Served images through PHP won't load in Shadowbox

Question

I've been using shadowbox without issue on my sites without issue for a while now. I've created a PHP file to serve media content from a protected folder. Here is what is in the download.php:

<?php
$fullpath="/home/user/media/image1.jpg";
header("Content-Type: image/jpeg");
header('Content-Transfer-Encoding: binary');
header('Content-Disposition: inline; filename='.basename($filename));    
header("Content-Length: " . filesize($fullpath));
readfile($fullpath);
exit;
?>

This works well if I call it using an IMG tag or try and download the image. For example:

<img src="download.php?id=123" />

However, if I use shadowbox the browser darkens and I don't even get a loading animation and nothing displays.

<a href="download.php?id=358" rel="shadowbox[test]"><img src="download.php?id=358"/></a>

The image will display fine with the example above, but the shadowbox won't load when clicked.

Thanks in advance!

Answer 1

Wouldn't turning php on on images at the htaccess level be a huge security risk?

Answer 2

The problem—for your case—is, Shadowbox check for file extension before fetching the content. If you search inside shadowbox.js (try search for img.ext), you will find this somewhere:

img.ext=["bmp","gif","jpg","jpeg","png"];

So, you could try adding PHP to loosen it a bit and Shadowbox will happily grab your image:

img.ext=["bmp","gif","jpg","jpeg","png","php"];

Or, you could save your php file as jpg (sounds weird, no?) and force the server to process it as a php file. For example, if you use Apache and .htaccess is allowed, you could try creating .htaccess (or adding these line to existing .htaccess file) with:

<files download.jpg>
  ForceType application/x-httpd-php
</files>