Delete old insecure server-save PHP in favor of a new php-savefile extension which requires addition by user of a configuration page "savefile_config.php" in order to work (and where the user should do their own validation). Add this config file and "saved.svg" (the default name when no filename is supplied) to SVN ignore list.
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2658 eee81c28-f429-11dd-99c0-75d572ba1dddmaster
Brett Zamir
parent
515de36d65
commit
7fc5c51d66
|
|
@ -0,0 +1,24 @@
|
||||||
|
/*globals $, svgCanvas, svgEditor*/
|
||||||
|
/*jslint regexp:true*/
|
||||||
|
svgEditor.addExtension("php_savefile", {
|
||||||
|
callback: function() {
|
||||||
|
'use strict';
|
||||||
|
function getFileNameFromTitle () {
|
||||||
|
var title = svgCanvas.getDocumentTitle();
|
||||||
|
return $.trim(title); // .replace(/[^a-z0-9\.\_\-]+/gi, '_'); // We could do this more stringent client-side filtering, but we need to do on the server anyways
|
||||||
|
}
|
||||||
|
var save_svg_action = 'extensions/savefile.php';
|
||||||
|
svgEditor.setCustomHandlers({
|
||||||
|
save: function(win, data) {
|
||||||
|
var svg = "<?xml version=\"1.0\"?>\n" + data,
|
||||||
|
filename = getFileNameFromTitle();
|
||||||
|
|
||||||
|
$.post(save_svg_action, {output_svg: svg, filename: filename});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
this.saveHandler = function(svg) {'use strict';
|
||||||
|
$.post("svg-editor-save.php", {svg_data: svg});
|
||||||
|
};
|
||||||
|
|
@ -0,0 +1,17 @@
|
||||||
|
<?php
|
||||||
|
// You must first create a file "savefile_config.php" in this extensions directory and do whatever
|
||||||
|
// checking of user credentials, etc. that you wish; otherwise anyone will be able to post SVG
|
||||||
|
// files to your server which may cause disk space or possibly security problems
|
||||||
|
require('savefile_config.php');
|
||||||
|
if (!isset($_POST['output_svg'])) {
|
||||||
|
print "You must supply output_svg";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
$svg = $_POST['output_svg'];
|
||||||
|
$filename = (isset($_POST['filename']) && !empty($_POST['filename']) ? preg_replace('@[\\\\/:*?"<>|]@', '_', urldecode($_POST['filename'])) : 'saved') . '.svg'; // These characters are indicated as prohibited by Windows
|
||||||
|
$output_svg = urldecode($svg);
|
||||||
|
$file = $filename;
|
||||||
|
$fh = fopen($file, 'w') or die("Can't open file");
|
||||||
|
fwrite($fh, $output_svg);
|
||||||
|
fclose($fh);
|
||||||
|
?>
|
||||||
|
|
@ -1,8 +0,0 @@
|
||||||
Usage:
|
|
||||||
|
|
||||||
1) copy file svg-editor-save.php into the directory
|
|
||||||
|
|
||||||
2) edit the end of the svgcanvas.js and change this.saveHandler method
|
|
||||||
into the method described in svg-editor-save.js
|
|
||||||
|
|
||||||
3) now the drawings will be saved into the file named saved.svg
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
||||||
/*globals $*/
|
|
||||||
this.saveHandler = function(svg) {'use strict';
|
|
||||||
$.post("svg-editor-save.php", {svg_data: svg});
|
|
||||||
};
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
||||||
<?php
|
|
||||||
$svg = $_REQUEST['svg_data'];
|
|
||||||
$svg_data = urldecode($svg);
|
|
||||||
$file = 'saved.svg';
|
|
||||||
$fh = fopen($file, 'w') or die("Can't open file");
|
|
||||||
fwrite($fh, $svg_data);
|
|
||||||
fclose($fh);
|
|
||||||
?>
|
|
||||||
Loading…
Reference in New Issue