Finding path if user omits www in hostname

[GoogleCodeExporter]

What steps will reproduce the problem?

If you leave out "www." in the source url it will not find the image

To fix the problem, you can modify clean_source function to the following:

function clean_source ( $src ) {

    // remove http/ https/ ftp
    $src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src);
    // remove domain name from the source url
    $src = str_replace($_SERVER["HTTP_HOST"], "", $src);
    // remove domain (without "www.") from the source url
    $short_host = $_SERVER["HTTP_HOST"];
    $short_host = str_replace("www.", "", $short_host);
    $src = str_replace($short_host, "", $src);

    //$src = preg_replace( "/(?:^\/+|\.{2,}\/+?)/", "", $src );
    //$src = preg_replace( '/^\w+:\/\/[^\/]+/', '', $src );

    // don't allow users the ability to use '../' 
    // in order to gain access to files below document root

    // src should be specified relative to document root like:
    // src=images/img.jpg or src=/images/img.jpg
    // not like:
    // src=../images/img.jpg
    $src = preg_replace( "/\.\.+\//", "", $src );

    return $src;

}

Original issue reported on code.google.com by magnusje...@gmail.com on 22 Oct 2008 at 7:31

Attachments:

• thumb.php

[GoogleCodeExporter]

thanks for pointing that out. Not a situation i've recognised before but have 
added 
the code in.

Original comment by BinaryMoon on 22 Oct 2008 at 3:47

• Changed state: Fixed