Re: Image Rotation Script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 15 Oct 2011, at 15:50, dev@xxxxxxxx wrote:

> We have a simple script which rotates and image to a random value, saves
> it to a cache directory and displays it. For some reason when I move the
> script from a Debian box over to the production CentOS machine, it no
> longer caches any of the images. the rest works, but not the cache. If you
> could look at it and see if anything jumps out at you, please let me know.
> 
> install the code below to the directory /angles
> 
> 
> .htaccess:
> RewriteEngine on
> RewriteRule ^rotate_(\d+)(?:_(?:\d+))?.png$ rotate.php?im=$1
> 
> rotate.php:
> <?php
> // Setup
> if(isset($_GET['im']) && file_exists($_GET['im'].'.png')) {
> header('Content-type: image/png');
> $im = $_GET['im'].'.png';
> $degrees = rand(0, 360);
> $save = 'cache/'.$_GET['im'].'_'.$degrees.'.png';
> if(!file_exists($save)) {
> // Rotate via "command line" and cache it
> exec('convert '.$im.' -filter \'Lanczos\' -resize \'150x150\' -rotate
> '.$degrees.' -black-threshold 40% '.$save, $out);
> }
> // Output out (newly?) cached file
> echo file_get_contents($save);
> } else {
> die("Image not found");
> }
> ?>
> 
> Use it by url:
> http://www.servername.com/angles/rotate_019.png
> Each time you reload page the angle should rotate to a new position.

My first thought was that the current working directory is probably set differently. However, you say that the script works and presents the rotated images, it's just the cache that isn't right. I still think I'm probably correct, so try these changes...

> $im = dirname(__FILE__).'/'.$_GET['im'].'.png';


and...

> $save = dirname(__FILE__).'/cache/'.$_GET['im'].'_'.$degrees.'.png';

You also have a pretty major hole here because you're taking a querystring parameter and putting it straight into a command line. What happens if I pass the value of $_GET['im'] as "../../../../../../../../../../../etc/passwd" ? Use escapeshellarg when putting variables into command lines to protect against this type of hack.

-Stuart

-- 
Stuart Dallas
3ft9 Ltd
http://3ft9.com/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux