Solved

PHP htaccess Watermark Apostrophe Problem

Posted on 2012-04-02
9
685 Views
Last Modified: 2012-04-29
I have a PHP script which places a watermark on images on my site.  The problem is, any image with an apostrophe in its URL no longer displays.  How can I modify my code so that this no longer happens?

Here's my code:
<?php
    
    /*
     * This script places a watermark on a given jpeg, png or gif image.
     */
    
      // loads a png, jpeg or gif image from the given file name
      function imagecreatefromfile($image_path) {
        // retrieve the type of the provided image file
        list($width, $height, $image_type) = getimagesize($image_path);
    
        // select the appropriate imagecreatefrom* function based on the determined
        // image type
        switch ($image_type)
        {
          case IMAGETYPE_GIF: return imagecreatefromgif($image_path); break;
          case IMAGETYPE_JPEG: return imagecreatefromjpeg($image_path); break;
          case IMAGETYPE_PNG: return imagecreatefrompng($image_path); break;
          default: return ''; break;
        }
      }
    
      // load source image to memory
      $image = imagecreatefromfile($_GET['image']);
      if (!$image) die('Unable to open image');
    
      // load watermark to memory
      $watermark = imagecreatefromfile($_GET['watermark']);
      if (!$image) die('Unable to open watermark');
    
      // calculate the position of the watermark in the output image (the
      // watermark shall be placed in the lower right corner)
      $watermark_pos_x = imagesx($image) - imagesx($watermark);
      $watermark_pos_y = imagesy($image) - imagesy($watermark);
    
      // merge the source image and the watermark
      imagecopy($image, $watermark,  $watermark_pos_x, $watermark_pos_y, 0, 0,
        imagesx($watermark), imagesy($watermark));
    
      // output watermarked image to browser
      header('Content-Type: image/jpeg');
      imagejpeg($image, '', 85);  // use best image quality (100)
    
      // remove the images from memory
      imagedestroy($image);
      imagedestroy($watermark);
    
    ?>

Open in new window


Not sure if this matters but here's my .htaccess code:
RewriteEngine on
    RewriteRule ^(.*\.(jp?g))$ /videogames/watermark.php?image=$1&watermark=watermark.png [NC]

Open in new window

0
Comment
Question by:davideo7
  • 3
  • 3
  • 3
9 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 37799175
Have a look at this article.  It may not be the perfect answer, but you may find an answer in the design pattern.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_10065-Adding-a-Watermark-to-an-Image.html
0
 

Author Comment

by:davideo7
ID: 37799180
Ray_Paseur: I get an error when visiting that URL:

"Permission Denied
This article is currently still in progress and yet to be approved."
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 37799662
I can see that article without any trouble.

An 'apostrophe' is a reserved character in URLs and must be encoded as %27 to be included.  More info here: http://en.wikipedia.org/wiki/Percent-encoding
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 37801985
I think the article has been published now.  Can you please show us an example of the issue?  I cannot find anything in the posted code that leads me to an understanding of exactly what is happening.  Is it because you have images named something like "bill's_photo.jpg?"
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:davideo7
ID: 37804274
Ray_Paseur: Exactly that.  An image titled "bill's_photo.jpg" would give me the problem.  I think it's actually a problem that can be fixed in the .htaccess file.  It appears that I can view the article now so I'll take a look.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 37804312
"bill's_photo.jpg" still will not be a 'legal' URL...
0
 

Author Comment

by:davideo7
ID: 37805512
DaveBaldwin: What do you mean by that?
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 250 total points
ID: 37805700
I think what DaveBaldwin may be getting at goes to the way that a string value with a quote or apostrophe made its way into your file name.  There are some things that are just axiomatic in computer programming, and using the correct character set (actually the correct, minimum character set) for file names is one of those things.  If you limit your file names to letters, numbers and the underscore you will have good file names that always make sense and always work correctly.  You can add the hyphen if you've got file names that contain ISO date representations.  If you start adding things like apostrophes, percent signs, etc., you will find that your HTML and PHP scripts must become more complicated in order to deal with these oddities.  So my instinct is to filter those sorts of things out of file names.  Here is a filter that might work for you.
$safe_filename = preg_replace('#[^/A-Z_0-9-\.]#i', NULL, $external_filename);

Open in new window

Finally, you need to be aware that Windows platforms are case-insensitive and Linux platforms are case-sensitive.  This might matter if you move your scripts from one to another.  You might also look at the PHP function filter_var().  HTH, ~Ray
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 250 total points
ID: 37807178
I mean that in the 'rules' for creating URLs and file names, not all characters are allowed.  Read here http://en.wikipedia.org/wiki/Percent-encoding and here for Windows http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx .  And here's the 'official' word if you want: http://www.ietf.org/rfc/rfc1738.txt
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now