Bugfix: Fix getsvgsize in some cases
This commit is contained in:
parent
4f9f3cb395
commit
fba0636938
GPG Key ID:
1BE5172E637709C2
|
|
@ -6,6 +6,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
### Fixed
|
||||
- Properly escaped content of short code box on file pages
|
||||
- Display a more meaningful message to a logged in user if editing is disabled
|
||||
- Fixed fetching the size of SVGs in some cases
|
||||
|
||||
### Changed
|
||||
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
||||
|
|
|
|||
|
|
@ -4845,7 +4845,7 @@ function stats_save($stats)
|
|||
|
||||
register_module([
|
||||
"name" => "Uploader",
|
||||
"version" => "0.5.12",
|
||||
"version" => "0.5.13",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
||||
"id" => "feature-upload",
|
||||
|
|
@ -5470,8 +5470,11 @@ function upload_check_svg($temp_filename)
|
|||
*/
|
||||
function getsvgsize($svgFilename)
|
||||
{
|
||||
global $settings;
|
||||
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
||||
$svg = simplexml_load_file($svgFilename); // Load it as XML
|
||||
$rawSvg = file_get_contents($svgFilename);
|
||||
$svg = simplexml_load_string($rawSvg); // Load it as XML
|
||||
unset($rawSvg);
|
||||
if($svg === false)
|
||||
{
|
||||
http_response_code(415);
|
||||
|
|
|
|||
|
|
@ -118,11 +118,11 @@
|
|||
},
|
||||
{
|
||||
"name": "Uploader",
|
||||
"version": "0.5.12",
|
||||
"version": "0.5.13",
|
||||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
|
||||
"id": "feature-upload",
|
||||
"lastupdate": 1514762001,
|
||||
"lastupdate": 1517060131,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Uploader",
|
||||
"version" => "0.5.12",
|
||||
"version" => "0.5.13",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
||||
"id" => "feature-upload",
|
||||
|
|
@ -626,8 +626,11 @@ function upload_check_svg($temp_filename)
|
|||
*/
|
||||
function getsvgsize($svgFilename)
|
||||
{
|
||||
global $settings;
|
||||
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
||||
$svg = simplexml_load_file($svgFilename); // Load it as XML
|
||||
$rawSvg = file_get_contents($svgFilename);
|
||||
$svg = simplexml_load_string($rawSvg); // Load it as XML
|
||||
unset($rawSvg);
|
||||
if($svg === false)
|
||||
{
|
||||
http_response_code(415);
|
||||
|
|
|
|||
Loading…
Reference in New Issue