On 15 Oct 2011, at 15:50, d...@nkmo.com wrote:

> We have a simple script which rotates and image to a random value, saves
> it to a cache directory and displays it. For some reason when I move the
> script from a Debian box over to the production CentOS machine, it no
> longer caches any of the images. the rest works, but not the cache. If you
> could look at it and see if anything jumps out at you, please let me know.
> install the code below to the directory /angles
> .htaccess:
> RewriteEngine on
> RewriteRule ^rotate_(\d+)(?:_(?:\d+))?.png$ rotate.php?im=$1
> rotate.php:
> <?php
> // Setup
> if(isset($_GET['im']) && file_exists($_GET['im'].'.png')) {
> header('Content-type: image/png');
> $im = $_GET['im'].'.png';
> $degrees = rand(0, 360);
> $save = 'cache/'.$_GET['im'].'_'.$degrees.'.png';
> if(!file_exists($save)) {
> // Rotate via "command line" and cache it
> exec('convert '.$im.' -filter \'Lanczos\' -resize \'150x150\' -rotate
> '.$degrees.' -black-threshold 40% '.$save, $out);
> }
> // Output out (newly?) cached file
> echo file_get_contents($save);
> } else {
> die("Image not found");
> }
> ?>
> Use it by url:
> http://www.servername.com/angles/rotate_019.png
> Each time you reload page the angle should rotate to a new position.

My first thought was that the current working directory is probably set 
differently. However, you say that the script works and presents the rotated 
images, it's just the cache that isn't right. I still think I'm probably 
correct, so try these changes...

> $im = dirname(__FILE__).'/'.$_GET['im'].'.png';


> $save = dirname(__FILE__).'/cache/'.$_GET['im'].'_'.$degrees.'.png';

You also have a pretty major hole here because you're taking a querystring 
parameter and putting it straight into a command line. What happens if I pass 
the value of $_GET['im'] as "../../../../../../../../../../../etc/passwd" ? Use 
escapeshellarg when putting variables into command lines to protect against 
this type of hack.


Stuart Dallas
3ft9 Ltd

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to