m3x1m0m
/
vector2latex
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Sanitized directory input string

master
Maximilian Stiefel 4 years ago
parent
46f42a6cb4
commit
2d135fdb54
2 changed files with 13 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Dockerfile
  2. 15
      web/converter.php

6
Dockerfile
View File

@ -24,7 +24,7 @@ RUN apt install unzip wget -y
RUN mkdir -p /var/www/html/images && chmod -R 777 /var/www/html/images
# Compile and install inkscape
RUN cd /tmp \
&& wget https://gitlab.com/inkscape/inkscape/-/archive/INKSCAPE_1_0/inkscape-INKSCAPE_1_0.zip
&& wget https://gitlab.com/inkscape/inkscape/-/archive/INKSCAPE_1_0/inkscape-INKSCAPE_1_0.zip \
&& wget https://gitlab.com/inkscape/inkscape-ci-docker/-/raw/master/install_dependencies.sh
RUN cd /tmp \
&& chmod +x install_dependencies.sh \
@ -38,7 +38,7 @@ RUN cd /tmp \
&& make -j4 \
&& make install
# Install rpl
RUN apt install rpl
RUN apt remove unzip wget
RUN apt install rpl -y
RUN apt remove unzip wget -y
# Run apache
CMD apachectl -D FOREGROUND

15
web/converter.php
View File

@ -27,10 +27,14 @@
$file_ext=strtolower(end(explode('.',$_FILES['image']['name'])));
$extensions= array("svg");
$upload_dir = "./images/";
$dir_name = $_POST['dir_name'];
$without_extension = pathinfo($file_name, PATHINFO_FILENAME);
$dir_str = $without_extension = pathinfo($file_name, PATHINFO_FILENAME);
$dir_name = "";
echo "Desired directory name is: ".$dir_name."</br>";
if (preg_match("/^[a-zA-Z0-9_]*$/", $_POST['dir_name'])) {
$dir_name = $_POST['dir_name'];
} else {
$errors[] = "Error: For a directory name only alphanumeric characters and underscore are allowed.";
}
if (strlen($dir_name) == 0) {
$errors[] = "Error: Please enter directory name.";
}
@ -38,14 +42,15 @@
$errors[]="Error: Extension not allowed, please choose a JPEG or PNG file.";
}
if(empty($errors)==true) {
echo "Desired directory name is: ".$dir_name."</br>";
//$new_name = md5(time() . $file_name);
unlink($upload_dir.$file_name);
unlink($upload_dir.$without_extension.".pdf");
unlink($upload_dir.$without_extension.".pdf_tex");
if (move_uploaded_file($file_tmp, $upload_dir.$file_name)) {
echo "Upload successful.</br>";
$current_dir = getcwd();
echo "Current directory is ".$current_dir."</br>";
//$current_dir = getcwd();
//echo "Current directory is ".$current_dir."</br>";
$output = shell_exec("./svg-to-latex.sh ".$upload_dir.$file_name." ".$dir_name);
echo "</p>";
echo "Conversion results : </br>";

Write Preview
Loading…
Cancel
Save