$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS && $PHPTHUMB_CONFIG['cache_default_only_suffix']

[cschults]

My understanding is if $PHPTHUMB_CONFIG['cache_default_only_suffix'] is not empty, then only the config defaults ($PHPTHUMB_DEFAULTS) other than 'src' are used and the all other $_GET parameters are ignored.

So the following (line 320 of phpThumb.php) is set to TRUE in this case:

$PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = (bool) (!empty($PHPTHUMB_CONFIG['cache_default_only_suffix']) && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false));

Then lines 322 through 330 of phpThumb.php assign the values of $PHPTHUMB_DEFAULTS to their corresponding $_GET parameters:

if (!empty($PHPTHUMB_DEFAULTS) && is_array($PHPTHUMB_DEFAULTS)) {
    $phpThumb->DebugMessage('setting $PHPTHUMB_DEFAULTS['.implode(';', array_keys($PHPTHUMB_DEFAULTS)).']', __FILE__, __LINE__);
    foreach ($PHPTHUMB_DEFAULTS as $key => $value) {
        if ($PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) {
            $_GET[$key] = $value;
            $phpThumb->DebugMessage('PHPTHUMB_DEFAULTS assigning ('.(is_array($value) ? print_r($value, true) : $value).') to $_GET['.$key.']', __FILE__, __LINE__);
        }
    }
}

But then these $_GET parameters -- and thus the defaults -- are promptly ignored on lines 334 through 344.

foreach ($_GET as $key => $value) {
    if (!empty($PHPTHUMB_DEFAULTS_DISABLEGETPARAMS) && ($key != 'src')) {
        // disabled, do not set parameter
        $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
    } elseif (in_array($key, $allowedGETparameters)) {
        $phpThumb->DebugMessage('setParameter('.$key.', '.$phpThumb->phpThumbDebugVarDump($value).')', __FILE__, __LINE__);
        $phpThumb->setParameter($key, $value);
    } else {
        $phpThumb->ErrorImage('Forbidden parameter: '.$key);
    }
}

[JamesHeinrich]

Would you agree that swapping those two code blocks would solve the problem?

[cschults]

I could be wrong, but I think the source of the problem is the fact that the defaults are assigned to $_GET and this conditional statement that ignores them:

if (!empty($PHPTHUMB_DEFAULTS_DISABLEGETPARAMS) && ($key != 'src')) {
        // disabled, do not set parameter
        $phpThumb->DebugMessage('ignoring $_GET['.$key.'] because of $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS', __FILE__, __LINE__);
}

Perhaps remove the above IF statement and make the following edit (incorporating commit #5506a56):

if ($PHPTHUMB_DEFAULTS_DISABLEGETPARAMS || !$PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE || !isset($_GET[$key])) { // set parameter to default value if config is set to allow _GET to override default, OR if no value is passed via _GET for this parameter

Or maybe a slightly different approach, which is to remove that first conditional statement as described above, and then revise along these lines:

if ((!empty($PHPTHUMB_CONFIG['cache_default_only_suffix']) && (strpos($PHPTHUMB_CONFIG['cache_default_only_suffix'], '*') !== false))) {
  $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS = true; // effectively no change I believe
  $PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE = false; // overrides what may be in config file and makes sure defaults are used instead of URL parameters
}

This makes me wonder, if you remove that IF statement, is there even a need for $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS? Isn't it and $PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE essentially addressing the same need? Just set $PHPTHUMB_DEFAULTS_GETSTRINGOVERRIDE to 'false' if you want to ignore $_GET parameters.

[JamesHeinrich]

I'm going to go with my proposal of just swapping the code blocks for now. Perhaps I'm not thinking things through right (entirely possible) but please try it out and if it's not behaving as it should, please walk me through an example. https://github.com/JamesHeinrich/phpThumb/commit/77a0feb312599e78730cf8277e567bbfb092e599

[cschults]

The problem is still that $PHPTHUMB_DEFAULTS_DISABLEGETPARAMS is set to TRUE if $PHPTHUMB_CONFIG['cache_default_only_suffix'] is not empty. Thus, only the 'src' parameter will be set using the setParameter() method. Plus, moving the default config settings after the setParameter() call means they won't be used with processing the image.

[cschults]

I should note that I implemented my original idea noted above and it is working as expected.

[JamesHeinrich]

I'll go on the assumption that you've thought this through and tested it much better than I have, so please propose a pull/merge/patch against phpThumb.php and I'll merge it in, or if it's easier just email me ([email protected]) your current patched phpThumb.php