• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 184
  • Last Modified:

Problems with adding text to image

I have a peice of code that adds some text to images on-the-fly for my image galleries. It works perfectly in normal instances. However when I pass a filename to my function that contains a  ' (single quote) character the function does not return the new image with the text on - it doesn't return anything and I get an image not found box in my browser. It doesn't matter where in the filename the ' is (whether it be in a directory path or the filename itself).

I've tried escaping the ' and I've tried doubling the ' to '' but neither seem to work.

I'm running Suse Linux 8.1, Apache 1.3.27, php 4.3.0 compiled with in-built GD library and Mysql 3.23.55.

Here are the relevant code snippets:

It is called like this from my showphoto.php script

print "<img src=\"/includes/addtext.php?img=../photos/".urlencode(addslashes($myrow["url"]))."&txt=".urlencode("Copyright ".$myrow["taken_by"])."&loc=".$loc."&col=".$col."\" alt=\"".$myrow["alt_text"]."\">";

where
img = image name (including path)
txt = text to show
loc = location of text
col = colour of text
$myrow is an array with results from a db query in it.

and here is addtext.php
<?php
     $image = "./".$_GET["img"];
     
     $txt = $_GET["txt"];
     $pos = $_GET["loc"];
     $col = $_GET["col"];
     
     // Strip out any html tags from the txt text string (remove any hrefs or email links)
     $txt = preg_replace("/<\/?\w+[^>]*>/","",$txt);

     $fnt = 2;
     $pos = strtolower($pos);
     $col = strtolower($col);
     $src_img = ImageCreateFromJpeg($image);
     $img_x = ImageSX($src_img);
     $img_y = ImageSY($src_img);

     $white = ImageColorAllocate($src_img, 255, 255, 255);
     $black = ImageColorAllocate($src_img, 0, 0, 0);

     $font_w = imagefontwidth($fnt);
     $font_h = imagefontheight($fnt);
     $slen = strlen($txt);
     $ad_text = "our web site";
     $ad_len = strlen($ad_text);

     switch ($col) {
          case 'white':
          case 'wh':
          case 'w':
               $txt_col = $white;
               break;
          case 'black':
          case 'bl':
          case 'b':
               $txt_col = $black;
               break;
          default:
               $txt_col = $black;
          }

     switch ($pos) {
         case 'bl':
             $str_x_pos = 5;
             $ad_str_x_pos = 5;
             $str_y_pos = ($img_y - (20 + $font_h));
          break;
         case 'br':
             $str_x_pos = ($img_x - (($slen * $font_w) +5));
             $ad_str_x_pos = ($img_x - (($ad_len * $font_w) +5));
             $str_y_pos = ($img_y - (20 + $font_h));
          break;
         case 'tl':
             $str_x_pos = 5;
             $ad_str_x_pos = 5;
             $str_y_pos = 5;
          break;
         case 'tr':
             $str_x_pos = ($img_x - (($slen * $font_w) +5));
             $ad_str_x_pos = ($img_x - (($ad_len * $font_w) +5));
             $str_y_pos = 5;
          break;
         default:
             $str_x_pos = 5;
             $str_y_pos = ($img_y - (5 + $font_h));
          }

     imagestring($src_img, $fnt, $str_x_pos, $str_y_pos, $txt, $txt_col);
     imagestring($src_img, $fnt, $ad_str_x_pos, $str_y_pos+15, $ad_text, $txt_col);

     ImageJpeg($src_img,'',100);
     ImageDestroy($src_img);

     return(1);

?>

So, does anyone have any ideas how to make this code work with filenames that have single quotes in them? (Remember it works perfectly with filenames that don't have ' in them)

Thanks
Andrew
0
andrew30
Asked:
andrew30
1 Solution
 
VGRCommented:
could you comment out the ereg_replace() call and give it a try ?
0
 
andrew30Author Commented:
I've commented out the preg_replace near the top of addtext.php (if that's what you meant) and it made no difference.


0
 
andrew30Author Commented:
VGR,

Since it seems to be linked to the filename, do you think there could be an issue with the ImageCreateFromJpeg function?

BTW Thank you for helping me.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
VGRCommented:
could be. Cold you echo somewhere (file, screen, DB) the $image value received in the function via $_GET[] ?
0
 
andrew30Author Commented:
Ok, wrote the $image value out to a file, for the image ../photos/blenheim/'r3281'/ajd160-06.jpg

the result is

../photos/blenheim/\\\'r3281\\\'/ajd160-06.jpg

Having seen this (and thinking that there may be a few to many slashes there!) I tried removing the addslashes from the print statement used to call the addtext function and I get the result now

../photos/blenheim/\'r3281\'/ajd160-06.jpg

but still no image.

FIXED!

I have removed the addslashes and the urlencode from around the $myrow["url"] in the print statement in showphoto.php and added $image = str_replace("\'","'",$image); after the line $image = "./".$_GET["img"]; at the top of addtext.php.

and it now shows them perfectly!

But does the fact that I'm not urlencoding and adding slashes now give me a security problem? - anyone could pass a string via the img parameter that I will automatically try and create an image from.

Many thanks for your assistance VGR
0
 
andrew30Author Commented:
Ok, wrote the $image value out to a file, for the image ../photos/blenheim/'r3281'/ajd160-06.jpg

the result is

../photos/blenheim/\\\'r3281\\\'/ajd160-06.jpg

Having seen this (and thinking that there may be a few to many slashes there!) I tried removing the addslashes from the print statement used to call the addtext function and I get the result now

../photos/blenheim/\'r3281\'/ajd160-06.jpg

but still no image.

FIXED!

I have removed the addslashes and the urlencode from around the $myrow["url"] in the print statement in showphoto.php and added $image = str_replace("\'","'",$image); after the line $image = "./".$_GET["img"]; at the top of addtext.php.

and it now shows them perfectly!

But does the fact that I'm not urlencoding and adding slashes now give me a security problem? - anyone could pass a string via the img parameter that I will automatically try and create an image from.

Many thanks for your assistance VGR
0
 
jaxnCommented:
And to think, I was just about to say:

$txt = strip_slashes(preg_replace("/<\/?\w+[^>]*>/","",$txt));

That would fix the problem.

-Jackson
0
 
snoyes_jwCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup topic area:
    PAQ with points refunded

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

snoyes_jw
EE Cleanup Volunteer
0
 
NetminderCommented:
PAQed, with points refunded (100)

Netminder
Site Admin
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now