Merge

15 years ago · 3431687f7e
parent df2b3bf44b 82e7ba070e
commit 3431687f7e
2 changed files with 28 additions and 20 deletions
--- a/main/inc/lib/svg-edit/extensions/fileopen.php
+++ b/main/inc/lib/svg-edit/extensions/fileopen.php
@ -47,19 +47,17 @@ if(!isset($_FILES['svg_file']['tmp_name'])) {
 $filename = addslashes(trim($file));
 $filename = Security::remove_XSS($filename);
 $filename = replace_dangerous_char($filename, 'strict');
-$filename = disable_dangerous_file($filename);
+$filename = disable_dangerous_file($filename);	
-
+	
 //a bit mime security
-$finfo = new finfo(FILEINFO_MIME);
+$current_mime = $_FILES['svg_file']['type'];
 $current_mime=$finfo->buffer($contents);
 $mime_svg='image/svg+xml';
 $mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii.
-
+	
 if(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg'){
 	die();//File extension does not match its content
 }
 ?>
 <script>
--- a/main/inc/lib/svg-edit/extensions/filesave.php
+++ b/main/inc/lib/svg-edit/extensions/filesave.php
@ -58,7 +58,7 @@ $title = Database::escape_string(str_replace('_',' ',$filename));
 //get Chamilo variables 
-if(!isset($_SESSION['draw_dir']) ||!isset($_SESSION['whereami']) )
+if(!isset($_SESSION['draw_dir']) || !isset($_SESSION['whereami']) )
 {
 	api_not_allowed(false);//from Chamilo
 	die();	
@ -79,18 +79,28 @@ $filename = replace_dangerous_char($filename, 'strict');
 $filename = disable_dangerous_file($filename);
 //a bit mime security
-$finfo = new finfo(FILEINFO_MIME);
+
-$current_mime=$finfo->buffer($contents);
+if (phpversion() >= '5.3') {
-$mime_png='image/png';//svg-edit return image/png; charset=binary 
+	$finfo = new finfo(FILEINFO_MIME);
-$mime_svg='image/svg+xml';
+	$current_mime=$finfo->buffer($contents);
-$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
+	finfo_close($finfo);
-  
+	$mime_png='image/png';//svg-edit return image/png; charset=binary 
-if(strpos($current_mime, $mime_png)===false && $extension=='png')
+	$mime_svg='image/svg+xml';
-{
+	$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
-	die();//File extension does not match its content
+	  
-}elseif(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg')
+	if(strpos($current_mime, $mime_png)===false && $extension=='png')
-{
+	{
-	die();//File extension does not match its content
+		die();//File extension does not match its content
 	}elseif(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg')
 	{
 		die();//File extension does not match its content
 	}
 }else{
 	if($suffix!= 'svg' || $suffix!= 'png')
 	{
 		die();
 	}
 }
 //checks if the file exists, then rename the new