Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
JamesHeinrich committed Nov 24, 2022
2 parents af7e2b7 + b3dd953 commit f580578
Show file tree
Hide file tree
Showing 4 changed files with 113 additions and 8 deletions.
103 changes: 100 additions & 3 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# Composer lock yes or not (comment # uncomment)
composer.lock

phpThumbCacheIMcommandlineBase.txt
phpThumbCacheIMversion.txt
phpThumbCacheStats.txt
Expand Down Expand Up @@ -87,14 +90,12 @@ build/
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.log
*.scc

# Visual C++ cache files
Expand Down Expand Up @@ -212,7 +213,6 @@ $RECYCLE.BIN/
*.egg
*.egg-info
dist/
build/
eggs/
parts/
var/
Expand All @@ -232,3 +232,100 @@ pip-log.txt

#Mr Developer
.mr.developer.cfg

# A collection of .gitignore templates
# https://github.com/github/gitignore
/vendor/*
/config/app.php
/config/.env
/logs/*
/webroot/debug_kit

/config/Datasources/Win/in_sqlite.db

# Theme assets
/webroot/theme_*

# NetBeans IDE
nbproject/*
nbbuild/*
nbdist/*
nbactions.xml
nb-configuration.xml
.nb-gradle/*

# JetBrains IDE PhpStorm
.idea/
*.iws
.idea_modules/

# bower_components
*/bower_components/*
*.jshintrc
*.travis.yml
*.jscsrc
*.csslintrc
*.editorconfig
*.npmignore
*.eslintrc
*.csscomb.json

# Nodejs NPM & Logs
logs
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
node_modules/
jspm_packages/
# TypeScript v1 declaration files
typings/
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variables file
.env
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless
# FuseBox cache
.fusebox/

# OS generated files #
######################
.DS_Store?
._*
.Spotlight-V100
.Trashes
Icon?
10 changes: 9 additions & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,14 @@
"require": {
"php": ">=5.3.0"
},
"scripts": {
"post-autoload-dump": [
"composer run copy-config",
"composer run hsp-generate"
],
"copy-config": "php -r \"copy('phpThumb.config.php.default', 'phpThumb.config.php');\"",
"hsp-generate": "php -r \"$cf=file_get_contents('phpThumb.config.php');$cf=str_replace('__HSP_KEY__', base64_encode(bin2hex(random_bytes(22))), $cf);file_put_contents('phpThumb.config.php', $cf);\""
},
"suggest": {
"ext-gd": "PHP GD library",
"ext-imagick": "PHP ImageMagick"
Expand All @@ -25,4 +33,4 @@
"phpthumb.class.php"
]
}
}
}
2 changes: 1 addition & 1 deletion phpThumb.config.php.default
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ $PHPTHUMB_CONFIG['document_root'] = realpath((getenv('DOCUMENT_ROOT') && preg_ma
// * Security configuration
$PHPTHUMB_CONFIG['disable_debug'] = true; // DO NOT DISABLE THIS ON ANY PUBLIC-ACCESSIBLE SERVER. Prevents phpThumb from displaying any information about your system. If true, phpThumbDebug and error messages will be disabled. If set to false (debug messages enabled) then debug mode will be FORCED -- ONLY debug output will be presented, no actual thumbnail (to avoid accidentally leaving debug mode enabled on a production server)
$PHPTHUMB_CONFIG['high_security_enabled'] = true; // DO NOT DISABLE THIS ON ANY PUBLIC-ACCESSIBLE SERVER. If disabled, your server is more vulnerable to hacking attempts, both on your server and via your server to other servers. When enabled, requires 'high_security_password' set to be set and requires the use of phpThumbURL() function (at the bottom of phpThumb.config.php) to generate hashed URLs
$PHPTHUMB_CONFIG['high_security_password'] = ''; // required if 'high_security_enabled' is true, and must be at complex (uppercase, lowercase, numbers, punctuation, etc -- punctuation is strongest, lowercase is weakest; see PasswordStrength() in phpthumb.functions.php). You can use a password generator like http://silisoftware.com/tools/password-random.php to generate a strong password
$PHPTHUMB_CONFIG['high_security_password'] = '__HSP_KEY__'; // required if 'high_security_enabled' is true, and must be at complex (uppercase, lowercase, numbers, punctuation, etc -- punctuation is strongest, lowercase is weakest; see PasswordStrength() in phpthumb.functions.php). You can use a password generator like http://silisoftware.com/tools/password-random.php to generate a strong password

$PHPTHUMB_CONFIG['high_security_url_separator'] = '&'; // should almost always be left as '&'. Must be a single character. Do not change to '&' -- htmlspecialchars wrapped around phpThumbURL() takes care of this without breaking the hash
$PHPTHUMB_CONFIG['allow_src_above_docroot'] = false; // if false (default) only allow src within document_root; if true, allow src to be anywhere in filesystem
Expand Down
6 changes: 3 additions & 3 deletions phpthumb.gif.php
Original file line number Diff line number Diff line change
Expand Up @@ -1093,9 +1093,9 @@ public function getGD_PixelPlotterVersion()
for ($i = 0; $i < $NumColorsInPal; $i++) {
$ThisImageColor[$i] = imagecolorallocate(
$PlottingIMG,
ord($pal{($i * 3) + 0}),
ord($pal{($i * 3) + 1}),
ord($pal{($i * 3) + 2}));
ord($pal[($i * 3) + 0]),
ord($pal[($i * 3) + 1]),
ord($pal[($i * 3) + 2]));
}

// PREPARE BITMAP BITS
Expand Down

0 comments on commit f580578

Please sign in to comment.