Filter out bad MIME types from fileopen.php and share allowable array with filesave.php

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2617 eee81c28-f429-11dd-99c0-75d572ba1ddd

editor/extensions/allowedMimeTypes.php

@@ -0,0 +1,11 @@
+<?php
+
+$allowedMimeTypesBySuffix = array(
+    'svg' => 'image/svg+xml',
+    'png' => 'image/png',
+    'jpeg' => 'image/jpeg',
+    'bmp' => 'image/bmp',
+    'webp' => 'image/webp'
+);
+
+?>

editor/extensions/fileopen.php

@@ -12,20 +12,24 @@
 	// Very minimal PHP file, all we do is Base64 encode the uploaded file and
 	// return it to the editor
 	
-	$file = $_FILES['svg_file']['tmp_name'];
-	
-	$output = file_get_contents($file);
-	
 	$type = $_REQUEST['type'];
 	if (!in_array($type, array('load_svg', 'import_svg', 'import_img'))) {
 		exit;
 	}
+	require('allowedMimeTypes.php');
+	
+	$file = $_FILES['svg_file']['tmp_name'];
+	
+	$output = file_get_contents($file);
 	
 	$prefix = '';
 	
 	// Make Data URL prefix for import image
 	if($type == 'import_img') {
 		$info = getimagesize($file);
+		if (!in_array($info['mime'], $allowedMimeTypesBySuffix)) {
+			exit;
+		}
 		$prefix = 'data:' . $info['mime'] . ';base64,';
 	}
 ?>
@@ -33,7 +37,12 @@
 <head>
 <meta charset="utf-8" />
 <script>
-window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo $type; ?>");
+window.top.window.svgEditor.processFile("<?php 
+
+// This should be safe since SVG edit does its own filtering (e.g., if an SVG file contains scripts)
+echo $prefix . base64_encode($output);
+
+?>", "<?php echo $type; ?>");
 </script>
 </head><body></body>
 </html>

editor/extensions/filesave.php

@@ -9,13 +9,7 @@
  *
  */
 
-$allowedMimeTypesBySuffix = array(
-    'svg' => 'image/svg+xml',
-    'png' => 'image/png',
-    'jpeg' => 'image/jpeg',
-    'bmp' => 'image/bmp',
-    'webp' => 'image/webp'
-);
+require('allowedMimeTypes.php');
 
 $mime = !isset($_POST['mime']) || !in_array($_POST['mime'], $allowedMimeTypesBySuffix) ? 'image/svg+xml' : $_POST['mime'];