-
Notifications
You must be signed in to change notification settings - Fork 1
/
getframe.php
69 lines (57 loc) · 2.22 KB
/
getframe.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<?php
/*
Takes a hashed file path, loads a jpeg image, recompresses it and sends to client
*/
/*
This file is part of motion-webplayer
motion-webplayer is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License version 2as published by
the Free Software Foundation
motion-webplayer is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with motion-webplayer. If not, see <http://www.gnu.org/licenses/>.
Contains portions of code from Dag Erlandsson ([email protected]) - http://www.lavrsen.dk/foswiki/bin/view/Motion/MotionJpegViewer
Author: Matthew Watts 2015
*/
include("config.inc");
if(isset($_GET['frame'])) {
// decrypt the file path
$file=rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($secret_key), base64_decode($_GET['frame']), MCRYPT_MODE_CBC, md5(md5($secret_key))), "\0");
$filename = trim($image_root . "/" . $file);
// TODO hashing is not immutable - check for directory traversal attack - file must be a child of $image_root
} else {
$filename = "throw an error";
}
if(isset($_GET['q'])) {
$quality = $_GET['q'];
//if( ! is_int($quality) ) {
// $quality = 70;
//}
if( $quality < 2 ) {
$quality = 2;
}
if( $quality > 100 ) {
$quality = 100;
}
} else {
$quality = 70;
}
// create image object from jpeg files - this allows us to recompress the jpeg and also helps
// prevent attacks that attempt to retrive another type of file from the filesystem
// @ to prevent image loading errors destroying JPEG data
$source = @imagecreatefromjpeg(trim($filename));
// JPEG Loading error handler
if(!$source) {
/* Create a black image */
$source = imagecreatetruecolor(150, 30);
$bgc = imagecolorallocate($source, 255, 255, 255);
$tc = imagecolorallocate($source, 0, 0, 0);
imagefilledrectangle($source, 0, 0, 150, 30, $bgc);
/* Output an error message */
imagestring($source, 1, 5, 5, 'Error loading frame', $tc);
}
header("Content-type: image/jpeg\n\n");
imagejpeg($source, NULL, $quality);