Issues in phpthumb.gif.php (master) - Issues in master - XoopsModules25x/apcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1210)

Security Analysis not enabled

Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
Response Splitting
Response Splitting can be used to send arbitrary responses.
File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
Header Injection
Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.
thumbs/phpthumb.gif.php (41 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php
///////////////////////////////////////////////////////////////////////////////////////////////////
// GIF Util - (C) 2003 Yamasoft (S/C)
// http://www.yamasoft.com
// All Rights Reserved
// This file can be freely copied, distributed, modified, updated by anyone under the only
// condition to leave the original address (Yamasoft, http://www.yamasoft.com) and this header.
///////////////////////////////////////////////////////////////////////////////////////////////////
// <gif>  = gif_loadFile(filename, [index])
// <bool> = gif_getSize(<gif> or filename, &width, &height)
// <bool> = gif_outputAsPng(<gif>, filename, [bgColor])
// <bool> = gif_outputAsBmp(<gif>, filename, [bgcolor])
// <bool> = gif_outputAsJpeg(<gif>, filename, [bgcolor]) - use cjpeg if available otherwise uses GD
///////////////////////////////////////////////////////////////////////////////////////////////////
// Original code by Fabien Ezber
// Modified by James Heinrich <[email protected]> for use in phpThumb() - December 10, 2003
// * Added function gif_loadFileToGDimageResource() - this returns a GD image resource
// * Modified gif_outputAsJpeg() to check if it's running under Windows, or if cjpeg is not
//   available, in which case it will attempt to output JPEG using GD functions
// * added @ error-suppression to two lines where it checks: if ($this->m_img->m_bTrans)
//   otherwise warnings are generated if error_reporting == E_ALL
///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * @param            $lpszFileName
 * @param  int       $iIndex
 * @return bool|CGIF
 */
function gif_loadFile($lpszFileName, $iIndex = 0)
{
    $gif = new CGIF();
    if ($gif->loadFile($lpszFileName, $iIndex)) {
        return $gif;
    }

    return false;
}

///////////////////////////////////////////////////////////////////////////////////////////////////

// Added by James Heinrich <[email protected]> - December 10, 2003
/**
 * @param                $gifFilename
 * @param  int           $bgColor
 * @return bool|resource
 */
function gif_loadFileToGDimageResource($gifFilename, $bgColor = -1)
{
    if ($gif = gif_loadFile($gifFilename)) {
        if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
            // shouldn't take nearly this long
            set_time_limit(120);
        }
        // general strategy: convert raw data to PNG then convert PNG data to GD image resource
        $PNGdata = $gif->getPng($bgColor);
        if ($img = @imagecreatefromstring($PNGdata)) {

            // excellent - PNG image data successfully converted to GD image
            return $img;
        } elseif ($img = $gif->getGD_PixelPlotterVersion()) {

            // problem: ImageCreateFromString() didn't like the PNG image data.
            //   This has been known to happen in PHP v4.0.6
            // solution: take the raw image data and create a new GD image and plot
            //   pixel-by-pixel on the GD image. This is extremely slow, but it does
            //   work and a slow solution is better than no solution, right? :)
            return $img;
        }
    }

    return false;
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * @param       $gif
 * @param       $lpszFileName
 * @param  int  $bgColor
 * @return bool
 */
function gif_outputAsBmp($gif, $lpszFileName, $bgColor = -1)

{
    if (!isset($gif) || (@get_class($gif) <> 'cgif') || !$gif->loaded() || ($lpszFileName == '')) {
        return false;
    }

    $fd = $gif->getBmp($bgColor);
    if (strlen($fd) <= 0) {
        return false;
    }

    if (!($fh = @fopen($lpszFileName, 'wb'))) {
        return false;
    }
    @fwrite($fh, $fd, strlen($fd));
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    @fflush($fh);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    @fclose($fh);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

    return true;
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * @param       $gif
 * @param       $lpszFileName
 * @param  int  $bgColor
 * @return bool
 */
function gif_outputAsPng($gif, $lpszFileName, $bgColor = -1)

{
    if (!isset($gif) || (@get_class($gif) <> 'cgif') || !$gif->loaded() || ($lpszFileName == '')) {
        return false;
    }

    $fd = $gif->getPng($bgColor);
    if (strlen($fd) <= 0) {
        return false;
    }

    if (!($fh = @fopen($lpszFileName, 'wb'))) {
        return false;
    }
    @fwrite($fh, $fd, strlen($fd));
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    @fflush($fh);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    @fclose($fh);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

    return true;
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * @param       $gif
 * @param       $lpszFileName
 * @param  int  $bgColor
 * @return bool
 */
function gif_outputAsJpeg($gif, $lpszFileName, $bgColor = -1)
{
    // JPEG output that does not require cjpeg added by James Heinrich <[email protected]> - December 10, 2003
    if ((strtoupper(substr(PHP_OS, 0, 3)) != 'WIN') && (file_exists('/usr/local/bin/cjpeg') || `which cjpeg`)) {
        if (gif_outputAsBmp($gif, $lpszFileName . '.bmp', $bgColor)) {
            exec('cjpeg ' . $lpszFileName . '.bmp >' . $lpszFileName . ' 2>/dev/null');
            @unlink($lpszFileName . '.bmp');
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

            if (@file_exists($lpszFileName)) {
                if (@filesize($lpszFileName) > 0) {
                    return true;
                }

                @unlink($lpszFileName);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
            }
        }
    } else {

        // either Windows, or cjpeg not found in path
        if ($img = @imagecreatefromstring($gif->getPng($bgColor))) {
            if (@imagejpeg($img, $lpszFileName)) {
                return true;
            }
        }
    }

    return false;
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * @param $gif
 * @param $width
 * @param $height
 * @return bool
 */
function gif_getSize($gif, &$width, &$height)
{
    if (isset($gif) && (@get_class($gif) == 'cgif') && $gif->loaded()) {
        $width  = $gif->width();
        $height = $gif->height();
    } elseif (@file_exists($gif)) {
        $myGIF = new CGIF();
        if (!$myGIF->getSize($gif, $width, $height)) {
            return false;
        }
    } else {
        return false;
    }

    return true;
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * Class CGIFLZW
 */
class CGIFLZW
{
    public $MAX_LZW_BITS;
    public $Fresh;
    public $CodeSize;
    public $SetCodeSize;
    public $MaxCode;
    public $MaxCodeSize;
    public $FirstCode;
    public $OldCode;
    public $ClearCode;
    public $EndCode;
    public $Next;
    public $Vals;
    public $Stack;
    public $sp;
    public $Buf;
    public $CurBit;
    public $LastBit;
    public $Done;
    public $LastByte;

    ///////////////////////////////////////////////////////////////////////////

    // CONSTRUCTOR
    /**
     * CGIFLZW constructor.
     */
    public function __construct()
    {
        $this->MAX_LZW_BITS = 12;
        unset($this->Next);
        unset($this->Vals);
        unset($this->Stack);
        unset($this->Buf);

        $this->Next  = range(0, (1 << $this->MAX_LZW_BITS) - 1);
        $this->Vals  = range(0, (1 << $this->MAX_LZW_BITS) - 1);
        $this->Stack = range(0, (1 << ($this->MAX_LZW_BITS + 1)) - 1);
        $this->Buf   = range(0, 279);
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $data
     * @param $datLen
     * @return bool|string
     */
    public function deCompress($data, &$datLen)
    {
        $stLen  = strlen($data);
        $datLen = 0;
        $ret    = '';

        // INITIALIZATION
        $this->LZWCommand($data, true);

        while (($iIndex = $this->LZWCommand($data, false)) >= 0) {
            $ret .= chr($iIndex);
        }

        $datLen = $stLen - strlen($data);

        if ($iIndex != -2) {
            return false;
        }

        return $ret;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $data
     * @param $bInit
     * @return int
     */
    public function LZWCommand(&$data, $bInit)
    {
        if ($bInit) {
            $this->SetCodeSize = ord($data{0});
            $data              = substr($data, 1);

            $this->CodeSize    = $this->SetCodeSize + 1;
            $this->ClearCode   = 1 << $this->SetCodeSize;
            $this->EndCode     = $this->ClearCode + 1;
            $this->MaxCode     = $this->ClearCode + 2;
            $this->MaxCodeSize = $this->ClearCode << 1;

            $this->GetCode($data, $bInit);

            $this->Fresh = 1;
            for ($i = 0; $i < $this->ClearCode; $i++) {

                $this->Next[$i] = 0;
                $this->Vals[$i] = $i;
            }

            for (; $i < (1 << $this->MAX_LZW_BITS); $i++) {

                $this->Next[$i] = 0;
                $this->Vals[$i] = 0;
            }

            $this->sp = 0;

            return 1;
        }

        if ($this->Fresh) {
            $this->Fresh = 0;
            do {
                $this->FirstCode = $this->GetCode($data, $bInit);
                $this->OldCode   = $this->FirstCode;
            } while ($this->FirstCode == $this->ClearCode);

            return $this->FirstCode;
        }

        if ($this->sp > 0) {
            $this->sp--;

            return $this->Stack[$this->sp];
        }

        while (($Code = $this->GetCode($data, $bInit)) >= 0) {
            if ($Code == $this->ClearCode) {
                for ($i = 0; $i < $this->ClearCode; $i++) {

                    $this->Next[$i] = 0;
                    $this->Vals[$i] = $i;
                }

                for (; $i < (1 << $this->MAX_LZW_BITS); $i++) {

                    $this->Next[$i] = 0;
                    $this->Vals[$i] = 0;
                }

                $this->CodeSize    = $this->SetCodeSize + 1;
                $this->MaxCodeSize = $this->ClearCode << 1;
                $this->MaxCode     = $this->ClearCode + 2;
                $this->sp          = 0;
                $this->FirstCode   = $this->GetCode($data, $bInit);
                $this->OldCode     = $this->FirstCode;

                return $this->FirstCode;
            }

            if ($Code == $this->EndCode) {
                return -2;
            }

            $InCode = $Code;
            if ($Code >= $this->MaxCode) {
                $this->Stack[$this->sp] = $this->FirstCode;
                $this->sp++;
                $Code = $this->OldCode;
            }

            while ($Code >= $this->ClearCode) {
                $this->Stack[$this->sp] = $this->Vals[$Code];
                $this->sp++;

                if ($Code == $this->Next[$Code]) {
                    // Circular table entry, big GIF Error!

                    return -1;
                }

                $Code = $this->Next[$Code];
            }

            $this->FirstCode        = $this->Vals[$Code];
            $this->Stack[$this->sp] = $this->FirstCode;
            $this->sp++;

            if (($Code = $this->MaxCode) < (1 << $this->MAX_LZW_BITS)) {
                $this->Next[$Code] = $this->OldCode;
                $this->Vals[$Code] = $this->FirstCode;
                $this->MaxCode++;

                if (($this->MaxCode >= $this->MaxCodeSize) && ($this->MaxCodeSize < (1 << $this->MAX_LZW_BITS))) {
                    $this->MaxCodeSize *= 2;
                    $this->CodeSize++;
                }
            }

            $this->OldCode = $InCode;
            if ($this->sp > 0) {
                $this->sp--;

                return $this->Stack[$this->sp];
            }
        }

        return $Code;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $data
     * @param $bInit
     * @return int
     */
    public function GetCode(&$data, $bInit)
    {
        if ($bInit) {
            $this->CurBit   = 0;
            $this->LastBit  = 0;
            $this->Done     = 0;
            $this->LastByte = 2;

            return 1;
        }

        if (($this->CurBit + $this->CodeSize) >= $this->LastBit) {
            if ($this->Done) {
                if ($this->CurBit >= $this->LastBit) {
                    // Ran off the end of my bits
                    return 0;
                }

                return -1;
            }

            $this->Buf[0] = $this->Buf[$this->LastByte - 2];
            $this->Buf[1] = $this->Buf[$this->LastByte - 1];

            $Count = ord($data{0});
            $data  = substr($data, 1);

            if ($Count) {
                for ($i = 0; $i < $Count; $i++) {
                    $this->Buf[2 + $i] = ord($data{$i});
                }
                $data = substr($data, $Count);
            } else {
                $this->Done = 1;
            }

            $this->LastByte = 2 + $Count;
            $this->CurBit   = ($this->CurBit - $this->LastBit) + 16;
            $this->LastBit  = (2 + $Count) << 3;
        }

        $iRet = 0;
        for ($i = $this->CurBit, $j = 0; $j < $this->CodeSize; $i++, $j++) {
            $iRet |= (($this->Buf[(int)($i / 8)] & (1 << ($i % 8))) != 0) << $j;
        }

        $this->CurBit += $this->CodeSize;

        return $iRet;
    }
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * Class CGIFCOLORTABLE
 */
class CGIFCOLORTABLE
{
    public $m_nColors;
    public $m_arColors;

    ///////////////////////////////////////////////////////////////////////////

    // CONSTRUCTOR
    /**
     * CGIFCOLORTABLE constructor.
     */
    public function __construct()
    {
        unset($this->m_nColors);
        unset($this->m_arColors);
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $lpData
     * @param $num
     * @return bool
     */
    public function load($lpData, $num)
    {
        $this->m_nColors  = 0;
        $this->m_arColors = array();

        for ($i = 0; $i < $num; $i++) {
            $rgb = substr($lpData, $i * 3, 3);
            if (strlen($rgb) < 3) {
                return false;
            }

            $this->m_arColors[] = (ord($rgb{2}) << 16) + (ord($rgb{1}) << 8) + ord($rgb{0});
            $this->m_nColors++;
        }

        return true;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @return string
     */
    public function toString()

    {
        $ret = '';

        for ($i = 0; $i < $this->m_nColors; $i++) {
            $ret .= chr($this->m_arColors[$i] & 0x000000FF) . // R
                    chr(($this->m_arColors[$i] & 0x0000FF00) >> 8) . // G
                    chr(($this->m_arColors[$i] & 0x00FF0000) >> 16);  // B
        }

        return $ret;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @return string
     */
    public function toRGBQuad()

    {
        $ret = '';

        for ($i = 0; $i < $this->m_nColors; $i++) {
            $ret .= chr(($this->m_arColors[$i] & 0x00FF0000) >> 16) . // B
                    chr(($this->m_arColors[$i] & 0x0000FF00) >> 8) . // G
                    chr($this->m_arColors[$i] & 0x000000FF) . // R
                    "\x00";
        }

        return $ret;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $rgb
     * @return int
     */
    public function colorIndex($rgb)
    {
        $rgb = (int)$rgb & 0xFFFFFF;
        $r1  = ($rgb & 0x0000FF);
        $g1  = ($rgb & 0x00FF00) >> 8;
        $b1  = ($rgb & 0xFF0000) >> 16;
        $idx = -1;

        for ($i = 0; $i < $this->m_nColors; $i++) {
            $r2 = ($this->m_arColors[$i] & 0x000000FF);
            $g2 = ($this->m_arColors[$i] & 0x0000FF00) >> 8;
            $b2 = ($this->m_arColors[$i] & 0x00FF0000) >> 16;
            $d  = abs($r2 - $r1) + abs($g2 - $g1) + abs($b2 - $b1);

            if (($idx == -1) || ($d < $dif)) {
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
                $idx = $i;
                $dif = $d;
            }
        }

        return $idx;
    }
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * Class CGIFFILEHEADER
 */
class CGIFFILEHEADER
{
    public $m_lpVer;
    public $m_nWidth;
    public $m_nHeight;
    public $m_bGlobalClr;
    public $m_nColorRes;
    public $m_bSorted;
    public $m_nTableSize;
    public $m_nBgColor;
    public $m_nPixelRatio;
    public $m_colorTable;

    ///////////////////////////////////////////////////////////////////////////

    // CONSTRUCTOR
    /**
     * CGIFFILEHEADER constructor.
     */
    public function __construct()
    {
        unset($this->m_lpVer);
        unset($this->m_nWidth);
        unset($this->m_nHeight);
        unset($this->m_bGlobalClr);
        unset($this->m_nColorRes);
        unset($this->m_bSorted);
        unset($this->m_nTableSize);
        unset($this->m_nBgColor);
        unset($this->m_nPixelRatio);
        unset($this->m_colorTable);
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $lpData
     * @param $hdrLen
     * @return bool
     */
    public function load($lpData, &$hdrLen)
    {
        $hdrLen = 0;

        $this->m_lpVer = substr($lpData, 0, 6);
        if (($this->m_lpVer <> 'GIF87a') && ($this->m_lpVer <> 'GIF89a')) {
            return false;
        }

        $this->m_nWidth  = $this->w2i(substr($lpData, 6, 2));
        $this->m_nHeight = $this->w2i(substr($lpData, 8, 2));
        if (!$this->m_nWidth || !$this->m_nHeight) {
            return false;
        }

        $b                   = ord(substr($lpData, 10, 1));
        $this->m_bGlobalClr  = ($b & 0x80) ? true : false;
        $this->m_nColorRes   = ($b & 0x70) >> 4;
        $this->m_bSorted     = ($b & 0x08) ? true : false;
        $this->m_nTableSize  = 2 << ($b & 0x07);
        $this->m_nBgColor    = ord(substr($lpData, 11, 1));
        $this->m_nPixelRatio = ord(substr($lpData, 12, 1));
        $hdrLen              = 13;

        if ($this->m_bGlobalClr) {

            $this->m_colorTable = new CGIFCOLORTABLE();
            if (!$this->m_colorTable->load(substr($lpData, $hdrLen), $this->m_nTableSize)) {
                return false;
            }
            $hdrLen += 3 * $this->m_nTableSize;
        }

        return true;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $str
     * @return int
     */
    public function w2i($str)
    {
        return ord(substr($str, 0, 1)) + (ord(substr($str, 1, 1)) << 8);
    }
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * Class CGIFIMAGEHEADER
 */
class CGIFIMAGEHEADER
{
    public $m_nLeft;
    public $m_nTop;
    public $m_nWidth;
    public $m_nHeight;
    public $m_bLocalClr;
    public $m_bInterlace;
    public $m_bSorted;
    public $m_nTableSize;
    public $m_colorTable;

    ///////////////////////////////////////////////////////////////////////////

    // CONSTRUCTOR
    /**
     * CGIFIMAGEHEADER constructor.
     */
    public function __construct()
    {
        unset($this->m_nLeft);
        unset($this->m_nTop);
        unset($this->m_nWidth);
        unset($this->m_nHeight);
        unset($this->m_bLocalClr);
        unset($this->m_bInterlace);
        unset($this->m_bSorted);
        unset($this->m_nTableSize);
        unset($this->m_colorTable);
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $lpData
     * @param $hdrLen
     * @return bool
     */
    public function load($lpData, &$hdrLen)
    {
        $hdrLen = 0;

        $this->m_nLeft   = $this->w2i(substr($lpData, 0, 2));
        $this->m_nTop    = $this->w2i(substr($lpData, 2, 2));
        $this->m_nWidth  = $this->w2i(substr($lpData, 4, 2));
        $this->m_nHeight = $this->w2i(substr($lpData, 6, 2));

        if (!$this->m_nWidth || !$this->m_nHeight) {
            return false;
        }

        $b                  = ord($lpData{8});
        $this->m_bLocalClr  = ($b & 0x80) ? true : false;
        $this->m_bInterlace = ($b & 0x40) ? true : false;
        $this->m_bSorted    = ($b & 0x20) ? true : false;
        $this->m_nTableSize = 2 << ($b & 0x07);
        $hdrLen             = 9;

        if ($this->m_bLocalClr) {

            $this->m_colorTable = new CGIFCOLORTABLE();
            if (!$this->m_colorTable->load(substr($lpData, $hdrLen), $this->m_nTableSize)) {
                return false;
            }
            $hdrLen += 3 * $this->m_nTableSize;
        }

        return true;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $str
     * @return int
     */
    public function w2i($str)
    {
        return ord(substr($str, 0, 1)) + (ord(substr($str, 1, 1)) << 8);
    }
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * Class CGIFIMAGE
 */
class CGIFIMAGE
{
    public $m_disp;
    public $m_bUser;
    public $m_bTrans;
    public $m_nDelay;
    public $m_nTrans;
    public $m_lpComm;
    public $m_gih;
    public $m_data;
    public $m_lzw;

    ///////////////////////////////////////////////////////////////////////////

    /**
     * CGIFIMAGE constructor.
     */
    public function __construct()
    {
        unset($this->m_disp);
        unset($this->m_bUser);
        unset($this->m_bTrans);
        unset($this->m_nDelay);
        unset($this->m_nTrans);
        unset($this->m_lpComm);
        unset($this->m_data);
        $this->m_gih = new CGIFIMAGEHEADER();
        $this->m_lzw = new CGIFLZW();
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $data
     * @param $datLen
     * @return bool
     */
    public function load($data, &$datLen)
    {
        $datLen = 0;

        while (true) {
            $b    = ord($data{0});
            $data = substr($data, 1);
            $datLen++;

            switch ($b) {
                case 0x21: // Extension
                    if (!$this->skipExt($data, $len = 0)) {

                        return false;
                    }
                    $datLen += $len;
                    break;

                case 0x2C: // Image
                    // LOAD HEADER & COLOR TABLE
                    if (!$this->m_gih->load($data, $len = 0)) {

                        return false;
                    }
                    $data   = substr($data, $len);
                    $datLen += $len;

                    // ALLOC BUFFER
                    if (!($this->m_data = $this->m_lzw->deCompress($data, $len = 0))) {

                        return false;
                    }
                    $data   = substr($data, $len);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
                    $datLen += $len;

                    if ($this->m_gih->m_bInterlace) {
                        $this->deInterlace();
                    }

                    return true;

                case 0x3B: // EOF
                default:
                    return false;
            }
        }

        return false;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $data
     * @param $extLen
     * @return bool
     */
    public function skipExt(&$data, &$extLen)
    {
        $extLen = 0;

        $b    = ord($data{0});
        $data = substr($data, 1);
        $extLen++;

        switch ($b) {
            case 0xF9: // Graphic Control
                $b              = ord($data{1});
                $this->m_disp   = ($b & 0x1C) >> 2;
                $this->m_bUser  = ($b & 0x02) ? true : false;
                $this->m_bTrans = ($b & 0x01) ? true : false;
                $this->m_nDelay = $this->w2i(substr($data, 2, 2));
                $this->m_nTrans = ord($data{4});
                break;

            case 0xFE: // Comment
                $this->m_lpComm = substr($data, 1, ord($data{0}));
                break;

            case 0x01: // Plain text
                break;

            case 0xFF: // Application
                break;
        }

        // SKIP DEFAULT AS DEFS MAY CHANGE
        $b    = ord($data{0});
        $data = substr($data, 1);
        $extLen++;
        while ($b > 0) {
            $data   = substr($data, $b);
            $extLen += $b;
            $b      = ord($data{0});
            $data   = substr($data, 1);
            $extLen++;
        }

        return true;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $str
     * @return int
     */
    public function w2i($str)
    {
        return ord(substr($str, 0, 1)) + (ord(substr($str, 1, 1)) << 8);
    }

    ///////////////////////////////////////////////////////////////////////////

    public function deInterlace()
    {
        $data = $this->m_data;

        for ($i = 0; $i < 4; $i++) {
            switch ($i) {
                case 0:
                    $s = 8;
                    $y = 0;
                    break;

                case 1:
                    $s = 8;
                    $y = 4;
                    break;

                case 2:
                    $s = 4;
                    $y = 2;
                    break;

                case 3:
                    $s = 2;
                    $y = 1;
                    break;
            }

            for (; $y < $this->m_gih->m_nHeight; $y += $s) {
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
                $lne          = substr($this->m_data, 0, $this->m_gih->m_nWidth);
                $this->m_data = substr($this->m_data, $this->m_gih->m_nWidth);

                $data = substr($data, 0, $y * $this->m_gih->m_nWidth) . $lne . substr($data, ($y + 1) * $this->m_gih->m_nWidth);
            }
        }

        $this->m_data = $data;
    }
}

///////////////////////////////////////////////////////////////////////////////////////////////////

/**
 * Class CGIF
 */
class CGIF
{
    public $m_gfh;
    public $m_lpData;
    public $m_img;
    public $m_bLoaded;

    ///////////////////////////////////////////////////////////////////////////

    // CONSTRUCTOR
    /**
     * CGIF constructor.
     */
    public function __construct()
    {
        $this->m_gfh     = new CGIFFILEHEADER();
        $this->m_img     = new CGIFIMAGE();
        $this->m_lpData  = '';
        $this->m_bLoaded = false;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $lpszFileName
     * @param $iIndex
     * @return bool
     */
    public function loadFile($lpszFileName, $iIndex)
    {
        if ($iIndex < 0) {
            return false;
        }

        // READ FILE
        if (!($fh = @fopen($lpszFileName, 'rb'))) {
            return false;
        }
        $this->m_lpData = @fread($fh, @filesize($lpszFileName));
        fclose($fh);

        // GET FILE HEADER
        if (!$this->m_gfh->load($this->m_lpData, $len = 0)) {

            return false;
        }
        $this->m_lpData = substr($this->m_lpData, $len);

        do {
            if (!$this->m_img->load($this->m_lpData, $imgLen = 0)) {

                return false;
            }
            $this->m_lpData = substr($this->m_lpData, $imgLen);
        } while ($iIndex-- > 0);

        $this->m_bLoaded = true;

        return true;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $lpszFileName
     * @param $width
     * @param $height
     * @return bool
     */
    public function getSize($lpszFileName, &$width, &$height)
    {
        if (!($fh = @fopen($lpszFileName, 'rb'))) {
            return false;
        }
        $data = @fread($fh, @filesize($lpszFileName));
        @fclose($fh);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        $gfh = new CGIFFILEHEADER();
        if (!$gfh->load($data, $len = 0)) {

            return false;
        }

        $width  = $gfh->m_nWidth;
        $height = $gfh->m_nHeight;

        return true;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $bgColor
     * @return string

     */
    public function getBmp($bgColor)
    {
        $out = '';

        if (!$this->m_bLoaded) {
            return false;
        }

        // PREPARE COLOR TABLE (RGBQUADs)
        if ($this->m_img->m_gih->m_bLocalClr) {

            $nColors = $this->m_img->m_gih->m_nTableSize;
            $rgbq    = $this->m_img->m_gih->m_colorTable->toRGBQuad();
            if ($bgColor != -1) {
                $bgColor = $this->m_img->m_gih->m_colorTable->colorIndex($bgColor);
            }
        } elseif ($this->m_gfh->m_bGlobalClr) {
            $nColors = $this->m_gfh->m_nTableSize;
            $rgbq    = $this->m_gfh->m_colorTable->toRGBQuad();
            if ($bgColor != -1) {
                $bgColor = $this->m_gfh->m_colorTable->colorIndex($bgColor);
            }
        } else {
            $nColors = 0;
            $bgColor = -1;
        }

        // PREPARE BITMAP BITS
        $data = $this->m_img->m_data;
        $nPxl = ($this->m_gfh->m_nHeight - 1) * $this->m_gfh->m_nWidth;
        $bmp  = '';
        $nPad = ($this->m_gfh->m_nWidth % 4) ? 4 - ($this->m_gfh->m_nWidth % 4) : 0;
        for ($y = 0; $y < $this->m_gfh->m_nHeight; $y++) {
            for ($x = 0; $x < $this->m_gfh->m_nWidth; $x++, $nPxl++) {
                if (($x >= $this->m_img->m_gih->m_nLeft)
                    && ($y >= $this->m_img->m_gih->m_nTop)
                    && ($x < ($this->m_img->m_gih->m_nLeft + $this->m_img->m_gih->m_nWidth))
                    && ($y < ($this->m_img->m_gih->m_nTop + $this->m_img->m_gih->m_nHeight))
                ) {
                    // PART OF IMAGE
                    if (@$this->m_img->m_bTrans && (ord($data{$nPxl}) == $this->m_img->m_nTrans)) {
                        // TRANSPARENT -> BACKGROUND
                        if ($bgColor == -1) {

                            $bmp .= chr($this->m_gfh->m_nBgColor);
                        } else {
                            $bmp .= chr($bgColor);
                        }
                    } else {
                        $bmp .= $data{$nPxl};
                    }
                } else {

                    // BACKGROUND
                    if ($bgColor == -1) {
                        $bmp .= chr($this->m_gfh->m_nBgColor);
                    } else {
                        $bmp .= chr($bgColor);
                    }
                }
            }
            $nPxl -= $this->m_gfh->m_nWidth << 1;

            // ADD PADDING
            for ($x = 0; $x < $nPad; $x++) {
                $bmp .= "\x00";
            }
        }

        // BITMAPFILEHEADER
        $out .= 'BM';
        $out .= $this->dword(14 + 40 + ($nColors << 2) + strlen($bmp));
        $out .= "\x00\x00";
        $out .= "\x00\x00";
        $out .= $this->dword(14 + 40 + ($nColors << 2));

        // BITMAPINFOHEADER
        $out .= $this->dword(40);
        $out .= $this->dword($this->m_gfh->m_nWidth);
        $out .= $this->dword($this->m_gfh->m_nHeight);
        $out .= "\x01\x00";
        $out .= "\x08\x00";
        $out .= "\x00\x00\x00\x00";
        $out .= "\x00\x00\x00\x00";
        $out .= "\x12\x0B\x00\x00";
        $out .= "\x12\x0B\x00\x00";
        $out .= $this->dword($nColors % 256);
        $out .= "\x00\x00\x00\x00";

        // COLOR TABLE
        if ($nColors > 0) {
            $out .= $rgbq;
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
        }

        // DATA
        $out .= $bmp;

        return $out;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $bgColor
     * @return string

     */
    public function getPng($bgColor)
    {
        $out = '';

        if (!$this->m_bLoaded) {
            return false;
        }

        // PREPARE COLOR TABLE (RGBQUADs)
        if ($this->m_img->m_gih->m_bLocalClr) {

            $nColors = $this->m_img->m_gih->m_nTableSize;
            $pal     = $this->m_img->m_gih->m_colorTable->toString();
            if ($bgColor != -1) {
                $bgColor = $this->m_img->m_gih->m_colorTable->colorIndex($bgColor);
            }
        } elseif ($this->m_gfh->m_bGlobalClr) {
            $nColors = $this->m_gfh->m_nTableSize;
            $pal     = $this->m_gfh->m_colorTable->toString();
            if ($bgColor != -1) {
                $bgColor = $this->m_gfh->m_colorTable->colorIndex($bgColor);
            }
        } else {
            $nColors = 0;
            $bgColor = -1;
        }

        // PREPARE BITMAP BITS
        $data = $this->m_img->m_data;
        $nPxl = 0;
        $bmp  = '';
        for ($y = 0; $y < $this->m_gfh->m_nHeight; $y++) {
            $bmp .= "\x00";
            for ($x = 0; $x < $this->m_gfh->m_nWidth; $x++, $nPxl++) {
                if (($x >= $this->m_img->m_gih->m_nLeft)
                    && ($y >= $this->m_img->m_gih->m_nTop)
                    && ($x < ($this->m_img->m_gih->m_nLeft + $this->m_img->m_gih->m_nWidth))
                    && ($y < ($this->m_img->m_gih->m_nTop + $this->m_img->m_gih->m_nHeight))
                ) {
                    // PART OF IMAGE
                    $bmp .= $data{$nPxl};
                } else {

                    // BACKGROUND
                    if ($bgColor == -1) {
                        $bmp .= chr($this->m_gfh->m_nBgColor);
                    } else {
                        $bmp .= chr($bgColor);
                    }
                }
            }
        }
        $bmp = gzcompress($bmp, 9);

        ///////////////////////////////////////////////////////////////////////
        // SIGNATURE
        $out .= "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A";
        ///////////////////////////////////////////////////////////////////////
        // HEADER
        $out .= "\x00\x00\x00\x0D";
        $tmp = 'IHDR';
        $tmp .= $this->ndword($this->m_gfh->m_nWidth);
        $tmp .= $this->ndword($this->m_gfh->m_nHeight);
        $tmp .= "\x08\x03\x00\x00\x00";
        $out .= $tmp;
        $out .= $this->ndword(crc32($tmp));
        ///////////////////////////////////////////////////////////////////////
        // PALETTE
        if ($nColors > 0) {
            $out .= $this->ndword($nColors * 3);
            $tmp = 'PLTE';
            $tmp .= $pal;
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            $out .= $tmp;
            $out .= $this->ndword(crc32($tmp));
        }
        ///////////////////////////////////////////////////////////////////////
        // TRANSPARENCY
        if (@$this->m_img->m_bTrans && ($nColors > 0)) {
            $out .= $this->ndword($nColors);
            $tmp = 'tRNS';
            for ($i = 0; $i < $nColors; $i++) {
                $tmp .= ($i == $this->m_img->m_nTrans) ? "\x00" : "\xFF";
            }
            $out .= $tmp;
            $out .= $this->ndword(crc32($tmp));
        }
        ///////////////////////////////////////////////////////////////////////
        // DATA BITS
        $out .= $this->ndword(strlen($bmp));
        $tmp = 'IDAT';
        $tmp .= $bmp;
        $out .= $tmp;
        $out .= $this->ndword(crc32($tmp));
        ///////////////////////////////////////////////////////////////////////
        // END OF FILE
        $out .= "\x00\x00\x00\x00IEND\xAE\x42\x60\x82";

        return $out;
    }

    ///////////////////////////////////////////////////////////////////////////

    // Added by James Heinrich <[email protected]> - January 5, 2003

    // Takes raw image data and plots it pixel-by-pixel on a new GD image and returns that
    // It's extremely slow, but the only solution when ImageCreateFromString() fails
    /**
     * @return bool|resource

     */
    public function getGD_PixelPlotterVersion()
    {
        if (!$this->m_bLoaded) {
            return false;
        }

        // PREPARE COLOR TABLE (RGBQUADs)
        if ($this->m_img->m_gih->m_bLocalClr) {
            $pal = $this->m_img->m_gih->m_colorTable->toString();
        } elseif ($this->m_gfh->m_bGlobalClr) {
            $pal = $this->m_gfh->m_colorTable->toString();
        } else {
            die('No color table available in getGD_PixelPlotterVersion()');
        }

        $PlottingIMG    = imagecreate($this->m_gfh->m_nWidth, $this->m_gfh->m_nHeight);
        $NumColorsInPal = floor(strlen($pal) / 3);
        for ($i = 0; $i < $NumColorsInPal; $i++) {
            $ThisImageColor[$i] = imagecolorallocate($PlottingIMG, ord($pal{($i * 3) + 0}), ord($pal{($i * 3) + 1}), ord($pal{($i * 3) + 2}));
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
        }

        // PREPARE BITMAP BITS
        $data = $this->m_img->m_data;
        $nPxl = ($this->m_gfh->m_nHeight - 1) * $this->m_gfh->m_nWidth;
        for ($y = 0; $y < $this->m_gfh->m_nHeight; $y++) {
            if (!phpthumb_functions::FunctionIsDisabled('set_time_limit')) {
                set_time_limit(30);
            }
            for ($x = 0; $x < $this->m_gfh->m_nWidth; $x++, $nPxl++) {
                if (($x >= $this->m_img->m_gih->m_nLeft)
                    && ($y >= $this->m_img->m_gih->m_nTop)
                    && ($x < ($this->m_img->m_gih->m_nLeft + $this->m_img->m_gih->m_nWidth))
                    && ($y < ($this->m_img->m_gih->m_nTop + $this->m_img->m_gih->m_nHeight))
                ) {
                    // PART OF IMAGE
                    if (@$this->m_img->m_bTrans && (ord($data{$nPxl}) == $this->m_img->m_nTrans)) {
                        imagesetpixel($PlottingIMG, $x, $this->m_gfh->m_nHeight - $y - 1, $ThisImageColor[$this->m_gfh->m_nBgColor]);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
                    } else {
                        imagesetpixel($PlottingIMG, $x, $this->m_gfh->m_nHeight - $y - 1, $ThisImageColor[ord($data{$nPxl})]);
                    }
                } else {
                    // BACKGROUND
                    imagesetpixel($PlottingIMG, $x, $this->m_gfh->m_nHeight - $y - 1, $ThisImageColor[$this->m_gfh->m_nBgColor]);
                }
            }
            $nPxl -= $this->m_gfh->m_nWidth << 1;
        }

        return $PlottingIMG;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $val
     * @return string
     */
    public function dword($val)
    {
        $val = (int)$val;

        return chr($val & 0xFF) . chr(($val & 0xFF00) >> 8) . chr(($val & 0xFF0000) >> 16) . chr(($val & 0xFF000000) >> 24);
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @param $val
     * @return string
     */
    public function ndword($val)
    {
        $val = (int)$val;

        return chr(($val & 0xFF000000) >> 24) . chr(($val & 0xFF0000) >> 16) . chr(($val & 0xFF00) >> 8) . chr($val & 0xFF);
    }

    ///////////////////////////////////////////////////////////////////////////

    public function width()
    {
        return $this->m_gfh->m_nWidth;
    }

    ///////////////////////////////////////////////////////////////////////////

    public function height()
    {
        return $this->m_gfh->m_nHeight;
    }

    ///////////////////////////////////////////////////////////////////////////

    public function comment()
    {
        return $this->m_img->m_lpComm;
    }

    ///////////////////////////////////////////////////////////////////////////

    /**
     * @return bool
     */
    public function loaded()
    {
        return $this->m_bLoaded;
    }
}

///////////////////////////////////////////////////////////////////////////////////////////////////

Issues (1210)

Security Analysis not enabled

thumbs/phpthumb.gif.php (41 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

XoopsModules25x / apcal

Issues (1210)

Security Analysis not enabled

thumbs/phpthumb.gif.php (41 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like
