source: trunk/unsupported_plugins/ImageManager/config.inc.php @ 1366

Last change on this file since 1366 was 1366, checked in by gogo, 15 months ago

Move ExtendedFileManager? and ImageManager? into unsupported_plugins to deprecate.

Add a .htaccess file which denies access to some unsupported_plugins which may have security vulnerabilities (eg, ImageManager? and ExtendedFileManager?)

  • Property svn:keywords set to LastChangedDate LastChangedRevision LastChangedBy HeadURL Id
File size: 13.6 KB
Line 
1<?php
2
3  die('Developer, this plugin ImageManager has been deprecated.  You are STRONGLY advised to use MootoolsFileManager plugin instead.  If you really must continue using this plugin, please edit xinha/unsupported_plugins/ImageManager/config.php to remove this notice.');
4
5/**
6 * Image Manager configuration file.
7 * @author $Author:gogo $
8 * @version $Id:config.inc.php 830 2007-05-09 13:27:34Z gogo $
9 * @package ImageManager
10 *
11 * @todo change all these config values to defines()
12 */
13
14// REVISION HISTORY:
15//
16// 2005-03-20 Yermo Lamers (www.formvista.com):
17//      . unified backend.
18// . created a set of defaults that make sense for bundling with Xinha.
19
20// -------------------------------------------------------------------------
21
22/**
23* Default backend URL
24*
25* URL to use for unified backend.
26*
27* The ?__plugin=ImageManager& is required.
28*/
29
30$IMConfig['backend_url'] = "backend.php?__plugin=ImageManager&";
31
32/**
33* Backend Installation Directory
34*
35* location of backend install; these are used to link to css and js
36* assets because we may have the front end installed in a different
37* directory than the backend. (i.e. nothing assumes that the frontend
38* and the backend are in the same directory)
39*/
40
41$IMConfig['base_dir'] = getcwd();
42$IMConfig['base_url'] = '';
43
44// ------------------------------------------------------------
45
46/**
47* Path to directory containing images.
48*
49* File system path to the directory you want to manage the images
50* for multiple user systems, set it dynamically.
51*
52* NOTE: This directory requires write access by PHP. That is,
53* PHP must be able to create files in this directory.
54* Able to create directories is nice, but not necessary.
55*
56* CHANGE THIS: for out-of-the-box demo purposes we're setting this to ./demo_images
57* which has some graphics in it.
58*/
59
60// $IMConfig['images_dir'] = "/some/path/to/images/directory;
61
62$IMConfig['images_dir'] = "demo_images";
63
64// -------------------------------------------------------------------------
65
66/**
67* URL of directory containing images.
68*
69* The URL to the above path, the web browser needs to be able to see it.
70* It can be protected via .htaccess on apache or directory permissions on IIS,
71* check you web server documentation for futher information on directory protection
72* If this directory needs to be publicly accessiable, remove scripting capabilities
73* for this directory (i.e. disable PHP, Perl, CGI). We only want to store assets
74* in this directory and its subdirectories.
75*
76* CHANGE THIS: You need to change this to match the url where you have Xinha
77* installed. If the images show up blank chances are this is not set correctly.
78*/
79
80// $IMConfig['images_url'] = "/url/to/above";
81
82// try to figure out the URL of the sample images directory. For your installation
83// you will probably want to keep images in another directory.
84
85$IMConfig['images_url'] = str_replace( "backend.php", "", $_SERVER["PHP_SELF"] ) . "demo_images";
86
87// -------------------------------------------------------------------------
88
89/**
90* PHP Safe Mode?
91*
92* Possible values: true, false
93*
94* TRUE - If PHP on the web server is in safe mode, set this to true.
95* SAFE MODE restrictions: directory creation will not be possible,
96* only the GD library can be used, other libraries require
97* Safe Mode to be off.
98*
99* FALSE - Set to false if PHP on the web server is not in safe mode.
100*/
101
102$IMConfig['safe_mode'] = false;
103
104// -------------------------------------------------------------------------
105
106/**
107* Image Library to use.
108*
109* Possible values: 'GD', 'IM', or 'NetPBM'
110*
111* The image manipulation library to use, either GD or ImageMagick or NetPBM.
112* If you have safe mode ON, or don't have the binaries to other packages,
113* your choice is 'GD' only. Other packages require Safe Mode to be off.
114*
115* DEFAULT: GD is probably the most likely to be available.
116*/
117
118$IMConfig['IMAGE_CLASS'] = 'GD';
119
120
121// -------------------------------------------------------------------------
122
123/**
124* NetPBM or IM binary path.
125*
126* After defining which library to use, if it is NetPBM or IM, you need to
127* specify where the binary for the selected library are. And of course
128* your server and PHP must be able to execute them (i.e. safe mode is OFF).
129* GD does not require the following definition.
130*/
131
132$IMConfig['IMAGE_TRANSFORM_LIB_PATH'] ='/usr/bin/';
133
134// For windows, something like
135// C:/"Program Files"/ImageMagick-5.5.7-Q16/
136
137// -------------------------------------------------------------------------
138//                OPTIONAL SETTINGS
139// -------------------------------------------------------------------------
140
141/**
142* Thumbnail prefix
143*
144* The prefix for thumbnail files, something like .thumb will do. The
145* thumbnails files will be named as "prefix_imagefile.ext", that is,
146*  prefix + orginal filename.
147*/
148
149$IMConfig['thumbnail_prefix'] = '.';
150
151// -------------------------------------------------------------------------
152
153/**
154* Thumbnail Directory
155*
156* Thumbnail can also be stored in a directory, this directory
157* will be created by PHP. If PHP is in safe mode, this parameter
158*  is ignored, you can not create directories.
159*
160*  If you do not want to store thumbnails in a directory, set this
161*  to false or empty string '';
162*/
163
164$IMConfig['thumbnail_dir'] = '.thumbs';
165
166// -------------------------------------------------------------------------
167
168/**
169 * Resize files, or not.  If the dimensions for an image are changed
170 * this will control if the image is actually resized. 
171 *
172 * Usually you want this true, unless you are very disk space concious.
173 */
174 
175$IMConfig['resize_files'] = true;
176
177// -------------------------------------------------------------------------
178
179/**
180* Resized prefix
181*
182* The prefix for resized files, something like .resized will do.  The
183* resized files will be named <prefix>_<width>x<height>_<original>
184* resized files are created when one changes the dimensions of an image
185* in the image manager selection dialog - the image is scaled when the
186* user clicks the ok button.
187*/
188
189$IMConfig['resized_prefix'] = '.resized';
190
191// -------------------------------------------------------------------------
192
193/**
194* Resized Directory
195*
196* Resized images may also be stored in a directory, except in safe mode.
197*/
198
199$IMConfig['resized_dir'] = '.resized';
200
201/**
202 * Full options
203 *
204 * Determines whether the user is given options for padding,
205 * background/padding colour, margin, border and border colour.
206 */
207
208$IMConfig['show_full_options'] = true;
209 
210// -------------------------------------------------------------------------
211
212/**
213* Allow New Directories
214*
215*
216* Possible values: true, false
217*
218* TRUE -  Allow the user to create new sub-directories in the
219*        $IMConfig['base_dir'].
220*
221* FALSE - No directory creation.
222*
223* NOTE: If $IMConfig['safe_mode'] = true, this parameter
224*     is ignored, you can not create directories
225*
226* DEFAULT: for demo purposes we turn this off.
227*/
228
229$IMConfig['allow_new_dir'] = false;
230
231// -------------------------------------------------------------------------
232
233/**
234* Allow Uploads
235*
236*  Possible values: true, false
237*
238*  TRUE - Allow the user to upload files.
239*
240*  FALSE - No uploading allowed.
241*
242* DEFAULT: for demo purposes we turn this off.
243*/
244
245$IMConfig['allow_upload'] = false;
246
247// -------------------------------------------------------------------------
248
249/**
250* Allow Delete
251*
252*  Possible values: true, false
253*
254*  TRUE - Allow the user to delete files/dirs
255*
256*  FALSE - No deleting allowed.
257*
258*/
259
260$IMConfig['allow_delete'] = false;
261
262// -------------------------------------------------------------------------
263
264/**
265* Allow Edit
266*
267*  Possible values: true, false
268*
269*  TRUE - Allow the user to edit files
270*
271*  FALSE - No editing allowed.
272*
273*/
274
275$IMConfig['allow_edit'] = false;
276
277
278// -------------------------------------------------------------------------
279
280/**
281* Validate Images
282*
283* Possible values: true, false
284*
285* TRUE - If set to true, uploaded files will be validated based on the
286*        function getImageSize, if we can get the image dimensions then
287*        I guess this should be a valid image. Otherwise the file will be rejected.
288*
289* FALSE - All uploaded files will be processed.
290*
291* NOTE: If uploading is not allowed, this parameter is ignored.
292*/
293
294$IMConfig['validate_images'] = true;
295
296$IMConfig['allowed_image_extensions'] = array("jpg","gif","png","jpeg");
297
298// -------------------------------------------------------------------------
299
300/**
301* Default Thumnail.
302*
303* The default thumbnail if the thumbnails can not be created, either
304* due to error or bad image file.
305*/
306
307$IMConfig['default_thumbnail'] = 'img/default.gif';
308
309// -------------------------------------------------------------------------
310
311/**
312*  Thumbnail dimensions.
313*/
314
315$IMConfig['thumbnail_width'] = 96;
316$IMConfig['thumbnail_height'] = 96;
317
318// -------------------------------------------------------------------------
319
320/**
321* Editor Temporary File Prefix.
322*
323* Image Editor temporary filename prefix.
324*/
325
326$IMConfig['tmp_prefix'] = '.editor_';
327
328
329$IMConfig['ViewMode'] = 'thumbs';
330
331// -------------------------------------------------------------------------
332
333/** Margin Types
334 *  If your HTML will be used in an email, then using CSS type "margin"
335 *  is not so reliable and you should set UseHSpaceVSpace to be true
336 *  to go back to the old fashioned hspace="" and vspace="" attributes on
337 *  images.
338 */
339$IMConfig['UseHSpaceVSpace'] = false;
340
341// -------------------------------------------------------------------------
342
343/**
344 * ImageManager/Picker can provide selection interfaces for more than just
345 * images on the server ("Pictures").
346 *
347 *  Local - the classical ImageManager for images stored on this server.
348 *
349 *  YouTube  - provides selection (but not upload etc) of videos on YouTube
350 *    see smart-image.js for how to make the videos work as videos instead of
351 *    static images.
352 *
353 *  Flickr   - provides selection (but not upload etc) of public images on Flickr
354 *    Set
355 *       $IMConfig['Flickr'] = array('Key' => 'yourkeyhere');
356 *    to turn on Flickr support.
357 *
358 *    To get a key: http://www.flickr.com/services/api/keys/
359 *
360 *    WARNING: Flickr restricts commercial use of the API.  If your site is in any way even
361 *     remotely commercial you need to ask for a commercial key from flickr.
362 *
363 *    ADDITIONAL WARNING: Flickr requires that you provide a link back to them, preferably
364 *     on the image itself (linking to the image) - you can use smart-image.js to do
365 *     something like this.
366 *
367 *    ADDITIONAL ADDITIONAL WARNING: It's up to you to comply with the image's license!!
368 */
369 
370$IMConfig['Local'] = TRUE;
371$IMConfig['YouTube']  = FALSE;
372$IMConfig['Flickr']   = FALSE;
373
374// These are some configurable defaults for Flickr, to override
375//  $IMConfig['Flickr'] = array('Whatever' => 'You Want');
376$FlickrDefaults = array
377(
378  // This is the URL as flickr provides it for the licence which you wish
379  // to search on by default.  The default here is the least restrictive one.
380  'Default License' => 'http://creativecommons.org/licenses/by/2.0/',
381   
382); 
383
384
385////////////////////////////////////////////////////////////////////////////////
386//       ================== END OF CONFIGURATION =======================      //
387////////////////////////////////////////////////////////////////////////////////
388
389
390// Standard PHP Backend Data Passing
391//  if data was passed using xinha_pass_to_php_backend() we merge the items
392//  provided into the Config
393require_once(realpath(dirname(__FILE__) . '/../../contrib/php-xinha.php'));
394if($passed_data = xinha_read_passed_data())
395{
396  $IMConfig = array_merge($IMConfig, $passed_data);
397  $IMConfig['backend_url'] .= xinha_passed_data_querystring() . '&';
398 
399  if($IMConfig['Flickr'])
400  {
401    foreach($FlickrDefaults as $k => $v)
402    {
403      if(!isset($IMConfig['Flickr'][$k]))
404      {
405        $IMConfig['Flickr'][$k] = $v;
406      }
407    }
408  }
409}
410// Deprecated config passing, don't use this way any more!
411elseif(isset($_REQUEST['backend_config']))
412{
413  if(get_magic_quotes_gpc()) {
414    $_REQUEST['backend_config'] = stripslashes($_REQUEST['backend_config']);
415  }
416 
417  if($_REQUEST['backend_config_secret_key_location'] !== 'Xinha:ImageManager')
418  {
419    trigger_error('Programming Error - please contact the website administrator/programmer to alert them to this problem. A non-default backend key location is being used to pass backend data to Xinha, but the same key location is not being used to receive data.  The special backend configuration has been ignored.  To resolve this, you should edit plugins/ImageManager/config.php and change the default key location from "Xinha:ImageManager" to your desired non default.  See: http://trac.xinha.org/ticket/1518', E_USER_ERROR);   
420  }
421  else
422  {
423 
424  // Config specified from front end, check that it's valid
425  session_start();
426  $secret = $_SESSION[$_REQUEST['backend_config_secret_key_location']];
427
428  if($_REQUEST['backend_config_hash'] !== sha1($_REQUEST['backend_config'] . $secret))
429  {
430    die("Backend security error.");
431  }
432
433  $to_merge = unserialize($_REQUEST['backend_config']);
434  if(!is_array($to_merge))
435  {
436    die("Backend config syntax error.");
437  }
438
439  $IMConfig = array_merge($IMConfig, $to_merge);
440  $IMConfig['backend_url'] .= "backend_config=" . rawurlencode($_REQUEST['backend_config']) . '&';
441  $IMConfig['backend_url'] .= "backend_config_hash=" . rawurlencode($_REQUEST['backend_config_hash']) . '&';
442  $IMConfig['backend_url'] .= "backend_config_secret_key_location=" . rawurlencode($_REQUEST['backend_config_secret_key_location']) . '&';
443  }
444}
445
446define('IMAGE_CLASS', $IMConfig['IMAGE_CLASS']);
447define('IMAGE_TRANSFORM_LIB_PATH', $IMConfig['IMAGE_TRANSFORM_LIB_PATH']);
448define( "IM_CONFIG_LOADED", "yes" );
449
450// bring in the debugging library
451
452include_once( "ddt.php" );
453
454// uncomment to send debug messages to a local file
455// _setDebugLog( "/tmp/debug_log.txt" );
456
457// turn debugging on everywhere.
458// _ddtOn();
459
460// END
461
462?>
Note: See TracBrowser for help on using the repository browser.