Add checks for accessibility of queried file names
This commit is contained in:
parent
1f766c7eca
commit
417db62419
75
index2.php
75
index2.php
|
@ -1,75 +0,0 @@
|
|||
<?PHP
|
||||
declare(strict_types = 1);
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', "1");
|
||||
|
||||
require_once __DIR__ . "/functions/functions.php";
|
||||
|
||||
if (session_status() != PHP_SESSION_ACTIVE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
// This array contains all available languages
|
||||
$allowed_langs = ['ar', 'de', 'en', 'hu', 'id', 'it', 'pl','pt'];
|
||||
|
||||
// Some languages are in translation. They will only be available for logged in users.
|
||||
|
||||
if (isset($_GET['navlang'])) {
|
||||
$_SESSION['lang'] = $_GET['navlang'];
|
||||
if (!in_array($_SESSION['lang'], $allowed_langs)) $_SESSION['lang'] = 'de';
|
||||
}
|
||||
else if (!isset($_SESSION['lang'])) {
|
||||
$_SESSION['lang'] = lang_getfrombrowser($allowed_langs, 'en', "", false);
|
||||
}
|
||||
$lang = $_SESSION['lang'];
|
||||
|
||||
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
|
||||
|
||||
echo printHTMLHead();
|
||||
|
||||
echo '<div class="maincontent">';
|
||||
echo '<table border="0" cellpadding="0" cellspacing="0" summary="" width="100%">';
|
||||
echo '<tr>';
|
||||
echo '<td width="50%">';
|
||||
echo 'Please wait ... (transforming)<hr>';
|
||||
require_once 'inc/zeichen.php';
|
||||
$filename = $_GET['fnam'];
|
||||
$csv_datei = 'csv/' . $filename;
|
||||
|
||||
mkdir("xml", 0755);
|
||||
$fp = fopen ( $csv_datei, 'r' );
|
||||
$y = 0;
|
||||
while ($zeile = fgetcsv($fp, 100000, ';')) {
|
||||
|
||||
$y++;
|
||||
$zieldatei = 'xml/' . $y . '.xml';
|
||||
if (!$handle = fopen($zieldatei, 'w')) {
|
||||
echo "Cannot open file ($zieldatei)";exit;
|
||||
}
|
||||
$somecontent = '<?xml version="1.0" encoding="ISO-8859-1"?>' . "\n"; // normal
|
||||
$somecontent = $somecontent . '<record>' . "\n";
|
||||
|
||||
for ($x = 0; $x < count ($zeile); $x++) {
|
||||
$inhalt[$y][$x] = $zeile[$x];
|
||||
//if ($inhalt[$y][$x]=='') $inhalt[$y][$x]='ERSATZ';
|
||||
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . transform($inhalt[$y][$x]) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //normaleinstellung
|
||||
}
|
||||
$somecontent = $somecontent . '</record>';
|
||||
if (fwrite($handle, $somecontent) === FALSE) {
|
||||
echo "Cannot write to file ($filename)";exit;
|
||||
}
|
||||
fclose($handle);
|
||||
}
|
||||
fclose($fp);
|
||||
echo ($y - 1) . ' files created';
|
||||
echo '<br><a href="zipit.php"><img src="img/go.gif"> Download as zip</a>';
|
||||
echo '</td>';
|
||||
echo '</tr>';
|
||||
echo '</table>';
|
||||
echo '</div>';
|
||||
|
||||
echo '
|
||||
|
||||
</body>
|
||||
</html>
|
||||
';
|
34
index4.php
34
index4.php
|
@ -24,13 +24,20 @@ else if (!isset($_SESSION['lang'])) {
|
|||
$lang = $_SESSION['lang'];
|
||||
|
||||
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
|
||||
require __DIR__ . '/inc/zeichen.php';
|
||||
|
||||
require 'inc/zeichen.php';
|
||||
$filename = $_GET['fnam'];
|
||||
$csv_datei = 'csv/' . $filename;
|
||||
if (empty($filename = trim($_GET['fnam'], " ,./"))) {
|
||||
echo "Error: Invalid file name";
|
||||
exit;
|
||||
}
|
||||
$csv_datei = __DIR__ . '/csv/' . $filename;
|
||||
if (!file_exists($csv_datei)) {
|
||||
echo "Error: The CSV file does not exist.";
|
||||
exit;
|
||||
}
|
||||
|
||||
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
|
||||
mkdir("xml", 0755);
|
||||
mkdir(__DIR__ . "/xml", 0755);
|
||||
|
||||
$fp = fopen ($csv_datei, 'r');
|
||||
$y = 0;
|
||||
|
@ -42,18 +49,20 @@ while ($zeile = fgetcsv($fp, 100000, ';')) {
|
|||
echo "Cannot open file ($zieldatei)";exit;
|
||||
}
|
||||
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
|
||||
$somecontent = $somecontent . '<record>' . "\n";
|
||||
$somecontent .= '<record>' . "\n";
|
||||
|
||||
$lineCount = count($zeile);
|
||||
for ($x = 0; $x < $lineCount; $x++) {
|
||||
|
||||
for ($x = 0; $x < count ( $zeile ); $x++)
|
||||
{
|
||||
$inhalt[$y][$x] = $zeile[$x];
|
||||
$inhalt[$y][$x] = preg_replace('/[\x00-\x1F\x7F]/u', '', $inhalt[$y][$x]);
|
||||
$inhalt[$y][$x] = str_replace('>', ']', str_replace('<', '[', $inhalt[$y][$x]));
|
||||
if (empty($inhalt[$y][$x])) continue;
|
||||
//if ($y!=1) $inhalt[$y][$x] = '<![CDATA['.$inhalt[$y][$x].']]>';
|
||||
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg }
|
||||
|
||||
}
|
||||
$somecontent = $somecontent . '</record>';
|
||||
$somecontent .= '</record>';
|
||||
if (fwrite($handle, $somecontent) === FALSE) {
|
||||
echo "Cannot write to file ($filename)";exit;
|
||||
}
|
||||
|
@ -66,13 +75,10 @@ echo printHTMLHead();
|
|||
|
||||
echo '
|
||||
<div>
|
||||
Please wait ... (transforming)
|
||||
<hr />
|
||||
|
||||
' . ($y - 1) . ' files created
|
||||
<br/>
|
||||
<a href="zipit.php"><img src="img/go.gif"> Download as zip</a>
|
||||
|
||||
<hr/>
|
||||
<a href="zipit.php" class="buttonLike">Download as zip</a>
|
||||
|
||||
</div>';
|
||||
|
||||
echo '
|
||||
|
|
85
index6.php
85
index6.php
|
@ -1,48 +1,66 @@
|
|||
<?PHP
|
||||
echo '<link rel="stylesheet" type="text/css" href="css/main.css">';
|
||||
echo '<div class="title">';
|
||||
echo 'museum-digital CSV to XML converter';
|
||||
echo '</div>';
|
||||
echo '<div class="maincontent">';
|
||||
$semikoma = $_GET['semikoma'];
|
||||
echo '<table border="0" cellpadding="0" cellspacing="0" summary="" width="100%">';
|
||||
echo '<tr>';
|
||||
echo '<td width="50%">';
|
||||
echo 'Please wait ... (transforming)<hr>';
|
||||
declare(strict_types = 1);
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', "1");
|
||||
|
||||
require 'inc/zeichen.php';
|
||||
$filename = $_GET['fnam'];
|
||||
$csv_datei = 'csv/' . $filename;
|
||||
require_once __DIR__ . "/functions/functions.php";
|
||||
|
||||
if (!file_exists("xml")) {
|
||||
mkdir("xml", 0700);
|
||||
if (session_status() != PHP_SESSION_ACTIVE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
$fp = fopen ( $csv_datei, 'r' );
|
||||
// This array contains all available languages
|
||||
$allowed_langs = ['ar', 'de', 'en', 'hu', 'id', 'it', 'pl','pt'];
|
||||
|
||||
// Some languages are in translation. They will only be available for logged in users.
|
||||
|
||||
if (isset($_GET['navlang'])) {
|
||||
$_SESSION['lang'] = $_GET['navlang'];
|
||||
if (!in_array($_SESSION['lang'], $allowed_langs)) $_SESSION['lang'] = 'de';
|
||||
}
|
||||
else if (!isset($_SESSION['lang'])) {
|
||||
$_SESSION['lang'] = lang_getfrombrowser($allowed_langs, 'en', "", false);
|
||||
}
|
||||
$lang = $_SESSION['lang'];
|
||||
|
||||
require __DIR__ . '/inc/zeichen.php';
|
||||
|
||||
if (empty($filename = trim($_GET['fnam'], " ,./"))) {
|
||||
echo "Error: Invalid file name";
|
||||
exit;
|
||||
}
|
||||
$csv_datei = __DIR__ . '/csv/' . $filename;
|
||||
if (!file_exists($csv_datei)) {
|
||||
echo "Error: The CSV file does not exist.";
|
||||
exit;
|
||||
}
|
||||
|
||||
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
|
||||
mkdir(__DIR__ . "/xml", 0755);
|
||||
|
||||
$fp = fopen ($csv_datei, 'r');
|
||||
$y = 0;
|
||||
while ( $zeile = fgetcsv ( $fp, 100000, ';' ) )
|
||||
{
|
||||
while ($zeile = fgetcsv($fp, 100000, ';')) {
|
||||
|
||||
$y++;
|
||||
//echo '<b>Zeile='.$y.' Anzahl in Zeile: '.count ( $zeile ).'</b><br>';
|
||||
$zieldatei = 'xml/' . $y . '.xml';
|
||||
if (!$handle = fopen($zieldatei, 'w')) {
|
||||
echo "Cannot open file ($zieldatei)";exit;
|
||||
}
|
||||
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
|
||||
/*$somecontent='<?xml version="1.0" encoding="ISO-8859-1"?>'."\n"; // normal */
|
||||
$somecontent = $somecontent . '<record>' . "\n";
|
||||
$somecontent .= '<record>' . "\n";
|
||||
|
||||
for ($x = 0; $x < count ( $zeile ); $x++)
|
||||
{
|
||||
$lineCount = count($zeile);
|
||||
|
||||
for ($x = 0; $x < $lineCount; $x++) {
|
||||
$inhalt[$y][$x] = $zeile[$x];
|
||||
//echo '<b>'.$inhalt[1][$x].'</b> --> '.$zeile[$x].'<br>';
|
||||
if ($inhalt[$y][$x] == '') $inhalt[$y][$x] = 'ERSATZ';
|
||||
//$somecontent=$somecontent.'<'.tagify(transform($inhalt[1][$x])).'>'.utf8_decode(transform($inhalt[$y][$x])).'</'.tagify(transform($inhalt[1][$x])).'>'."\n"; // für utf8
|
||||
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg //////////////////////////////////////////////////////////////
|
||||
|
||||
//$somecontent=$somecontent.'<'.tagify(transform($inhalt[1][$x])).'>'.transform($inhalt[$y][$x]).'</'.tagify(transform($inhalt[1][$x])).'>'."\n"; //normaleinstellung
|
||||
}
|
||||
$somecontent = $somecontent . '</record>';
|
||||
|
||||
$somecontent .= '</record>';
|
||||
//if ($y>1)
|
||||
//{
|
||||
if (fwrite($handle, $somecontent) === FALSE) {
|
||||
|
@ -54,9 +72,12 @@ while ( $zeile = fgetcsv ( $fp, 100000, ';' ) )
|
|||
}
|
||||
fclose($fp);
|
||||
|
||||
echo ($y - 1) . ' files created';
|
||||
echo '<br><a href="zipit.php"><img src="img/go.gif"> Download as zip</a>';
|
||||
echo '</td>';
|
||||
echo '</tr>';
|
||||
echo '</table>';
|
||||
echo '</div>';
|
||||
|
||||
echo printHTMLHead();
|
||||
|
||||
echo '
|
||||
<div>
|
||||
' . ($y - 1) . ' files created<br />
|
||||
<hr/>
|
||||
<a href="zipit.php" class="buttonLike">Download as ZIP</a>
|
||||
</div>';
|
||||
|
|
|
@ -23,10 +23,9 @@ echo printHTMLHead();
|
|||
echo "
|
||||
<div>
|
||||
<p>The file has been uploaded: <b>" . basename( $_FILES['uploaded']['name']) . "</b>.</p>
|
||||
<hr>
|
||||
<hr />
|
||||
<h3>How to proceed?</h3>
|
||||
<ul class='actionList'>
|
||||
<li><a href='index2.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (iso8859)</a></li>
|
||||
<li><a href='index4.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (utf-8)</a></li>
|
||||
<li><a href='index3.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Check validity for museum-digital import</a></li>
|
||||
</ul>
|
||||
|
|
Loading…
Reference in New Issue
Block a user