ID:               26546
 User updated by:  rcoles at hotmail dot com
 Reported By:      rcoles at hotmail dot com
 Status:           Open
 Bug Type:         GetImageSize related
 Operating System: all
 PHP Version:      4.3.3
 New Comment:

BTW this issue is not specific to the particular PHP version as
mentioned in the report. It first cam to my attention while the web
hosting was using 4.2.3 and thought the issue was related to an earlier
getimagesize() issue. My test rig is running 4.3.3 and the web host has
just upgrade to 4.3.4. The results are the same.


Previous Comments:
------------------------------------------------------------------------

[2003-12-06 22:26:22] rcoles at hotmail dot com

Description:
------------
It appears that certain settings in the htaccess file will produce
unexpected results if an app is using getimagesize(). This issue may
have a bearing on the zero height/width issues reported elsewhere.

The app I've been working on is a random picture gallery. The PHP code
using getimagesize() looks like this:

$maxwidth =180; //modify this figure to suit
$imagehw = getimagesize($image[$r]);
$imagewidth = $imagehw[0];
$imageheight = $imagehw[1];
if ($imagewidth>$maxwidth) {
   $imageprop = ($maxwidth*100)/$imagewidth;
   $imagevsize = ($imageheight*$imageprop)/100;
   $imagewidth = $maxwidth; 
   $imageheight = ceil($imagevsize);
}

[$r] is an image in an array. The rest of the code auto-resizes the
image and maintains a constant aspect ratio.

Looking over my web access logs in get this:

web host IP address - - [06/Dec/2003:02:14:52 -0600] "GET
/images_dir/some_sub_dir/IMG_2581.jpg HTTP/1.0" 403 - "-" "-"
ISP's IP address - - [06/Dec/2003:02:14:53 -0600] "GET
/images_dir/some_sub_dir/IMG_2581.jpg HTTP/1.0" 304 -
"http://www.xxx.com/some_dir/s0me_page.php"; "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.0; Q312461)"

Note the "403 - access denied" in the first line.

In my htaccess file I have the following:

# Forbid if blank (or "-") Referer *and* UA
RewriteCond %{HTTP_REFERER} ^-?$
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* - [F]

These lines forbid/ban blank referrers and UA's. 

As far as I can understand and thus, now assume, while using
getimagesize, the web host's server does a "GET" to get the image
before passing it to the code and then serving it to the browser. While
doing the "GET" - and because it's an "internal process" - there would
be no need for a UA. The htaccess file picks this up and issues a 403.
The image reference is then passed to the browser but no image appears.
Well, its does but appears as a pixel dot. No error warnings or notices
are produced with this error.

I have tried adding the following line to the htaccess file to try and
by-pass this issue:

RewriteCond %{REMOTE_ADDRESS} !^xxx\.xxx\.xxx\.xxx$

xxx being the host IP address. Have had NO success with this so far.

Expected result:
----------------
With these lines removed from my htaccess file:

# Forbid if blank (or "-") Referer *and* UA
RewriteCond %{HTTP_REFERER} ^-?$
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* - [F]

this is what I get in my web access logs:

web host IP address - - [05/Dec/2003:22:11:10 -0600] "GET /images/some
sub_dir/IMG_2295.jpg HTTP/1.0" 200 49254 "-" "-"
ISP's IP address - - [05/Dec/2003:22:11:11 -0600] "GET /images/some
sub_dir/IMG_2295.jpg HTTP/1.0" 304 -
"http://www.xxx.com/some_dir/some_page.php"; "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.0; Q312461)"

Note the "200" passed on each line. In other words, the app works as
designed

Actual result:
--------------
With the above htaccess RewriteCond in place, this is what I get at the
browser end:

<img src="http://www.xxx.com/images_dir/some_sub_dir/IMG_3235.jpg";
width="" height="" alt="This is a Random Image" />

Note the empty width and height parameters.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=26546&edit=1

Reply via email to