Allows overrid in timthumb-config.php
     60if(! defined('DEFAULT_WIDTH') )             define ('DEFAULT_WIDTH', 100);                          // Default thumbnail width. Allows overrid in timthumb-config.php
     61if(! defined('DEFAULT_HEIGHT') )            define ('DEFAULT_HEIGHT', 100);                         // Default thumbnail height. Allows overrid in timthumb-config.php
     62
     63/**
     64 * Additional Parameters:
     65 * LOCAL_FILE_BASE_DIRECTORY = Override the DOCUMENT_ROOT. This is best used in timthumb-config.php
     66 */
    6167
    6268//Image compression is enabled if either of these point to valid paths
    6369
    64 //These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate. 
     70//These are now disabled by default because the file sizes of PNGs (and GIFs) are much smaller than we used to generate.
    6571//They only work for PNGs. GIFs and JPEGs are not affected.
    66 if(! defined('OPTIPNG_ENABLED') )       define ('OPTIPNG_ENABLED', false); 
    67 if(! defined('OPTIPNG_PATH') )          define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush. 
    68 if(! defined('PNGCRUSH_ENABLED') )      define ('PNGCRUSH_ENABLED', false); 
     72if(! defined('OPTIPNG_ENABLED') )       define ('OPTIPNG_ENABLED', false);
     73if(! defined('OPTIPNG_PATH') )          define ('OPTIPNG_PATH', '/usr/bin/optipng'); //This will run first because it gives better compression than pngcrush.
     74if(! defined('PNGCRUSH_ENABLED') )      define ('PNGCRUSH_ENABLED', false);
    6975if(! defined('PNGCRUSH_PATH') )         define ('PNGCRUSH_PATH', '/usr/bin/pngcrush'); //This will only run if OPTIPNG_PATH is not set or is not valid
    7076
    7177/*
    7278    -------====Website Screenshots configuration - BETA====-------
    73    
    74     If you just want image thumbnails and don't want website screenshots, you can safely leave this as is. 
    75    
     79
     80    If you just want image thumbnails and don't want website screenshots, you can safely leave this as is.
     81
    7682    If you would like to get website screenshots set up, you will need root access to your own server.
    7783
     
    9298    10. http://yoursite.com/path/to/timthumb.php?src=http://markmaunder.com/&webshot=1
    9399
    94     Notes on performance: 
     100    Notes on performance:
    95101    The first time a webshot loads, it will take a few seconds.
    96102    From then on it uses the regular timthumb caching mechanism with the configurable options above
     
    100106    If you'd like a slight speedup (about 25%) and you know Linux, you can run the following command which will keep Xvfb running in the background.
    101107    nohup Xvfb :100 -ac -nolisten tcp -screen 0, 1024x768x24 > /dev/null 2>&1 &
    102     Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated. 
     108    Then set WEBSHOT_XVFB_RUNNING = true below. This will save your server having to fire off a new Xvfb server and shut it down every time a new shot is generated.
    103109    You will need to take responsibility for keeping Xvfb running in case it crashes. (It seems pretty stable)
    104     You will also need to take responsibility for server security if you're running Xvfb as root. 
     110    You will also need to take responsibility for server security if you're running Xvfb as root.
    105111
    106112
    107113*/
    108114if(! defined('WEBSHOT_ENABLED') )   define ('WEBSHOT_ENABLED', false);          //Beta feature. Adding webshot=1 to your query string will cause the script to return a browser screenshot rather than try to fetch an image.
    109 if(! defined('WEBSHOT_CUTYCAPT') )  define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt. 
     115if(! defined('WEBSHOT_CUTYCAPT') )  define ('WEBSHOT_CUTYCAPT', '/usr/local/bin/CutyCapt'); //The path to CutyCapt.
    110116if(! defined('WEBSHOT_XVFB') )      define ('WEBSHOT_XVFB', '/usr/bin/xvfb-run');       //The path to the Xvfb server
    111117if(! defined('WEBSHOT_SCREEN_X') )  define ('WEBSHOT_SCREEN_X', '1024');            //1024 works ok
     
    118124if(! defined('WEBSHOT_JAVA_ON') )   define ('WEBSHOT_JAVA_ON', false);          //Have only tested this as fase
    119125if(! defined('WEBSHOT_PLUGINS_ON') )    define ('WEBSHOT_PLUGINS_ON', true);            //Enable flash and other plugins
    120 if(! defined('WEBSHOT_PROXY') )     define ('WEBSHOT_PROXY', '');               //In case you're behind a proxy server. 
     126if(! defined('WEBSHOT_PROXY') )     define ('WEBSHOT_PROXY', '');               //In case you're behind a proxy server.
    121127if(! defined('WEBSHOT_XVFB_RUNNING') )  define ('WEBSHOT_XVFB_RUNNING', false);         //ADVANCED: Enable this if you've got Xvfb running in the background.
    122128
    123129
    124 // If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains. 
     130// If ALLOW_EXTERNAL is true and ALLOW_ALL_EXTERNAL_SITES is false, then external images will only be fetched from these domains and their subdomains.
    125131if(! isset($ALLOWED_SITES)){
    126132    $ALLOWED_SITES = array (
     
    198204            }
    199205            $this->cacheDirectory = FILE_CACHE_DIRECTORY;
    200             if (!touch($this->cacheDirectory . '/index.html')) {
     206            if ( ! is_writable( $this->cacheDirectory . '/index.html' ) || ! touch( $this->cacheDirectory . '/index.html' ) ) {
    201207                $this->error("Could not create the index.html file - to fix this create an empty file named index.html file in the cache directory.");
    202208            }
     
    204210            $this->cacheDirectory = sys_get_temp_dir();
    205211        }
    206         //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image. 
     212        //Clean the cache before we do anything because we don't want the first visitor after FILE_CACHE_TIME_BETWEEN_CLEANS expires to get a stale image.
    207213        $this->cleanCache();
    208        
     214
    209215        $this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
    210216        $this->src = $this->param('src');
    211217        $this->url = parse_url($this->src);
    212218        $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);
    213        
     219
    214220        if(strlen($this->src) <= 3){
    215221            $this->error("No image specified");
     
    221227            $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");
    222228            header('Content-Type: image/gif');
    223             header('Content-Length: ' . sizeof($imgData));
     229            header('Content-Length: ' . strlen($imgData));
    224230            header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
    225231            header("Pragma: no-cache");
     
    312318    }
    313319    protected function handleErrors(){
    314         if($this->haveErrors()){ 
     320        if($this->haveErrors()){
    315321            if(NOT_FOUND_IMAGE && $this->is404()){
    316322                if($this->serveImg(NOT_FOUND_IMAGE)){
     
    327333                }
    328334            }
    329             $this->serveErrors(); 
    330             exit(0); 
     335            $this->serveErrors();
     336            exit(0);
    331337        }
    332338        return false;
     
    386392                        $this->set404();
    387393                        $this->error("An error occured fetching image.");
    388                         return false; 
     394                        return false;
    389395                    }
    390396                }
     
    417423    protected function serveErrors(){
    418424        header ($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
     425        if ( ! DISPLAY_ERROR_MESSAGES ) {
     426            return;
     427        }
    419428        $html = '<ul>';
    420429        foreach($this->errors as $err){
     
    423432        $html .= '</ul>';
    424433        echo '<h1>A TimThumb error has occured</h1>The following error(s) occured:<br />' . $html . '<br />';
    425         echo '<br />Query String : ' . htmlentities ($_SERVER['QUERY_STRING']);
     434        echo '<br />Query String : ' . htmlentities( $_SERVER['QUERY_STRING'], ENT_QUOTES );
    426435        echo '<br />TimThumb version : ' . VERSION . '</pre>';
    427436    }
     
    445454            $this->serveCacheFile();
    446455            return true;
    447         } else { 
     456        } else {
    448457            return false;
    449458        }
     
    455464        $this->debug(3, "cleanCache() called");
    456465        $lastCleanFile = $this->cacheDirectory . '/timthumb_cacheLastCleanTime.touch';
    457        
     466
    458467        //If this is a new timthumb installation we need to create the file
    459468        if(! is_file($lastCleanFile)){
     
    467476            $this->debug(1, "Cache was last cleaned more than " . FILE_CACHE_TIME_BETWEEN_CLEANS . " seconds ago. Cleaning now.");
    468477            // Very slight race condition here, but worst case we'll have 2 or 3 servers cleaning the cache simultaneously once a day.
    469             if (!touch($lastCleanFile)) {
     478            if ( ! is_writable( $lastCleanFile ) || ! touch( $lastCleanFile ) ) {
    470479                $this->error("Could not create cache clean timestamp file.");
    471480            }
     
    516525        }
    517526
    518         // get standard input properties       
     527        // get standard input properties
    519528        $new_width =  (int) abs ($this->param('w', 0));
    520529        $new_height = (int) abs ($this->param('h', 0));
     
    529538        // set default width and height if neither are set already
    530539        if ($new_width == 0 && $new_height == 0) {
    531             $new_width = 100;
    532             $new_height = 100;
     540            $new_width = (int) DEFAULT_WIDTH;
     541            $new_height = (int) DEFAULT_HEIGHT;
    533542        }
    534543
     
    577586
    578587        if (strlen($canvas_color) == 3) { //if is 3-char notation, edit string into 6-char notation
    579             $canvas_color =  str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2); 
     588            $canvas_color =  str_repeat(substr($canvas_color, 0, 1), 2) . str_repeat(substr($canvas_color, 1, 1), 2) . str_repeat(substr($canvas_color, 2, 1), 2);
    580589        } else if (strlen($canvas_color) != 6) {
    581590            $canvas_color = DEFAULT_CC; // on error return default canvas color
     
    587596
    588597        // Create a new transparent color for image
    589         // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency 
     598        // If is a png and PNG_IS_TRANSPARENT is false then remove the alpha transparency
    590599        // (and if is set a canvas color show it in the background)
    591         if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){ 
    592             $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);     
     600        if(preg_match('/^image\/png$/i', $mimeType) && !PNG_IS_TRANSPARENT && $canvas_trans){
     601            $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 127);
    593602        }else{
    594603            $color = imagecolorallocatealpha ($canvas, $canvas_color_R, $canvas_color_G, $canvas_color_B, 0);
     
    740749        $imgType = "";
    741750        $tempfile = tempnam($this->cacheDirectory, 'timthumb_tmpimg_');
    742         if(preg_match('/^image\/(?:jpg|jpeg)$/i', $mimeType)){ 
     751        if(preg_match('/^image\/(?:jpg|jpeg)$/i', $mimeType)){
    743752            $imgType = 'jpg';
    744             imagejpeg($canvas, $tempfile, $quality); 
    745         } else if(preg_match('/^image\/png$/i', $mimeType)){ 
     753            imagejpeg($canvas, $tempfile, $quality);
     754        } else if(preg_match('/^image\/png$/i', $mimeType)){
    746755            $imgType = 'png';
    747756            imagepng($canvas, $tempfile, floor($quality * 0.09));
     
    795804        $context = stream_context_create ();
    796805        $fp = fopen($tempfile,'r',0,$context);
    797         file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type 
     806        file_put_contents($tempfile4, $this->filePrependSecurityBlock . $imgType . ' ?' . '>'); //6 extra bytes, first 3 being image type
    798807        file_put_contents($tempfile4, $fp, FILE_APPEND);
    799808        fclose($fp);
     
    825834        $docRoot = @$_SERVER['DOCUMENT_ROOT'];
    826835        if (defined('LOCAL_FILE_BASE_DIRECTORY')) {
    827             $docRoot = LOCAL_FILE_BASE_DIRECTORY;   
    828         }
    829         if(!isset($docRoot)){ 
     836            $docRoot = LOCAL_FILE_BASE_DIRECTORY;
     837        }
     838        if(!isset($docRoot)){
    830839            $this->debug(3, "DOCUMENT_ROOT is not set. This is probably windows. Starting search 1.");
    831840            if(isset($_SERVER['SCRIPT_FILENAME'])){
    832841                $docRoot = str_replace( '\\', '/', substr($_SERVER['SCRIPT_FILENAME'], 0, 0-strlen($_SERVER['PHP_SELF'])));
    833842                $this->debug(3, "Generated docRoot using SCRIPT_FILENAME and PHP_SELF as: $docRoot");
    834             } 
    835         }
    836         if(!isset($docRoot)){ 
     843            }
     844        }
     845        if(!isset($docRoot)){
    837846            $this->debug(3, "DOCUMENT_ROOT still is not set. Starting search 2.");
    838847            if(isset($_SERVER['PATH_TRANSLATED'])){
    839848                $docRoot = str_replace( '\\', '/', substr(str_replace('\\\\', '\\', $_SERVER['PATH_TRANSLATED']), 0, 0-strlen($_SERVER['PHP_SELF'])));
    840849                $this->debug(3, "Generated docRoot using PATH_TRANSLATED and PHP_SELF as: $docRoot");
    841             } 
     850            }
    842851        }
    843852        if($docRoot && $_SERVER['DOCUMENT_ROOT'] != '/'){ $docRoot = preg_replace('/\/$/', '', $docRoot); }
     
    856865            }
    857866            return $this->error("Could not find your website document root and the file specified doesn't exist in timthumbs directory. We don't support serving files outside timthumb's directory without a document root for security reasons.");
    858         } //Do not go past this point without docRoot set
     867        } else if ( ! is_dir( $this->docRoot ) ) {
     868            $this->error("Server path does not exist. Ensure variable \$_SERVER['DOCUMENT_ROOT'] is set correctly");
     869        }
     870
     871        //Do not go past this point without docRoot set
    859872
    860873        //Try src under docRoot
     
    881894            }
    882895        }
    883        
     896
    884897        $base = $this->docRoot;
    885        
     898
    886899        // account for Windows directory structure
    887900        if (strstr($_SERVER['SCRIPT_FILENAME'],':')) {
     
    948961        }
    949962        $url = preg_replace('/[^A-Za-z0-9\-\.\_\~:\/\?\#\[\]\@\!\$\&\'\(\)\*\+\,\;\=]+/', '', $url); //RFC 3986
    950         //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC 
    951         // which AFAIKT can't be used for shell injection. 
     963        //Very important we don't allow injection of shell commands here. URL is between quotes and we are only allowing through chars allowed by a the RFC
     964        // which AFAIKT can't be used for shell injection.
    952965        if(WEBSHOT_XVFB_RUNNING){
    953966            putenv('DISPLAY=:100.0');
     
    9931006            @unlink($this->cachefile);
    9941007            touch($this->cachefile);
    995             $this->error("The remote file is not a valid image.");
     1008            $this->error("The remote file is not a valid image. Mimetype = '" . $mimeType . "'" . $tempfile);
    9961009            return false;
    9971010        }
     
    10881101            case 'image/png':
    10891102                $image = imagecreatefrompng ($src);
     1103                imagealphablending( $image, true );
     1104                imagesavealpha( $image, true );
    10901105                break;
    10911106
     
    10931108                $image = imagecreatefromgif ($src);
    10941109                break;
    1095            
     1110
    10961111            default:
    10971112                $this->error("Unrecognised mimeType");
     
    11041119        $ff = @$_SERVER["HTTP_X_FORWARDED_FOR"];
    11051120        $ci = @$_SERVER["HTTP_CLIENT_IP"];
    1106         if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){ 
     1121        if(preg_match('/^(?:192\.168|172\.16|10\.|127\.)/', $rem)){
    11071122            if($ff){ return $ff; }
    11081123            if($ci){ return $ci; }
     
    11561171        }
    11571172    }
     1173
    11581174    protected function getURL($url, $tempfile){
    11591175        $this->lastURLError = false;
     
    11771193            @curl_setopt ($curl, CURLOPT_FOLLOWLOCATION, true);
    11781194            @curl_setopt ($curl, CURLOPT_MAXREDIRS, 10);
    1179            
     1195
    11801196            $curlResult = curl_exec($curl);
    11811197            fclose(self::$curlFH);
     
    11831199            if($httpStatus == 404){
    11841200                $this->set404();
     1201            }
     1202            if($httpStatus == 302){
     1203                $this->error("External Image is Redirecting. Try alternate image url");
     1204                return false;
    11851205            }
    11861206            if($curlResult){
Note: See TracChangeset for help on using the changeset viewer.