kasparsd · February 12, 2025 07:30
diff --git a/cloudflare-image-server.php b/cloudflare-image-server.php
 <?php
 /**
 * Plugin Name: Cloudflare Image API Mock
 * Description: Replicate Cloudflare Image API functionality locally.
 *
 * IMPORTANT: The code below shouldn't be used on production since the
 * image path resolution is vulnerable to directory traversal attacks.
 */

 add_action(
 	'init',
 	function() {
 		// https://example.com/cdn-cgi/image/abc123/quality=90,width=120/wp-content/uploads/sites/11/2024/11/example.jpeg
 		add_rewrite_rule( 'cdn-cgi/image/([^/]+)/([^/]+)/?(.+)/?$', 'index.php?cf_image_account_id=$matches[1]&cf_image_options=$matches[2]&cf_image_url=$matches[3]', 'top' );
 	}
 );

 add_filter(
 	'query_vars',
 	function( $query_vars ) {
 		return array_merge(
 			$query_vars,
 			[ 'cf_image_account_id', 'cf_image_options', 'cf_image_url' ]
 		);
 	}
 );

 add_action(
 	'template_redirect',
 	function () {
 		$account_id = get_query_var( 'cf_image_account_id' );

 		if ( ! $account_id ) {
 			return;
 		}

 		$options = array_reduce(
 			explode( ',', urldecode( get_query_var( 'cf_image_options' ) ) ),
 			function( $carry, $item ) {
 				$pair = explode( '=', $item );
 				$carry[ $pair[0] ] = is_numeric( $pair[1] ) ? (int) $pair[1] : $pair[1];
 				return $carry;
 			},
 			[]
 		);

 		$options = wp_parse_args(
 			$options,
 			[
 				'quality' => null,
 				'width' => null,
 				'height' => null,
 			]
 		);

 		$image_url = urldecode( get_query_var( 'cf_image_url' ) );
 		$image_path = sprintf( '%s/%s', dirname( WP_CONTENT_DIR ), ltrim( $image_url, '/' ) ); // TODO: Prevent directory traversal attacks.

 		if ( is_readable( $image_path ) ) {
 			$image = wp_get_image_editor( $image_path );

 			if ( $options['width'] || $options['height'] ) {
 				$image->resize( $options['width'], $options['height'], true );
 			}

 			$image->stream();
 			exit;
 		}
 	}
 );
	<?php
	/**
	* Plugin Name: Cloudflare Image API Mock
	* Description: Replicate Cloudflare Image API functionality locally.
	*
	* IMPORTANT: The code below shouldn't be used on production since the
	* image path resolution is vulnerable to directory traversal attacks.
	*/

	add_action(
	'init',
	function() {
	// https://example.com/cdn-cgi/image/abc123/quality=90,width=120/wp-content/uploads/sites/11/2024/11/example.jpeg
	add_rewrite_rule( 'cdn-cgi/image/([^/]+)/([^/]+)/?(.+)/?$', 'index.php?cf_image_account_id=$matches[1]&cf_image_options=$matches[2]&cf_image_url=$matches[3]', 'top' );
	}
	);

	add_filter(
	'query_vars',
	function( $query_vars ) {
	return array_merge(
	$query_vars,
	[ 'cf_image_account_id', 'cf_image_options', 'cf_image_url' ]
	);
	}
	);

	add_action(
	'template_redirect',
	function () {
	$account_id = get_query_var( 'cf_image_account_id' );

	if ( ! $account_id ) {
	return;
	}

	$options = array_reduce(
	explode( ',', urldecode( get_query_var( 'cf_image_options' ) ) ),
	function( $carry, $item ) {
	$pair = explode( '=', $item );
	$carry[ $pair[0] ] = is_numeric( $pair[1] ) ? (int) $pair[1] : $pair[1];
	return $carry;
	},
	[]
	);

	$options = wp_parse_args(
	$options,
	[
	'quality' => null,
	'width' => null,
	'height' => null,
	]
	);

	$image_url = urldecode( get_query_var( 'cf_image_url' ) );
	$image_path = sprintf( '%s/%s', dirname( WP_CONTENT_DIR ), ltrim( $image_url, '/' ) ); // TODO: Prevent directory traversal attacks.

	if ( is_readable( $image_path ) ) {
	$image = wp_get_image_editor( $image_path );

	if ( $options['width'] \|\| $options['height'] ) {
	$image->resize( $options['width'], $options['height'], true );
	}

	$image->stream();
	exit;
	}
	}
	);