Merge

main/inc/lib/svg-edit/extensions/fileopen.php

@@ -49,17 +49,15 @@ $filename = Security::remove_XSS($filename);
 $filename = replace_dangerous_char($filename, 'strict');
 $filename = disable_dangerous_file($filename);	
 	
-
 //a bit mime security
-$finfo = new finfo(FILEINFO_MIME);
-$current_mime=$finfo->buffer($contents);
-
+$current_mime = $_FILES['svg_file']['type'];
 $mime_svg='image/svg+xml';
 $mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii.
 	
 if(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg'){
 	die();//File extension does not match its content
 }
+
 ?>
 
 <script>

main/inc/lib/svg-edit/extensions/filesave.php

@@ -79,8 +79,11 @@ $filename = replace_dangerous_char($filename, 'strict');
 $filename = disable_dangerous_file($filename);
 
 //a bit mime security
+
+if (phpversion() >= '5.3') {
 	$finfo = new finfo(FILEINFO_MIME);
 	$current_mime=$finfo->buffer($contents);
+	finfo_close($finfo);
 	$mime_png='image/png';//svg-edit return image/png; charset=binary 
 	$mime_svg='image/svg+xml';
 	$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
@@ -92,6 +95,13 @@ if(strpos($current_mime, $mime_png)===false && $extension=='png')
 	{
 		die();//File extension does not match its content
 	}
+}else{
+	
+	if($suffix!= 'svg' || $suffix!= 'png')
+	{
+		die();
+	}
+}
 
 //checks if the file exists, then rename the new
 if(file_exists($saveDir.'/'.$filename.$i.'.'.$extension) && $currentTool=='document/createdraw'){