|
|
|
|
@ -12,6 +12,8 @@ |
|
|
|
|
* @todo test and reorganise |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
use enshrined\svgSanitize\Sanitizer; |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Changes the file name extension from .php to .phps |
|
|
|
|
* Useful for securing a site. |
|
|
|
|
@ -191,6 +193,22 @@ function process_uploaded_file($uploaded_file, $show_output = true) |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
function sanitizeSvgFile(string $fullPath) |
|
|
|
|
{ |
|
|
|
|
$fileType = mime_content_type($fullPath); |
|
|
|
|
|
|
|
|
|
if ('image/svg+xml' !== $fileType) { |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
$svgContent = file_get_contents($fullPath); |
|
|
|
|
|
|
|
|
|
$sanitizer = new Sanitizer(); |
|
|
|
|
$cleanSvg = $sanitizer->sanitize($svgContent); |
|
|
|
|
|
|
|
|
|
file_put_contents($fullPath, $cleanSvg); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* This function does the save-work for the documents. |
|
|
|
|
* It handles the uploaded file and adds the properties to the database |
|
|
|
|
@ -394,6 +412,7 @@ function handle_uploaded_document( |
|
|
|
|
$fileExists = file_exists($fullPath); |
|
|
|
|
|
|
|
|
|
if (moveUploadedFile($uploadedFile, $fullPath)) { |
|
|
|
|
sanitizeSvgFile($fullPath); |
|
|
|
|
chmod($fullPath, $filePermissions); |
|
|
|
|
|
|
|
|
|
if ($fileExists && $docId) { |
|
|
|
|
@ -577,6 +596,7 @@ function handle_uploaded_document( |
|
|
|
|
$filePath = $uploadPath.$fileSystemName; |
|
|
|
|
|
|
|
|
|
if (moveUploadedFile($uploadedFile, $fullPath)) { |
|
|
|
|
sanitizeSvgFile($fullPath); |
|
|
|
|
chmod($fullPath, $filePermissions); |
|
|
|
|
// Put the document data in the database |
|
|
|
|
$documentId = add_document( |
|
|
|
|
|
Angel Fernando Quiroz Campos
2 years ago