museum-digital/csvxml
35
0
Fork 0
Code Issues 2 Pull Requests Releases Activity

Add checks for accessibility of queried file names

Browse Source
This commit is contained in:
Joshua Ramon Enslin
2019-09-01 20:46:55 +02:00
committed by Stefan Rohde-Enslin
parent 1f766c7eca
commit 417db62419
4 changed files with 74 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
index4.php
View File

@ -24,13 +24,20 @@ else if (!isset($_SESSION['lang'])) {
$lang = $_SESSION['lang'];
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
require __DIR__ . '/inc/zeichen.php';
require 'inc/zeichen.php';
$filename = $_GET['fnam'];
$csv_datei = 'csv/' . $filename;
if (empty($filename = trim($_GET['fnam'], " ,./"))) {
echo "Error: Invalid file name";
exit;
}
$csv_datei = __DIR__ . '/csv/' . $filename;
if (!file_exists($csv_datei)) {
echo "Error: The CSV file does not exist.";
exit;
}
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
mkdir("xml", 0755);
mkdir(__DIR__ . "/xml", 0755);
$fp = fopen ($csv_datei, 'r');
$y = 0;
@ -42,18 +49,20 @@ while ($zeile = fgetcsv($fp, 100000, ';')) {
echo "Cannot open file ($zieldatei)";exit;
}
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
$somecontent = $somecontent . '<record>' . "\n";
$somecontent .= '<record>' . "\n";
$lineCount = count($zeile);
for ($x = 0; $x < $lineCount; $x++) {
for ($x = 0; $x < count ( $zeile ); $x++)
{
$inhalt[$y][$x] = $zeile[$x];
$inhalt[$y][$x] = preg_replace('/[\x00-\x1F\x7F]/u', '', $inhalt[$y][$x]);
$inhalt[$y][$x] = str_replace('>', ']', str_replace('<', '[', $inhalt[$y][$x]));
if (empty($inhalt[$y][$x])) continue;
//if ($y!=1) $inhalt[$y][$x] = '<![CDATA['.$inhalt[$y][$x].']]>';
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg }
}
$somecontent = $somecontent . '</record>';
$somecontent .= '</record>';
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";exit;
}
@ -66,13 +75,10 @@ echo printHTMLHead();
echo '
<div>
Please wait ... (transforming)
<hr />
' . ($y - 1) . ' files created
<br/>
<a href="zipit.php"><img src="img/go.gif"> Download as zip</a>
<hr/>
<a href="zipit.php" class="buttonLike">Download as zip</a>
</div>';
echo '