1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-22 13:45:02 +00:00

Bugfix: Fix getsvgsize in some cases

This commit is contained in:
Starbeamrainbowlabs 2018-01-27 13:38:53 +00:00
parent 4f9f3cb395
commit fba0636938
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
4 changed files with 13 additions and 6 deletions

View file

@ -6,6 +6,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
### Fixed
- Properly escaped content of short code box on file pages
- Display a more meaningful message to a logged in user if editing is disabled
- Fixed fetching the size of SVGs in some cases
### Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.

View file

@ -4845,7 +4845,7 @@ function stats_save($stats)
register_module([
"name" => "Uploader",
"version" => "0.5.12",
"version" => "0.5.13",
"author" => "Starbeamrainbowlabs",
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
"id" => "feature-upload",
@ -5470,8 +5470,11 @@ function upload_check_svg($temp_filename)
*/
function getsvgsize($svgFilename)
{
global $settings;
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
$svg = simplexml_load_file($svgFilename); // Load it as XML
$rawSvg = file_get_contents($svgFilename);
$svg = simplexml_load_string($rawSvg); // Load it as XML
unset($rawSvg);
if($svg === false)
{
http_response_code(415);

View file

@ -118,11 +118,11 @@
},
{
"name": "Uploader",
"version": "0.5.12",
"version": "0.5.13",
"author": "Starbeamrainbowlabs",
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
"id": "feature-upload",
"lastupdate": 1514762001,
"lastupdate": 1517060131,
"optional": false
},
{

View file

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Uploader",
"version" => "0.5.12",
"version" => "0.5.13",
"author" => "Starbeamrainbowlabs",
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
"id" => "feature-upload",
@ -626,8 +626,11 @@ function upload_check_svg($temp_filename)
*/
function getsvgsize($svgFilename)
{
global $settings;
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
$svg = simplexml_load_file($svgFilename); // Load it as XML
$rawSvg = file_get_contents($svgFilename);
$svg = simplexml_load_string($rawSvg); // Load it as XML
unset($rawSvg);
if($svg === false)
{
http_response_code(415);