diff --git a/editor/extensions/allowedMimeTypes.php b/editor/extensions/allowedMimeTypes.php new file mode 100644 index 00000000..cad3050c --- /dev/null +++ b/editor/extensions/allowedMimeTypes.php @@ -0,0 +1,11 @@ + 'image/svg+xml', + 'png' => 'image/png', + 'jpeg' => 'image/jpeg', + 'bmp' => 'image/bmp', + 'webp' => 'image/webp' +); + +?> \ No newline at end of file diff --git a/editor/extensions/fileopen.php b/editor/extensions/fileopen.php index 28ecb8ca..ff9a0cb3 100644 --- a/editor/extensions/fileopen.php +++ b/editor/extensions/fileopen.php @@ -12,20 +12,24 @@ // Very minimal PHP file, all we do is Base64 encode the uploaded file and // return it to the editor - $file = $_FILES['svg_file']['tmp_name']; - - $output = file_get_contents($file); - $type = $_REQUEST['type']; if (!in_array($type, array('load_svg', 'import_svg', 'import_img'))) { exit; } + require('allowedMimeTypes.php'); + + $file = $_FILES['svg_file']['tmp_name']; + + $output = file_get_contents($file); $prefix = ''; // Make Data URL prefix for import image if($type == 'import_img') { $info = getimagesize($file); + if (!in_array($info['mime'], $allowedMimeTypesBySuffix)) { + exit; + } $prefix = 'data:' . $info['mime'] . ';base64,'; } ?> @@ -33,7 +37,12 @@ diff --git a/editor/extensions/filesave.php b/editor/extensions/filesave.php index 998c12de..0bca52ee 100644 --- a/editor/extensions/filesave.php +++ b/editor/extensions/filesave.php @@ -9,13 +9,7 @@ * */ -$allowedMimeTypesBySuffix = array( - 'svg' => 'image/svg+xml', - 'png' => 'image/png', - 'jpeg' => 'image/jpeg', - 'bmp' => 'image/bmp', - 'webp' => 'image/webp' -); +require('allowedMimeTypes.php'); $mime = !isset($_POST['mime']) || !in_array($_POST['mime'], $allowedMimeTypesBySuffix) ? 'image/svg+xml' : $_POST['mime'];