m3x1m0m
/
vector2latex
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Sanitized directory input string

master
Maximilian Stiefel 4 years ago
parent
46f42a6cb4
commit
2d135fdb54
2 changed files with 13 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      Dockerfile
  2. 15
      web/converter.php

6
Dockerfile
View File

@ -24,7 +24,7 @@ RUN apt install unzip wget -y
RUN mkdir -p /var/www/html/images && chmod -R 777 /var/www/html/images RUN mkdir -p /var/www/html/images && chmod -R 777 /var/www/html/images
# Compile and install inkscape # Compile and install inkscape
RUN cd /tmp \ RUN cd /tmp \
&& wget https://gitlab.com/inkscape/inkscape/-/archive/INKSCAPE_1_0/inkscape-INKSCAPE_1_0.zip && wget https://gitlab.com/inkscape/inkscape/-/archive/INKSCAPE_1_0/inkscape-INKSCAPE_1_0.zip \
&& wget https://gitlab.com/inkscape/inkscape-ci-docker/-/raw/master/install_dependencies.sh && wget https://gitlab.com/inkscape/inkscape-ci-docker/-/raw/master/install_dependencies.sh
RUN cd /tmp \ RUN cd /tmp \
&& chmod +x install_dependencies.sh \ && chmod +x install_dependencies.sh \
@ -38,7 +38,7 @@ RUN cd /tmp \
&& make -j4 \ && make -j4 \
&& make install && make install
# Install rpl # Install rpl
RUN apt install rpl RUN apt install rpl -y
RUN apt remove unzip wget RUN apt remove unzip wget -y
# Run apache # Run apache
CMD apachectl -D FOREGROUND CMD apachectl -D FOREGROUND

15
web/converter.php
View File

@ -27,10 +27,14 @@
$file_ext=strtolower(end(explode('.',$_FILES['image']['name']))); $file_ext=strtolower(end(explode('.',$_FILES['image']['name'])));
$extensions= array("svg"); $extensions= array("svg");
$upload_dir = "./images/"; $upload_dir = "./images/";
$dir_name = $_POST['dir_name']; $dir_str = $without_extension = pathinfo($file_name, PATHINFO_FILENAME);
$without_extension = pathinfo($file_name, PATHINFO_FILENAME); $dir_name = "";
echo "Desired directory name is: ".$dir_name."</br>"; if (preg_match("/^[a-zA-Z0-9_]*$/", $_POST['dir_name'])) {
$dir_name = $_POST['dir_name'];
} else {
$errors[] = "Error: For a directory name only alphanumeric characters and underscore are allowed.";
}
if (strlen($dir_name) == 0) { if (strlen($dir_name) == 0) {
$errors[] = "Error: Please enter directory name."; $errors[] = "Error: Please enter directory name.";
} }
@ -38,14 +42,15 @@
$errors[]="Error: Extension not allowed, please choose a JPEG or PNG file."; $errors[]="Error: Extension not allowed, please choose a JPEG or PNG file.";
} }
if(empty($errors)==true) { if(empty($errors)==true) {
echo "Desired directory name is: ".$dir_name."</br>";
//$new_name = md5(time() . $file_name); //$new_name = md5(time() . $file_name);
unlink($upload_dir.$file_name); unlink($upload_dir.$file_name);
unlink($upload_dir.$without_extension.".pdf"); unlink($upload_dir.$without_extension.".pdf");
unlink($upload_dir.$without_extension.".pdf_tex"); unlink($upload_dir.$without_extension.".pdf_tex");
if (move_uploaded_file($file_tmp, $upload_dir.$file_name)) { if (move_uploaded_file($file_tmp, $upload_dir.$file_name)) {
echo "Upload successful.</br>"; echo "Upload successful.</br>";
$current_dir = getcwd(); //$current_dir = getcwd();
echo "Current directory is ".$current_dir."</br>"; //echo "Current directory is ".$current_dir."</br>";
$output = shell_exec("./svg-to-latex.sh ".$upload_dir.$file_name." ".$dir_name); $output = shell_exec("./svg-to-latex.sh ".$upload_dir.$file_name." ".$dir_name);
echo "</p>"; echo "</p>";
echo "Conversion results : </br>"; echo "Conversion results : </br>";

Write Preview
Loading…
Cancel
Save