it fails to resize https images

[x-yuri]

Steps to reproduce:

$ curl -LJO https://imagesus-ssl.homeaway.com/mda01/4131c76c-885e-4f85-b601-a86c8fe9ce64.1.9
$ mv 4131c76c-885e-4f85-b601-a86c8fe9ce64.1.9 4131c76c-885e-4f85-b601-a86c8fe9ce64.1.9.jpeg
$ curl -LJO https://github.com/JamesHeinrich/phpThumb/archive/v1.7.13.zip
$ unzip phpThumb-1.7.13.zip
$ mv phpThumb-1.7.13/phpThumb.config.php.default phpThumb-1.7.13/phpThumb.config.php

set high_security_password, and nohotlink_enabled to false

$ chgrp http phpThumb-1.7.13/cache
$ cat 1.php
<?php

$v = 'master';
$v = '1.7.13';
require './phpThumb-' . $v . '/phpThumb.config.php';
function img($url) {
    echo '<img src="'.htmlspecialchars(phpThumbURL(http_build_query([
        'src' => $url,
        'w' => 50,
    ]), '/phpThumb-' . $GLOBALS['v'] . '/phpThumb.php')).'">';
}
img('/4131c76c-885e-4f85-b601-a86c8fe9ce64.1.9.jpeg');
img('https://imagesus-ssl.homeaway.com/mda01/4131c76c-885e-4f85-b601-a86c8fe9ce64.1.9');

open /1.php in browser

The second img fails to resize. But if I enable debug mode (disable_debug = false), refresh the page, and disable it back again, both images are resized. From what I can tell, that happens because in debug mode it doesn't stop on encountering an error. That is, it's able to resize https images, but some supposedly security check prevents it from doing so.

I tried checking the master version (70c706f19dcbbcf5a6f7a91cea95e0fe2156ade0). But with with it even the local image resize fails.

After some debugging it turned out that this statement fails:

if ($rawImageData = phpthumb_functions::SafeURLread($phpThumb->src, $error, $phpThumb->config_http_fopen_timeout, $phpThumb->config_http_follow_redirect)) {

Because fgets returns FALSE:

$line = fgets($fp, 1024);

What is this block of code even trying to achieve? Can you suggest any workaround among other things?

On a side note, phpThumb-1.7.13 has phpThumb.config.php with define('phpThumbConfigFileVersion', '1.7.12'); in it.

[x-yuri]

I'm running php-5.6.15. Relevant part of phpinfo:

openssl

OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.2d 9 Jul 2015
OpenSSL Header Version  OpenSSL 1.0.2d 9 Jul 2015
Openssl default config  /etc/ssl/openssl.cnf
Directive   Local Value Master Value
openssl.cafile  no value    no value
openssl.capath  no value    no value

Additionally, searching in the project revealed, that OffsiteDomainIsAllowed is not always used.

[JamesHeinrich]

I'm on the road right now and not easily able to examine your issue. If you play with it and figure out what's causing the problem, please feel free to submit a patch.

[x-yuri]

That's probably not all there is to be changed. But here's what make it work for me:

--- phpThumb-1.7.13/phpthumb.functions.php      (revision 569)
+++ phpThumb-1.7.13/phpthumb.functions.php      (working copy)
@@ -634,7 +634,7 @@
                        $errstr = 'fsockopen() unavailable';
                        return false;
                }
-               if ($fp = @fsockopen($host, $port, $errno, $errstr, $timeout)) {
+               if ($fp = @fsockopen(($port == 443 ? 'ssl://' : '') . $host, $port, $errno, $errstr, $timeout)) {
                        $out  = 'GET '.$file.' HTTP/1.0'."\r\n";
                        $out .= 'Host: '.$host."\r\n";
                        $out .= 'Connection: Close'."\r\n\r\n";

There are two more occurrences of fsockopen in this same file.

P.S. Two links, just in case.

[JamesHeinrich]

Looks good enough for me, thanks.
I've added that as 4d2694f