1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 17:23:00 +00:00

Bugfix: Fix getsvgsize in some cases

This commit is contained in:
Starbeamrainbowlabs 2018-01-27 13:38:53 +00:00
parent 4f9f3cb395
commit fba0636938
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
4 changed files with 13 additions and 6 deletions

View file

@ -6,6 +6,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
### Fixed ### Fixed
- Properly escaped content of short code box on file pages - Properly escaped content of short code box on file pages
- Display a more meaningful message to a logged in user if editing is disabled - Display a more meaningful message to a logged in user if editing is disabled
- Fixed fetching the size of SVGs in some cases
### Changed ### Changed
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`. - Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.

View file

@ -4845,7 +4845,7 @@ function stats_save($stats)
register_module([ register_module([
"name" => "Uploader", "name" => "Uploader",
"version" => "0.5.12", "version" => "0.5.13",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.", "description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
"id" => "feature-upload", "id" => "feature-upload",
@ -5470,8 +5470,11 @@ function upload_check_svg($temp_filename)
*/ */
function getsvgsize($svgFilename) function getsvgsize($svgFilename)
{ {
global $settings;
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152 libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
$svg = simplexml_load_file($svgFilename); // Load it as XML $rawSvg = file_get_contents($svgFilename);
$svg = simplexml_load_string($rawSvg); // Load it as XML
unset($rawSvg);
if($svg === false) if($svg === false)
{ {
http_response_code(415); http_response_code(415);

View file

@ -118,11 +118,11 @@
}, },
{ {
"name": "Uploader", "name": "Uploader",
"version": "0.5.12", "version": "0.5.13",
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.", "description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
"id": "feature-upload", "id": "feature-upload",
"lastupdate": 1514762001, "lastupdate": 1517060131,
"optional": false "optional": false
}, },
{ {

View file

@ -1,7 +1,7 @@
<?php <?php
register_module([ register_module([
"name" => "Uploader", "name" => "Uploader",
"version" => "0.5.12", "version" => "0.5.13",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.", "description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
"id" => "feature-upload", "id" => "feature-upload",
@ -626,8 +626,11 @@ function upload_check_svg($temp_filename)
*/ */
function getsvgsize($svgFilename) function getsvgsize($svgFilename)
{ {
global $settings;
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152 libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
$svg = simplexml_load_file($svgFilename); // Load it as XML $rawSvg = file_get_contents($svgFilename);
$svg = simplexml_load_string($rawSvg); // Load it as XML
unset($rawSvg);
if($svg === false) if($svg === false)
{ {
http_response_code(415); http_response_code(415);