call("serve_thumbnail"); set_max_memory(); if (empty($_GET['file'])) error( __("Error"), __("Missing argument."), code:400 ); if (!$visitor->group->can("view_site")) show_403( __("Access Denied"), __("You are not allowed to view this site.") ); $quality = abs((int) fallback($_GET["quality"], 80)); $filename = str_replace( array(DIR, "/", "<", ">"), "", $_GET['file'] ); if ($filename == "") show_404( __("Not Found"), __("File not found.") ); $filepath = uploaded($filename, false); $thumb_w = abs((int) fallback($_GET["max_width"], 960)); $thumb_h = abs((int) fallback($_GET["max_height"], 0)); if (!is_readable($filepath) or !is_file($filepath)) show_404( __("Not Found"), __("File not found.") ); # Halve the quality if reduced data usage is preferred. if (isset($_SERVER['HTTP_SAVE_DATA'])) { if (!preg_match("/^(off|0)$/i", $_SERVER['HTTP_SAVE_DATA'])) $quality = floor($quality * 0.5); } $thumb = new ThumbnailFile( $filename, $thumb_w, $thumb_h, $quality, !empty($_GET['square']) ); # Redirect to original if thumbnail cannot or should not be created. if (!$thumb->creatable() or $thumb->upscaling()) { header("Cache-Control: public"); header("Pragma: no-cache"); header("Expires: ".date("r", now("+7 days"))); redirect(uploaded($filename), code:301); } # Respond to If-Modified-Since so the user agent will use cache. if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { $lastmod = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']); if ($lastmod >= filemtime($filepath)) { header_remove(); header($_SERVER['SERVER_PROTOCOL']." 304 Not Modified"); header("Cache-Control: public"); header("Pragma: no-cache"); header("Expires: ".date("r", now("+30 days"))); header("Vary: Accept-Encoding, Cookie, Save-Data"); exit; } } $safename = addslashes($thumb->name()); header("Last-Modified: ".date("r", filemtime($filepath))); header("Cache-Control: public"); header("Pragma: no-cache"); header("Expires: ".date("r", now("+30 days"))); header("Content-Disposition: inline; filename=\"".$safename."\""); $thumb->create(); $thumb->serve(); $trigger->call("end"); ob_end_flush();