Bugfix: Fix getsvgsize in some cases

Changelog.md

@@ -6,6 +6,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
 ### Fixed
  - Properly escaped content of short code box on file pages
  - Display a more meaningful message to a logged in user if editing is disabled
+ - Fixed fetching the size of SVGs in some cases
 
 ### Changed
  - Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.

build/index.php

@@ -4845,7 +4845,7 @@ function stats_save($stats)
 
 register_module([
 	"name" => "Uploader",
-	"version" => "0.5.12",
+	"version" => "0.5.13",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
 	"id" => "feature-upload",
@@ -5470,8 +5470,11 @@ function upload_check_svg($temp_filename)
  */
 function getsvgsize($svgFilename)
 {
+	global $settings;
 	libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
-	$svg = simplexml_load_file($svgFilename); // Load it as XML
+	$rawSvg = file_get_contents($svgFilename);
+	$svg = simplexml_load_string($rawSvg); // Load it as XML
+	unset($rawSvg);
 	if($svg === false)
 	{
 		http_response_code(415);

module_index.json

@@ -118,11 +118,11 @@
     },
     {
         "name": "Uploader",
-        "version": "0.5.12",
+        "version": "0.5.13",
         "author": "Starbeamrainbowlabs",
         "description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
         "id": "feature-upload",
-        "lastupdate": 1514762001,
+        "lastupdate": 1517060131,
         "optional": false
     },
     {

modules/feature-upload.php

@@ -1,7 +1,7 @@
 <?php
 register_module([
 	"name" => "Uploader",
-	"version" => "0.5.12",
+	"version" => "0.5.13",
 	"author" => "Starbeamrainbowlabs",
 	"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
 	"id" => "feature-upload",
@@ -626,8 +626,11 @@ function upload_check_svg($temp_filename)
  */
 function getsvgsize($svgFilename)
 {
+	global $settings;
 	libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
-	$svg = simplexml_load_file($svgFilename); // Load it as XML
+	$rawSvg = file_get_contents($svgFilename);
+	$svg = simplexml_load_string($rawSvg); // Load it as XML
+	unset($rawSvg);
 	if($svg === false)
 	{
 		http_response_code(415);