chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #2044 add support for php < 5.3

Browse Source
skala
Juan Carlos Raña 15 years ago
parent 634557618a
commit 82e7ba070e
2 changed files with 28 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 12
      main/inc/lib/svg-edit/extensions/fileopen.php
  2. 36
      main/inc/lib/svg-edit/extensions/filesave.php

12
main/inc/lib/svg-edit/extensions/fileopen.php
Unescape View File

@ -47,19 +47,17 @@ if(!isset($_FILES['svg_file']['tmp_name'])) {
$filename = addslashes(trim($file));
$filename = Security::remove_XSS($filename);
$filename = replace_dangerous_char($filename, 'strict');
$filename = disable_dangerous_file($filename);
$filename = disable_dangerous_file($filename);
//a bit mime security
$finfo = new finfo(FILEINFO_MIME);
$current_mime=$finfo->buffer($contents);
$current_mime = $_FILES['svg_file']['type'];
$mime_svg='image/svg+xml';
$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii.
if(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg'){
die();//File extension does not match its content
}
?>
<script>

36
main/inc/lib/svg-edit/extensions/filesave.php
Unescape View File

@ -58,7 +58,7 @@ $title = Database::escape_string(str_replace('_',' ',$filename));
//get Chamilo variables
if(!isset($_SESSION['draw_dir']) ||!isset($_SESSION['whereami']) )
if(!isset($_SESSION['draw_dir']) || !isset($_SESSION['whereami']) )
{
api_not_allowed(false);//from Chamilo
die();
@ -79,18 +79,28 @@ $filename = replace_dangerous_char($filename, 'strict');
$filename = disable_dangerous_file($filename);
//a bit mime security
$finfo = new finfo(FILEINFO_MIME);
$current_mime=$finfo->buffer($contents);
$mime_png='image/png';//svg-edit return image/png; charset=binary
$mime_svg='image/svg+xml';
$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
if(strpos($current_mime, $mime_png)===false && $extension=='png')
{
die();//File extension does not match its content
}elseif(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg')
{
die();//File extension does not match its content
if (phpversion() >= '5.3') {
$finfo = new finfo(FILEINFO_MIME);
$current_mime=$finfo->buffer($contents);
finfo_close($finfo);
$mime_png='image/png';//svg-edit return image/png; charset=binary
$mime_svg='image/svg+xml';
$mime_xml='application/xml';//hack for svg-edit because original code return application/xml; charset=us-ascii. See
if(strpos($current_mime, $mime_png)===false && $extension=='png')
{
die();//File extension does not match its content
}elseif(strpos($current_mime, $mime_svg)===false && strpos($current_mime, $mime_xml)===false && $extension=='svg')
{
die();//File extension does not match its content
}
}else{
if($suffix!= 'svg' || $suffix!= 'png')
{
die();
}
}
//checks if the file exists, then rename the new

Write Preview
Loading…
Cancel
Save