Change-Id: I30524491d0cba41c432d100ce2777a17e7d00c72changes/57/20657/2
Irina Peshinskaya
8 years ago
parent
c7d14e50ae
commit
8874ad37a4
@ -1,12 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
$allowedMimeTypesBySuffix = array(
|
|
||||||
'svg' => 'image/svg+xml;charset=UTF-8',
|
|
||||||
'png' => 'image/png',
|
|
||||||
'jpeg' => 'image/jpeg',
|
|
||||||
'bmp' => 'image/bmp',
|
|
||||||
'webp' => 'image/webp',
|
|
||||||
'pdf' => 'application/pdf'
|
|
||||||
);
|
|
||||||
|
|
||||||
?>
|
|
||||||
@ -1,56 +0,0 @@
|
|||||||
<!DOCTYPE html>
|
|
||||||
<?php
|
|
||||||
/*
|
|
||||||
* fileopen.php
|
|
||||||
* To be used with ext-server_opensave.js for SVG-edit
|
|
||||||
*
|
|
||||||
* Licensed under the MIT License
|
|
||||||
*
|
|
||||||
* Copyright(c) 2010 Alexis Deveria
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
// Very minimal PHP file, all we do is Base64 encode the uploaded file and
|
|
||||||
// return it to the editor
|
|
||||||
|
|
||||||
if (!isset($_REQUEST['type'])) {
|
|
||||||
echo "No type given";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
$type = $_REQUEST['type'];
|
|
||||||
if (!in_array($type, array('load_svg', 'import_svg', 'import_img'))) {
|
|
||||||
echo "Not a recognized type";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
require('allowedMimeTypes.php');
|
|
||||||
|
|
||||||
$file = $_FILES['svg_file']['tmp_name'];
|
|
||||||
|
|
||||||
$output = file_get_contents($file);
|
|
||||||
|
|
||||||
$prefix = '';
|
|
||||||
|
|
||||||
// Make Data URL prefix for import image
|
|
||||||
if ($type == 'import_img') {
|
|
||||||
$info = getimagesize($file);
|
|
||||||
if (!in_array($info['mime'], $allowedMimeTypesBySuffix)) {
|
|
||||||
echo "Disallowed MIME for supplied file";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
$prefix = 'data:' . $info['mime'] . ';base64,';
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
||||||
<head>
|
|
||||||
<meta charset="utf-8" />
|
|
||||||
<script>
|
|
||||||
|
|
||||||
top.svgEditor.processFile("<?php
|
|
||||||
|
|
||||||
// This should be safe since SVG edit does its own filtering (e.g., if an SVG file contains scripts)
|
|
||||||
echo $prefix . base64_encode($output);
|
|
||||||
|
|
||||||
?>", "<?php echo $type; ?>");
|
|
||||||
</script>
|
|
||||||
</head><body></body>
|
|
||||||
</html>
|
|
||||||
@ -1,60 +0,0 @@
|
|||||||
<?php
|
|
||||||
/*
|
|
||||||
* filesave.php
|
|
||||||
* To be used with ext-server_opensave.js for SVG-edit
|
|
||||||
*
|
|
||||||
* Licensed under the MIT License
|
|
||||||
*
|
|
||||||
* Copyright(c) 2010 Alexis Deveria
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
function encodeRFC5987ValueChars ($str) {
|
|
||||||
// See http://tools.ietf.org/html/rfc5987#section-3.2.1
|
|
||||||
// For better readability within headers, add back the characters escaped by rawurlencode but still allowable
|
|
||||||
// Although RFC3986 reserves "!" (%21), RFC5987 does not
|
|
||||||
return preg_replace_callback('@%(2[1346B]|5E|60|7C)@', function ($matches) {
|
|
||||||
return chr('0x' . $matches[1]);
|
|
||||||
}, rawurlencode($str));
|
|
||||||
}
|
|
||||||
|
|
||||||
require('allowedMimeTypes.php');
|
|
||||||
|
|
||||||
$mime = (!isset($_POST['mime']) || !in_array($_POST['mime'], $allowedMimeTypesBySuffix)) ? 'image/svg+xml;charset=UTF-8' : $_POST['mime'];
|
|
||||||
|
|
||||||
if (!isset($_POST['output_svg']) && !isset($_POST['output_img'])) {
|
|
||||||
die('post fail');
|
|
||||||
}
|
|
||||||
|
|
||||||
$file = '';
|
|
||||||
|
|
||||||
$suffix = '.' . array_search($mime, $allowedMimeTypesBySuffix);
|
|
||||||
|
|
||||||
if (isset($_POST['filename']) && strlen($_POST['filename']) > 0) {
|
|
||||||
$file = $_POST['filename'] . $suffix;
|
|
||||||
} else {
|
|
||||||
$file = 'image' . $suffix;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($suffix == '.svg') {
|
|
||||||
$contents = $_POST['output_svg'];
|
|
||||||
} else {
|
|
||||||
$contents = $_POST['output_img'];
|
|
||||||
$pos = (strpos($contents, 'base64,') + 7);
|
|
||||||
$contents = base64_decode(substr($contents, $pos));
|
|
||||||
}
|
|
||||||
|
|
||||||
header("Cache-Control: public");
|
|
||||||
header("Content-Description: File Transfer");
|
|
||||||
|
|
||||||
// See http://tools.ietf.org/html/rfc6266#section-4.1
|
|
||||||
header("Content-Disposition: attachment; filename*=UTF-8''" . encodeRFC5987ValueChars(
|
|
||||||
// preg_replace('@[\\\\/:*?"<>|]@', '', $file) // If we wanted to strip Windows-disallowed characters server-side (but not a security issue, so we can strip client-side instead)
|
|
||||||
$file
|
|
||||||
));
|
|
||||||
header("Content-Type: " . $mime);
|
|
||||||
header("Content-Transfer-Encoding: binary");
|
|
||||||
|
|
||||||
echo $contents;
|
|
||||||
|
|
||||||
?>
|
|
||||||
@ -1,16 +0,0 @@
|
|||||||
<?php
|
|
||||||
// You must first create a file "savefile_config.php" in this extensions directory and do whatever
|
|
||||||
// checking of user credentials, etc. that you wish; otherwise anyone will be able to post SVG
|
|
||||||
// files to your server which may cause disk space or possibly security problems
|
|
||||||
require('savefile_config.php');
|
|
||||||
if (!isset($_POST['output_svg'])) {
|
|
||||||
print "You must supply output_svg";
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
$svg = $_POST['output_svg'];
|
|
||||||
$filename = (isset($_POST['filename']) && !empty($_POST['filename']) ? preg_replace('@[\\\\/:*?"<>|]@u', '_', $_POST['filename']) : 'saved') . '.svg'; // These characters are indicated as prohibited by Windows
|
|
||||||
|
|
||||||
$fh = fopen($filename, 'w') or die("Can't open file");
|
|
||||||
fwrite($fh, $svg);
|
|
||||||
fclose($fh);
|
|
||||||
?>
|
|
||||||
Loading…
Reference in new issue