zcy
/
svgedit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Type sanitization for fileopen.php (no more need for character set/HTML-type concerns on htmlentities) 

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2613 eee81c28-f429-11dd-99c0-75d572ba1ddd
master
Brett Zamir 2013-10-29 06:13:33 +00:00
parent 6ad70cf440
commit a0d485d336
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
editor/extensions/fileopen.php
View File

@ -17,6 +17,9 @@
$output = file_get_contents($file); $output = file_get_contents($file);
$type = $_REQUEST['type']; $type = $_REQUEST['type'];
if (!in_array($type, array('load_svg', 'import_svg', 'import_img'))) {
exit;
}
$prefix = ''; $prefix = '';
@ -30,7 +33,7 @@
<head> <head>
<meta charset="utf-8" /> <meta charset="utf-8" />
<script> <script>
window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo htmlentities($type); ?>"); window.top.window.svgEditor.processFile("<?php echo $prefix . base64_encode($output); ?>", "<?php echo $type; ?>");
</script> </script>
</head><body></body> </head><body></body>
</html> </html>