From a0d485d336e41af60ecc212e4c0b9ebba8a10e3f Mon Sep 17 00:00:00 2001
From: Brett Zamir <brettz9@gmail.com>
Date: Tue, 29 Oct 2013 06:13:33 +0000
Subject: [PATCH] Type sanitization for fileopen.php (no more need for
 character set/HTML-type concerns on htmlentities)

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2613 eee81c28-f429-11dd-99c0-75d572ba1ddd
---
 editor/extensions/fileopen.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/editor/extensions/fileopen.php b/editor/extensions/fileopen.php
index bc2ed51e..9d65f774 100644
--- a/editor/extensions/fileopen.php
+++ b/editor/extensions/fileopen.php
@@ -17,6 +17,9 @@
 	$output = file_get_contents($file);
 	
 	$type = $_REQUEST['type'];
+    if (!in_array($type, array('load_svg', 'import_svg', 'import_img'))) {
+        exit;
+    }
 	
 	$prefix = '';
 	
@@ -30,7 +33,7 @@
 <head>
 <meta charset="utf-8" />
 <script>
-window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo htmlentities($type); ?>");
+window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo $type; ?>");
 </script>
 </head><body></body>
 </html>