zcy
/
svgedit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
svgedit/editor/extensions/savefile.php

17 lines
744 B
PHP
Raw Normal View History

Delete old insecure server-save PHP in favor of a new php-savefile extension which requires addition by user of a configuration page "savefile_config.php" in order to work (and where the user should do their own validation). Add this config file and "saved.svg" (the default name when no filename is supplied) to SVN ignore list. git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2658 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 12:58:16 +00:00
<?php
// You must first create a file "savefile_config.php" in this extensions directory and do whatever
// checking of user credentials, etc. that you wish; otherwise anyone will be able to post SVG
// files to your server which may cause disk space or possibly security problems
require('savefile_config.php');
if (!isset($_POST['output_svg'])) {
print "You must supply output_svg";
exit;
}
$svg = $_POST['output_svg'];
Avoid URL decoding; remove dead code; add encoding to XML Declaration in php_savefile extension git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2663 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-02-01 16:42:46 +00:00
$filename = (isset($_POST['filename']) && !empty($_POST['filename']) ? preg_replace('@[\\\\/:*?"<>|]@u', '_', $_POST['filename']) : 'saved') . '.svg'; // These characters are indicated as prohibited by Windows
$fh = fopen($filename, 'w') or die("Can't open file");
fwrite($fh, $svg);
Delete old insecure server-save PHP in favor of a new php-savefile extension which requires addition by user of a configuration page "savefile_config.php" in order to work (and where the user should do their own validation). Add this config file and "saved.svg" (the default name when no filename is supplied) to SVN ignore list. git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2658 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 12:58:16 +00:00
fclose($fh);
?>