Does not recognize same hostname without www in URL

rifanece / timthumb

Automatically exported from code.google.com/p/timthumb

0 stars 0 forks source link

Does not recognize same hostname without www in URL #57

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Because of the new external functionality in 1.11, you added this to
cleanSource()

    $src = str_replace('http://' . $_SERVER['HTTP_HOST'], '', $src);
    $src = str_replace('https://' . $_SERVER['HTTP_HOST'], '', $src);

The problem with this is that it is dependent on same domain name in $src.

So you can't have hostname http://www.woothemes.com on your blog, and use
http://woothemes.com/images/image.jpg as the $src, because it will think
it's an external site.

Maybe an idea to build a bit more checking on the domain name to allow for
cases like this or vice versa.

Cheers and keep up the great work!

Magnus

Original issue reported on code.google.com by magnusje...@gmail.com on 7 Jan 2010 at 5:43

GoogleCodeExporter commented 8 years ago

I've added some code in cleanSource() to allow for mismatching host name e.g.
http://www.domain.com and http://domain.com in $src and vice versa

/**
 * tidy up the image source url
 */
function cleanSource($src) {

    $src = str_replace('http://' . $_SERVER['HTTP_HOST'], '', $src);
    $src = str_replace('https://' . $_SERVER['HTTP_HOST'], '', $src);
    $src = htmlentities($src);

    // check if not same domain name
    $host = $_SERVER['HTTP_HOST'];
    $host = str_replace('www.', '', $host);
    $tempsrc = str_replace('www.', '', $src);
    if (ereg($host, $tempsrc) == false) {
        // if not same domain, test on external site
        $src = checkExternal ($src);
    } else {
        $src = str_replace('www.', '', $src);
    }

    // remove slash from start of string
    if(strpos($src, '/') === 0) {
        $src = substr($src, -(strlen($src) - 1));
    }

Original comment by magnusje...@gmail.com on 8 Jan 2010 at 6:13

GoogleCodeExporter commented 8 years ago

I think I have sorted this out. If you could test and confirm that'd be great :)

Original comment by BinaryMoon on 10 Jan 2010 at 9:19

Changed state: Fixed

GoogleCodeExporter commented 8 years ago

Hey Ben, almost worked ;)

$regex looked like this: /^((ht|f)tp(s|):\/\/)(www\.|)www.woothemes.com/i

So when the image URL was http://woothemes.com/image.jpg it would not work.

I added one line to fix this:
    $host = $_SERVER['HTTP_HOST'];
    $host = preg_replace ('(www\.|)', '', $host);           // Added to remove www. from host
    $regex = "/^((ht|f)tp(s|):\/\/)(www\.|)" . $host . "/i";
    $src = preg_replace ($regex, '', $src);
    $src = htmlentities ($src);
        $src = checkExternal ($src);

Original comment by magnusje...@gmail.com on 10 Jan 2010 at 12:18

GoogleCodeExporter commented 8 years ago

Hi Mark - sorry for not mentioning this sooner. I think it's fixed now. I need 
to add
some extra tests to my test code to make sure but it should be fine.

Thanks

Original comment by BinaryMoon on 12 Jan 2010 at 1:38

GoogleCodeExporter commented 8 years ago

Is there any way to get Image Resized from external URLs ?

Original comment by smashing...@gmail.com on 24 May 2010 at 6:57