mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-25 17:23:00 +00:00
Bugfix: Fix getsvgsize in some cases
This commit is contained in:
parent
4f9f3cb395
commit
fba0636938
4 changed files with 13 additions and 6 deletions
|
@ -6,6 +6,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
||||||
### Fixed
|
### Fixed
|
||||||
- Properly escaped content of short code box on file pages
|
- Properly escaped content of short code box on file pages
|
||||||
- Display a more meaningful message to a logged in user if editing is disabled
|
- Display a more meaningful message to a logged in user if editing is disabled
|
||||||
|
- Fixed fetching the size of SVGs in some cases
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
- Disallow uploads if editing is disabled. Previously files could still be uploaded even if editing was disabled - unless `upload_enabled` was set to `false`.
|
||||||
|
|
|
@ -4845,7 +4845,7 @@ function stats_save($stats)
|
||||||
|
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "Uploader",
|
"name" => "Uploader",
|
||||||
"version" => "0.5.12",
|
"version" => "0.5.13",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
||||||
"id" => "feature-upload",
|
"id" => "feature-upload",
|
||||||
|
@ -5470,8 +5470,11 @@ function upload_check_svg($temp_filename)
|
||||||
*/
|
*/
|
||||||
function getsvgsize($svgFilename)
|
function getsvgsize($svgFilename)
|
||||||
{
|
{
|
||||||
|
global $settings;
|
||||||
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
||||||
$svg = simplexml_load_file($svgFilename); // Load it as XML
|
$rawSvg = file_get_contents($svgFilename);
|
||||||
|
$svg = simplexml_load_string($rawSvg); // Load it as XML
|
||||||
|
unset($rawSvg);
|
||||||
if($svg === false)
|
if($svg === false)
|
||||||
{
|
{
|
||||||
http_response_code(415);
|
http_response_code(415);
|
||||||
|
|
|
@ -118,11 +118,11 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "Uploader",
|
"name": "Uploader",
|
||||||
"version": "0.5.12",
|
"version": "0.5.13",
|
||||||
"author": "Starbeamrainbowlabs",
|
"author": "Starbeamrainbowlabs",
|
||||||
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
|
"description": "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File\/' prefix.",
|
||||||
"id": "feature-upload",
|
"id": "feature-upload",
|
||||||
"lastupdate": 1514762001,
|
"lastupdate": 1517060131,
|
||||||
"optional": false
|
"optional": false
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "Uploader",
|
"name" => "Uploader",
|
||||||
"version" => "0.5.12",
|
"version" => "0.5.13",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
"description" => "Adds the ability to upload files to Pepperminty Wiki. Uploaded files act as pages and have the special 'File/' prefix.",
|
||||||
"id" => "feature-upload",
|
"id" => "feature-upload",
|
||||||
|
@ -626,8 +626,11 @@ function upload_check_svg($temp_filename)
|
||||||
*/
|
*/
|
||||||
function getsvgsize($svgFilename)
|
function getsvgsize($svgFilename)
|
||||||
{
|
{
|
||||||
|
global $settings;
|
||||||
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
libxml_disable_entity_loader(true); // Ref: XXE Billion Laughs Attack, issue #152
|
||||||
$svg = simplexml_load_file($svgFilename); // Load it as XML
|
$rawSvg = file_get_contents($svgFilename);
|
||||||
|
$svg = simplexml_load_string($rawSvg); // Load it as XML
|
||||||
|
unset($rawSvg);
|
||||||
if($svg === false)
|
if($svg === false)
|
||||||
{
|
{
|
||||||
http_response_code(415);
|
http_response_code(415);
|
||||||
|
|
Loading…
Reference in a new issue