mirrors/EasyImages2.0
1
0
Fork 0
mirror of https://github.com/icret/EasyImages2.0.git synced 2025-12-13 11:43:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

v2.6.8

Browse Source 
- 上传组件支持到 PHP 8.2
- 修复下载任意文件漏洞 [#75](https://github.com/icret/EasyImages2.0/issues/75)
- 增加自定义底部信息
- 增加自定义管理提示
- 增加图床模式
  - 危险:除图片外不验证文件是否正常,也代表可以上传任意指定格式!
- 增加上传时生成缩略图(仅设置直链缩略图时生效),低配vps负载较大,影响前端上传速度!
- 其他一些优化
This commit is contained in:
icret
2022-12-30 02:58:26 +08:00
committed by GitHub
parent 4fae3bd291
commit cbaf3a30ae
22 changed files with 1307 additions and 1429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
application/class.upload.php
View File

@@ -500,6 +500,14 @@ class Upload {
*/
var $file_max_size;
/**
* Max file size, from php.ini
*
* @access private
* @var double
*/
var $file_max_size_raw;
/**
* Set this variable to true to resize the file if it is an image
*
@@ -2109,7 +2117,7 @@ class Upload {
*/
function upload($file, $lang = 'en_GB') {
$this->version = '13/06/2022';
$this->version = '30/08/2022';
$this->file_src_name = '';
$this->file_src_name_body = '';
@@ -2926,6 +2934,7 @@ class Upload {
* @return resource Container image
*/
function imagecreatenew($x, $y, $fill = true, $trsp = false) {
$x = (int) $x; $y = (int) $y;
if ($x < 1) $x = 1; if ($y < 1) $y = 1;
if ($this->gdversion() >= 2 && !$this->image_is_palette) {
// create a true color image
@@ -3913,6 +3922,8 @@ class Upload {
// resize the image
if ($this->image_dst_x != $this->image_src_x || $this->image_dst_y != $this->image_src_y) {
$this->image_dst_x = (int) $this->image_dst_x;
$this->image_dst_y = (int) $this->image_dst_y;
$tmp = $this->imagecreatenew($this->image_dst_x, $this->image_dst_y);
if ($gd_version >= 2) {
@@ -4077,8 +4088,9 @@ class Upload {
$p_new['red'] = (abs($p_orig['red'] - $p_blur['red']) >= $this->image_unsharp_threshold) ? max(0, min(255, ($this->image_unsharp_amount * ($p_orig['red'] - $p_blur['red'])) + $p_orig['red'])) : $p_orig['red'];
$p_new['green'] = (abs($p_orig['green'] - $p_blur['green']) >= $this->image_unsharp_threshold) ? max(0, min(255, ($this->image_unsharp_amount * ($p_orig['green'] - $p_blur['green'])) + $p_orig['green'])) : $p_orig['green'];
$p_new['blue'] = (abs($p_orig['blue'] - $p_blur['blue']) >= $this->image_unsharp_threshold) ? max(0, min(255, ($this->image_unsharp_amount * ($p_orig['blue'] - $p_blur['blue'])) + $p_orig['blue'])) : $p_orig['blue'];
$p_new['alpha'] = max(-127, min(127, $p_orig['alpha']));
if (($p_orig['red'] != $p_new['red']) || ($p_orig['green'] != $p_new['green']) || ($p_orig['blue'] != $p_new['blue'])) {
$color = imagecolorallocatealpha($image_dst, $p_new['red'], $p_new['green'], $p_new['blue'], $p_orig['alpha']);
$color = imagecolorallocatealpha($image_dst, (int) $p_new['red'], (int) $p_new['green'], (int) $p_new['blue'], (int) $p_new['alpha']);
imagesetpixel($image_dst, $x, $y, $color);
}
}
@@ -4094,7 +4106,8 @@ class Upload {
if ($p_new['green']>255) { $p_new['green']=255; } elseif ($p_new['green']<0) { $p_new['green']=0; }
$p_new['blue'] = ($this->image_unsharp_amount * ($p_orig['blue'] - $p_blur['blue'])) + $p_orig['blue'];
if ($p_new['blue']>255) { $p_new['blue']=255; } elseif ($p_new['blue']<0) { $p_new['blue']=0; }
$color = imagecolorallocatealpha($image_dst, $p_new['red'], $p_new['green'], $p_new['blue'], $p_orig['alpha']);
$p_new['alpha'] = round(max(-127, min(127, $p_orig['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $p_new['red'], (int) $p_new['green'], (int) $p_new['blue'], (int) $p_new['alpha']);
imagesetpixel($image_dst, $x, $y, $color);
}
}
@@ -4125,7 +4138,8 @@ class Upload {
if ($this->image_greyscale) {
$pixel = imagecolorsforindex($image_dst, imagecolorat($image_dst, $x, $y));
$r = $g = $b = round((0.2125 * $pixel['red']) + (0.7154 * $pixel['green']) + (0.0721 * $pixel['blue']));
$color = imagecolorallocatealpha($image_dst, $r, $g, $b, $pixel['alpha']);
$alpha = round(max(-127, min(127, $pixel['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $r, (int) $g, (int) $b, (int) $alpha);
imagesetpixel($image_dst, $x, $y, $color);
unset($color); unset($pixel);
}
@@ -4133,7 +4147,8 @@ class Upload {
$pixel = imagecolorsforindex($image_dst, imagecolorat($image_dst, $x, $y));
$c = (round($pixel['red'] + $pixel['green'] + $pixel['blue']) / 3) - 127;
$r = $g = $b = ($c > $this->image_threshold ? 255 : 0);
$color = imagecolorallocatealpha($image_dst, $r, $g, $b, $pixel['alpha']);
$alpha = round(max(-127, min(127, $pixel['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $r, (int) $g, (int) $b, (int) $alpha);
imagesetpixel($image_dst, $x, $y, $color);
unset($color); unset($pixel);
}
@@ -4142,7 +4157,8 @@ class Upload {
$r = max(min(round($pixel['red'] + (($this->image_brightness * 2))), 255), 0);
$g = max(min(round($pixel['green'] + (($this->image_brightness * 2))), 255), 0);
$b = max(min(round($pixel['blue'] + (($this->image_brightness * 2))), 255), 0);
$color = imagecolorallocatealpha($image_dst, $r, $g, $b, $pixel['alpha']);
$alpha = round(max(-127, min(127, $pixel['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $r, (int) $g, (int) $b, (int) $alpha);
imagesetpixel($image_dst, $x, $y, $color);
unset($color); unset($pixel);
}
@@ -4151,7 +4167,8 @@ class Upload {
$r = max(min(round(($this->image_contrast + 128) * $pixel['red'] / 128), 255), 0);
$g = max(min(round(($this->image_contrast + 128) * $pixel['green'] / 128), 255), 0);
$b = max(min(round(($this->image_contrast + 128) * $pixel['blue'] / 128), 255), 0);
$color = imagecolorallocatealpha($image_dst, $r, $g, $b, $pixel['alpha']);
$alpha = round(max(-127, min(127, $pixel['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $r, (int) $g, (int) $b, (int) $alpha);
imagesetpixel($image_dst, $x, $y, $color);
unset($color); unset($pixel);
}
@@ -4160,7 +4177,8 @@ class Upload {
$r = min(round($tint_red * $pixel['red'] / 169), 255);
$g = min(round($tint_green * $pixel['green'] / 169), 255);
$b = min(round($tint_blue * $pixel['blue'] / 169), 255);
$color = imagecolorallocatealpha($image_dst, $r, $g, $b, $pixel['alpha']);
$alpha = round(max(-127, min(127, $pixel['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $r, (int) $g, (int) $b, (int) $alpha);
imagesetpixel($image_dst, $x, $y, $color);
unset($color); unset($pixel);
}
@@ -4169,7 +4187,8 @@ class Upload {
$r = round(255 - $pixel['red']);
$g = round(255 - $pixel['green']);
$b = round(255 - $pixel['blue']);
$color = imagecolorallocatealpha($image_dst, $r, $g, $b, $pixel['alpha']);
$alpha = round(max(-127, min(127, $pixel['alpha'])));
$color = imagecolorallocatealpha($image_dst, (int) $r, (int) $g, (int) $b, (int) $alpha);
imagesetpixel($image_dst, $x, $y, $color);
unset($color); unset($pixel);
}
@@ -4330,7 +4349,7 @@ class Upload {
// add watermark image
if ($this->image_watermark!='' && file_exists($this->image_watermark)) {
$this->log .= '- add watermark<br />';
$this->image_watermark_position = strtolower($this->image_watermark_position);
$this->image_watermark_position = strtolower((string) $this->image_watermark_position);
$watermark_info = getimagesize($this->image_watermark);
$watermark_type = (array_key_exists(2, $watermark_info) ? $watermark_info[2] : null); // 1 = GIF, 2 = JPG, 3 = PNG
$watermark_checked = false;
@@ -4404,8 +4423,8 @@ class Upload {
// if watermark is too large/tall, resize it first
if ((!$this->image_watermark_no_zoom_out && ($watermark_dst_width > $this->image_dst_x || $watermark_dst_height > $this->image_dst_y))
|| (!$this->image_watermark_no_zoom_in && $watermark_dst_width < $this->image_dst_x && $watermark_dst_height < $this->image_dst_y)) {
$canvas_width = $this->image_dst_x - abs($this->image_watermark_x);
$canvas_height = $this->image_dst_y - abs($this->image_watermark_y);
$canvas_width = $this->image_dst_x - abs((int) $this->image_watermark_x);
$canvas_height = $this->image_dst_y - abs((int) $this->image_watermark_y);
if (($watermark_src_width/$canvas_width) > ($watermark_src_height/$canvas_height)) {
$watermark_dst_width = $canvas_width;
$watermark_dst_height = intval($watermark_src_height*($canvas_width / $watermark_src_width));
@@ -4527,9 +4546,9 @@ class Upload {
if (!is_numeric($this->image_text_line_spacing)) $this->image_text_line_spacing = 0;
if (!is_numeric($this->image_text_padding_x)) $this->image_text_padding_x = $this->image_text_padding;
if (!is_numeric($this->image_text_padding_y)) $this->image_text_padding_y = $this->image_text_padding;
$this->image_text_position = strtolower($this->image_text_position);
$this->image_text_direction = strtolower($this->image_text_direction);
$this->image_text_alignment = strtolower($this->image_text_alignment);
$this->image_text_position = strtolower((string) $this->image_text_position);
$this->image_text_direction = strtolower((string) $this->image_text_direction);
$this->image_text_alignment = strtolower((string) $this->image_text_alignment);
$font_type = 'gd';
@@ -4596,8 +4615,8 @@ class Upload {
$maxX = max(array($rect[0],$rect[2],$rect[4],$rect[6]));
$minY = min(array($rect[1],$rect[3],$rect[5],$rect[7]));
$maxY = max(array($rect[1],$rect[3],$rect[5],$rect[7]));
$text_offset_x = abs($minX) - 1;
$text_offset_y = abs($minY) - 1;
$text_offset_x = abs($minX);
$text_offset_y = abs($minY);
$text_width = $maxX - $minX + (2 * $this->image_text_padding_x);
$text_height = $maxY - $minY + (2 * $this->image_text_padding_y);
}
@@ -4670,15 +4689,15 @@ class Upload {
if ($this->image_text_direction == 'v') {
imagestringup($filter,
$this->image_text_font,
$k * ($line_width + ($k > 0 && $k < (sizeof($text)) ? $this->image_text_line_spacing : 0)),
$text_height - (2 * $this->image_text_padding_y) - ($this->image_text_alignment == 'l' ? 0 : (($t_height - strlen($v) * $char_width) / ($this->image_text_alignment == 'r' ? 1 : 2))) ,
(int) ($k * ($line_width + ($k > 0 && $k < (sizeof($text)) ? $this->image_text_line_spacing : 0))),
(int) ($text_height - (2 * $this->image_text_padding_y) - ($this->image_text_alignment == 'l' ? 0 : (($t_height - strlen($v) * $char_width) / ($this->image_text_alignment == 'r' ? 1 : 2)))),
$v,
$text_color);
} else {
imagestring($filter,
$this->image_text_font,
($this->image_text_alignment == 'l' ? 0 : (($t_width - strlen($v) * $char_width) / ($this->image_text_alignment == 'r' ? 1 : 2))),
$k * ($line_height + ($k > 0 && $k < (sizeof($text)) ? $this->image_text_line_spacing : 0)),
(int) ($this->image_text_alignment == 'l' ? 0 : (($t_width - strlen($v) * $char_width) / ($this->image_text_alignment == 'r' ? 1 : 2))),
(int) ($k * ($line_height + ($k > 0 && $k < (sizeof($text)) ? $this->image_text_line_spacing : 0))),
$v,
$text_color);
}

37
application/down.php
View File

@@ -5,17 +5,38 @@
* https://www.php.cn/php-weizijiaocheng-394566.html
*/
//获取要下载的文件名
require_once __DIR__.'/function.php';
// 获取下载路径
if (empty($_GET['dw'])) {
exit('No File');
exit('No File Path');
}else{
$dw = '../' . $_GET['dw'];
// 检查文件是否存在
if(!is_file($dw)){
exit('No File');
}
}
$dw = '../' . $_GET['dw'];
// 过滤下载非指定上传文件格式
$dw_extension = pathinfo($dw,PATHINFO_EXTENSION);
$filter_extensions = explode(',',$config['extensions']);
// 过滤下载其他格式
$filter_other = array('php','json','log');
// 先过滤后下载
if(in_array($dw_extension,$filter_extensions) && !in_array($dw_extension,$filter_other)){
//设置头信息
header('Content-Disposition:attachment;filename=' . basename($dw));
header('Content-Length:' . filesize($dw));
//读取文件并写入到输出缓冲
readfile($dw);
exit;
}else{
exit('Downfile Type Error');
}
//设置头信息
header('Content-Disposition:attachment;filename=' . basename($dw));
header('Content-Length:' . filesize($dw));
//读取文件并写入到输出缓冲
readfile($dw);
exit;

30
application/function.php
View File

@@ -974,9 +974,9 @@ function get_online_thumbnail($imgUrl)
if ($config['thumbnail']) {
$imgUrl = str_replace($config['domain'], '', $imgUrl);
return $config['domain'] . '/application/thumb.php?img=' . $imgUrl;
} else {
return $imgUrl;
}
return $imgUrl;
}
/**
@@ -988,15 +988,17 @@ function creat_thumbnail_by_list($imgUrl)
{
global $config;
ini_set('max_execution_time', '60'); // 脚本运行的时间以秒为单位0不限制
ini_set('max_execution_time', '300'); // 脚本运行的时间以秒为单位0不限制
// 关闭缩略图
if ($config['thumbnail'] === 0) {
return $imgUrl;
}
// 实时生成
if ($config['thumbnail'] === 1) {
return get_online_thumbnail($imgUrl);
switch ($config['thumbnail']){
// 输出原图
case 0:
return $imgUrl;
break;
// 访问生成
case 1:
return get_online_thumbnail($imgUrl);
break;
}
// 将网址图片转换为相对路径
@@ -1012,7 +1014,7 @@ function creat_thumbnail_by_list($imgUrl)
$imgName = str_replace('/', '_', $pathName);
// 缓存文件是否存在
if (file_exists(APP_ROOT . $config['path'] . 'thumbnails/' . $imgName)) {
if (is_file(APP_ROOT . $config['path'] . 'thumbnails/' . $imgName)) {
// 存在则返回缓存文件
return $config['domain'] . $config['path'] . 'thumbnails/' . $imgName;
} else {
@@ -1028,7 +1030,7 @@ function creat_thumbnail_by_list($imgUrl)
}
// 过滤非指定格式
if (!in_array(pathinfo(basename($abPathName), PATHINFO_EXTENSION), array('png', 'gif', 'jpeg', 'jpg', 'webp', 'bmp'))) {
if (!in_array(pathinfo(basename($abPathName), PATHINFO_EXTENSION), array('png', 'gif', 'jpeg', 'jpg', 'webp', 'bmp' ,'ico'))) {
return $imgUrl;
}
@@ -1398,5 +1400,5 @@ function get_current_verson($file = '/admin/verson.txt')
return file_get_contents($file);
}
return 'No Verson';
}
return 'No Verson File';
}

2
application/lang/class.upload.xx_XX.php
View File

@@ -84,5 +84,3 @@
$translation['no_conversion_type'] = 'No conversion type defined.';
$translation['copy_failed'] = 'Error copying file on the server. copy() failed.';
$translation['reading_failed'] = 'Error reading the file.';
?>

2
application/lang/class.upload.zh_CN.gb-2312.php
View File

@@ -82,5 +82,3 @@
$translation['no_conversion_type'] = <><CEB4><EFBFBD><EFBFBD>ת<EFBFBD><D7AA><EFBFBD><EFBFBD><EFBFBD><EFBFBD>';
$translation['copy_failed'] = '<27>ڷ<EFBFBD><DAB7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ϸ<EFBFBD><CFB8><EFBFBD><EFBFBD>ļ<EFBFBD>ʱ<EFBFBD><CAB1><EFBFBD><EFBFBD> copy() <20><><EFBFBD><EFBFBD>ʧ<EFBFBD><CAA7>.';
$translation['reading_failed'] = '<27><>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD>г<EFBFBD><D0B3><EFBFBD>';
?>

2
application/lang/class.upload.zh_CN.php
View File

@@ -81,5 +81,3 @@
$translation['no_conversion_type'] = '未定义转换类型';
$translation['copy_failed'] = '在服务器上复制文件时出错。 copy() 操作失败.';
$translation['reading_failed'] = '读取过程中出错。';
?>

1
application/lang/class.upload.zh_TW.php
View File

@@ -84,4 +84,3 @@
$translation['no_conversion_type'] = '未定義的轉換類型。';
$translation['copy_failed'] = '在伺服端複製檔案時出錯copy() 操作失敗。';
$translation['reading_failed'] = '讀檔過程中出錯。';
?>

2
application/process.php
View File

@@ -146,4 +146,4 @@ function write_log($filePath, $sourceName, $absolutePath, $fileSize, $from = "we
$log = array_replace($logs, $log);
cache_write($logFileName, $log, 'logs');
}
}

34
application/upload.php
View File

@@ -43,7 +43,10 @@ $handle = new Upload($_FILES['file'], 'zh_CN');
if ($handle->uploaded) {
// 允许上传的mime类型
$handle->allowed = array('image/*');
if($config['allowed'] === 1){
$handle->allowed = array('image/*');
}
// 文件命名
$handle->file_new_name_body = imgName($handle->file_src_name_body);
@@ -107,7 +110,7 @@ if ($handle->uploaded) {
}
}
// 存储图片路径:images/201807/
// 存储图片路径:i/201807/
$handle->process(APP_ROOT . $Img_path);
// 图片完整相对路径:/i/2021/05/03/k88e7p.jpg
@@ -149,6 +152,27 @@ if ($handle->uploaded) {
$delUrl = "Admin closed delete";
}
// 当设置访问生成缩略图时自动生成 2022-12-30
if($config['thumbnail'] == 2) {
// 自定义缩略图长宽
$thumbnail_w = 258;
$thumbnail_h = 258;
$handle->image_resize = true;
if (!empty($config['thumbnail_w']) || !empty($config['thumbnail_h'])) {
$handle->image_x = $config['thumbnail_w'];
$handle->image_y = $config['thumbnail_h'];
}
// 如果调整后的图像大于原始图像,则取消调整大小,以防止放大
$handle->image_no_enlarging = true;
$handle->file_new_name_body = date('Y_m_d_') . $handle->file_dst_name_body;
$handle->process(APP_ROOT . $config['path']. 'thumbnails/');
}
// 上传成功后返回json数据
$reJson = array(
"result" => "success",
@@ -159,7 +183,7 @@ if ($handle->uploaded) {
"del" => $delUrl,
);
echo json_encode($reJson);
$handle->clean();
$handle->clean(); // 如果取消上传生成缩略图需要恢复此选项功能
} else {
// 上传错误 code:206 客户端文件有问题
$reJson = array(
@@ -174,6 +198,7 @@ if ($handle->uploaded) {
/** 后续处理 */
require __DIR__ . '/process.php';
// 使用fastcgi_finish_request操作
if (function_exists('fastcgi_finish_request')) {
fastcgi_finish_request();
@@ -185,7 +210,7 @@ if ($handle->uploaded) {
@water($handle->file_dst_pathname);
// 压缩
@compress($handle->file_dst_pathname);
} else {
} else {
// 普通模式鉴黄
@process_checkImg($processUrl);
// 日志
@@ -195,5 +220,6 @@ if ($handle->uploaded) {
// 压缩
@compress($handle->file_dst_pathname);
}
unset($handle);
}