if (! is_file($newImgFile))
{
- $img = imagecreatefromjpeg($imgFile);
+ $ext = strtolower(substr($imgFile, -4));
+ if ($ext == ".jpg")
+ $img = imagecreatefromjpeg($imgFile);
+ else
+ $img = imagecreatefrompng($imgFile);
$w = imagesx($img);
$h = imagesy($img);
imagecopyresampled($newImg, $img, 0, 0, 0, 0, $newW, $newH, $w, $h);
- imagejpeg($newImg, $newImgFile);
+ if ($ext == ".jpg")
+ imagejpeg($newImg, $newImgFile);
+ else
+ imagepng($newImg, $newImgFile);
imagedestroy($img);
imagedestroy($newImg);
function getAlbumPreview($dir)
{
foreach (scandir($dir) as $file) if ($file != '.' and $file != '..') {
- if (strtolower(substr($file, -4)) == ".jpg")
+ $ext = strtolower(substr($file, -4));
+ if ($ext == ".jpg" or $ext == ".png")
return getPreview("$dir/$file");
}
return '';
}
-$scriptUrlPath = substr($_SERVER["SCRIPT_NAME"], 0, -4); // trim .php
+$scriptUrlPath = $_SERVER["SCRIPT_NAME"];
// if url == http://localhost/photos/index/toto/titi, path_info == /toto/titi
// if url == http://localhost/photos/index, path_info is not set
$shortPath = $_SERVER["PATH_INFO"];
if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
$folders = array();
$imageFiles = array();
else
{
$ext = strtolower(substr($file, -4));
- if ($ext == ".jpg")
- $imageFiles[] = array( "name" => $file, "url" => getPreview("$realDir/$file"), "link" => dirname($scriptUrlPath)."/view/$shortPath/$file" );
+ if ($ext == ".jpg" or $ext == ".png")
+ $imageFiles[] = array( "name" => $file, "url" => getPreview("$realDir/$file"), "link" => dirname($scriptUrlPath)."/view.php$shortPath/$file" );
else
$otherFiles[] = array( "name" => $file, "link" => dirname($scriptUrlPath)."/$realDir/$file" );
}
projects / bizou.git / blobdiff