Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- timthumb.php 2011-08-02 08:15:25.000000000 -0700
- +++ timthumb.new 2011-08-02 11:08:55.000000000 -0700
- @@ -641,7 +641,9 @@
- display_error ('source filename invalid');
- }
- - if (($url_info['host'] == 'www.youtube.com' || $url_info['host'] == 'youtube.com') && preg_match ('/v=([^&]+)/i', $url_info['query'], $matches)) {
- + $url_host = preg_replace( '/^www\./', '', strtolower( $url_info['host'] ) );
- +
- + if ( $url_host == 'youtube.com' && preg_match ('/v=([^&]+)/i', $url_info['query'], $matches) ) {
- $v = $matches[1];
- $src = 'http://img.youtube.com/vi/' . $v . '/0.jpg';
- $url_info['host'] = 'img.youtube.com';
- @@ -650,19 +652,10 @@
- $isAllowedSite = false;
- // check allowed sites (if required)
- - if (ALLOW_EXTERNAL) {
- -
- + if (ALLOW_EXTERNAL)
- $isAllowedSite = true;
- -
- - } else {
- -
- - foreach ($allowedSites as $site) {
- - if (preg_match ('/(?:^|\.)' . $site . '$/i', $url_info['host'])) {
- - $isAllowedSite = true;
- - }
- - }
- -
- - }
- + else
- + $isAllowedSite = (bool)count( preg_grep( '/^' . preg_quote( $url_host ) . '$/i', $allowedSites ) );
- // if allowed
- if ($isAllowedSite) {
- @@ -861,4 +854,4 @@
- echo '<br />TimThumb version : ' . VERSION . '</pre>';
- die ();
- -}
- \ No newline at end of file
- +}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement