fix save pixlr logic control

skala
Juan Carlos Raña 13 years ago
parent 07fd93b3d2
commit 0a02c0583b
  1. 12
      main/document/save_pixlr.php

@ -17,8 +17,9 @@ require_once api_get_path(LIBRARY_PATH).'document.lib.php';
api_protect_course_script();
api_block_anonymous_users();
var_dump($_GET);
if(!isset($_GET['title']) && !isset($_GET['type']) && !isset($_GET['image'])) {
if(!isset($_GET['title']) || !isset($_GET['type']) || !isset($_GET['image'])) {
api_not_allowed();
die();
}
@ -42,8 +43,10 @@ $relativeUrlPath=$_SESSION['paint_dir'];
$currentTool=$_SESSION['whereami'];
$dirBaseDocuments = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
$saveDir=$dirBaseDocuments.$_SESSION['paint_dir'];
$contents = file_get_contents($urlcontents);
//Verify that the URL is pointing to a file @ pixlr.com domain or an ip @ pixlr.com
/*
$urlcontents1='http://pixlr.com/';
@ -52,6 +55,11 @@ $urlcontents_to_save=$urlcontents1.$urlcontents2;
$contents = file_get_contents($urlcontents_to_save);//replace line 45.
*/
if ($contents === false) {
echo "I cannot read: ".$urlcontents;
exit;
}
//Verify that the file is an image
$headers = get_headers($urlcontents, 1);
$content_type = explode("/", $headers['Content-Type']);
@ -60,6 +68,8 @@ if ($content_type[0] != "image"){
exit;
}
//a bit title security
$filename = addslashes(trim($filename));
$filename = Security::remove_XSS($filename);

Loading…
Cancel
Save