From 26f592b00abed7d2f4ca90f78f1376a65ec83387 Mon Sep 17 00:00:00 2001 From: Licoy Date: Sat, 28 Jan 2023 13:47:55 +0800 Subject: [PATCH] =?UTF-8?q?:sparkles:=20=E4=BC=98=E5=8C=96=E5=85=B3?= =?UTF-8?q?=E4=BA=8E=E7=BC=A9=E7=95=A5=E5=9B=BE=E4=B8=AD=E6=96=87=E8=B7=AF?= =?UTF-8?q?=E5=BE=84=E7=9A=84=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- inc/fun/core.php | 2 +- inc/fun/opt.php | 15 +++++++++++++++ inc/setting/options/OptionGlobal.php | 2 +- timthumb.php | 13 +++++++++++-- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/inc/fun/core.php b/inc/fun/core.php index 4d76305d..14ed5104 100755 --- a/inc/fun/core.php +++ b/inc/fun/core.php @@ -367,7 +367,7 @@ function pk_get_img_thumbnail_src($src, $width, $height, $args = array()) return $src; } if (pk_is_checked('thumbnail_rewrite_open')) { - return home_url() . "/timthumb/w_{$width}/h_{$height}/q_90/zc_1/a_c/" . str_replace("=", "", base64_encode($src)) . ".png"; + return home_url() . "/timthumb/w_{$width}/h_{$height}/q_90/zc_1/a_c/" . pk_safe_base64_encode($src) . ".png"; } return PUOCK_ABS_URI . "/timthumb.php?w={$width}&h={$height}&a=c&zc=1&q=90&src=" . $src; } diff --git a/inc/fun/opt.php b/inc/fun/opt.php index 297287cb..3c5dd21e 100755 --- a/inc/fun/opt.php +++ b/inc/fun/opt.php @@ -557,3 +557,18 @@ function pk_get_custom_seo() { return $GLOBALS['pk-seo'] ?? array(); } + +function pk_safe_base64_encode($string) +{ + $data = base64_encode($string); + return str_replace(array('+', '/', '='), array('-', '_', ''), $data); +} + +function pk_safe_base64_decode($string){ + $data = str_replace(array('-','_'),array('+','/'),$string); + $mod4 = strlen($data) % 4; + if ($mod4) { + $data .= substr('====', $mod4); + } + return base64_decode($data); +} diff --git a/inc/setting/options/OptionGlobal.php b/inc/setting/options/OptionGlobal.php index 4b6f37d5..645cdae3 100644 --- a/inc/setting/options/OptionGlobal.php +++ b/inc/setting/options/OptionGlobal.php @@ -202,7 +202,7 @@ function get_fields(): array 'type' => 'switch', 'badge' => ['value' => 'New'], 'sdt' => false, - 'tips' => "⚠️".__('若开启此选项,请自行手动在Nginx配置中添加伪静态规则', PUOCK).":rewrite ^/timthumb/w_([0-9]+)/h_([0-9]+)/q_([0-9]+)/zc_([0-9])/a_([a-z]+)/([0-9A-Za-z]+)\.([0-9a-z]+)$ /wp-content/themes/" . get_template() . "/timthumb.php?w=$1&h=$2&q=$3&zc=$4&a=$5&src=$6;" + 'tips' => "⚠️".__('若开启此选项,请自行手动在Nginx配置中添加伪静态规则', PUOCK).":rewrite ^/timthumb/w_([0-9]+)/h_([0-9]+)/q_([0-9]+)/zc_([0-9])/a_([a-z]+)/([0-9A-Za-z_\-]+)\.([0-9a-z]+)$ /wp-content/themes/" . get_template() . "/timthumb.php?w=$1&h=$2&q=$3&zc=$4&a=$5&src=$6;" ], [ 'id' => 'thumbnail_allows', diff --git a/timthumb.php b/timthumb.php index 36ae3b26..f273e825 100755 --- a/timthumb.php +++ b/timthumb.php @@ -188,6 +188,15 @@ public static function start() exit(0); } + private static function safe_base64_decode($string){ + $data = str_replace(array('-','_'),array('+','/'),$string); + $mod4 = strlen($data) % 4; + if ($mod4) { + $data .= substr('====', $mod4); + } + return base64_decode($data); + } + public function __construct() { global $ALLOWED_SITES; @@ -218,8 +227,8 @@ public function __construct() $this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']); $this->src = $this->param('src'); - if(filter_var($this->src, FILTER_VALIDATE_URL) === false){ - $this->src = base64_decode($this->src); + if(strpos($this->src,"http://")===false && strpos($this->src,"https://")===false){ + $this->src = self::safe_base64_decode($this->src); } $this->url = parse_url($this->src); $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);