Add checks for accessibility of queried file names

This commit is contained in:
Joshua Ramon Enslin 2019-09-01 20:46:55 +02:00 committed by Stefan Rohde-Enslin
parent 1f766c7eca
commit 417db62419
4 changed files with 74 additions and 123 deletions

View File

@ -1,75 +0,0 @@
<?PHP
declare(strict_types = 1);
error_reporting(E_ALL);
ini_set('display_errors', "1");
require_once __DIR__ . "/functions/functions.php";
if (session_status() != PHP_SESSION_ACTIVE) {
session_start();
}
// This array contains all available languages
$allowed_langs = ['ar', 'de', 'en', 'hu', 'id', 'it', 'pl','pt'];
// Some languages are in translation. They will only be available for logged in users.
if (isset($_GET['navlang'])) {
$_SESSION['lang'] = $_GET['navlang'];
if (!in_array($_SESSION['lang'], $allowed_langs)) $_SESSION['lang'] = 'de';
}
else if (!isset($_SESSION['lang'])) {
$_SESSION['lang'] = lang_getfrombrowser($allowed_langs, 'en', "", false);
}
$lang = $_SESSION['lang'];
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
echo printHTMLHead();
echo '<div class="maincontent">';
echo '<table border="0" cellpadding="0" cellspacing="0" summary="" width="100%">';
echo '<tr>';
echo '<td width="50%">';
echo 'Please wait ... (transforming)<hr>';
require_once 'inc/zeichen.php';
$filename = $_GET['fnam'];
$csv_datei = 'csv/' . $filename;
mkdir("xml", 0755);
$fp = fopen ( $csv_datei, 'r' );
$y = 0;
while ($zeile = fgetcsv($fp, 100000, ';')) {
$y++;
$zieldatei = 'xml/' . $y . '.xml';
if (!$handle = fopen($zieldatei, 'w')) {
echo "Cannot open file ($zieldatei)";exit;
}
$somecontent = '<?xml version="1.0" encoding="ISO-8859-1"?>' . "\n"; // normal
$somecontent = $somecontent . '<record>' . "\n";
for ($x = 0; $x < count ($zeile); $x++) {
$inhalt[$y][$x] = $zeile[$x];
//if ($inhalt[$y][$x]=='') $inhalt[$y][$x]='ERSATZ';
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . transform($inhalt[$y][$x]) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //normaleinstellung
}
$somecontent = $somecontent . '</record>';
if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";exit;
}
fclose($handle);
}
fclose($fp);
echo ($y - 1) . ' files created';
echo '<br><a href="zipit.php"><img src="img/go.gif"> Download as zip</a>';
echo '</td>';
echo '</tr>';
echo '</table>';
echo '</div>';
echo '
</body>
</html>
';

View File

@ -24,13 +24,20 @@ else if (!isset($_SESSION['lang'])) {
$lang = $_SESSION['lang']; $lang = $_SESSION['lang'];
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php"; require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
require __DIR__ . '/inc/zeichen.php';
require 'inc/zeichen.php'; if (empty($filename = trim($_GET['fnam'], " ,./"))) {
$filename = $_GET['fnam']; echo "Error: Invalid file name";
$csv_datei = 'csv/' . $filename; exit;
}
$csv_datei = __DIR__ . '/csv/' . $filename;
if (!file_exists($csv_datei)) {
echo "Error: The CSV file does not exist.";
exit;
}
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml'); if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
mkdir("xml", 0755); mkdir(__DIR__ . "/xml", 0755);
$fp = fopen ($csv_datei, 'r'); $fp = fopen ($csv_datei, 'r');
$y = 0; $y = 0;
@ -42,18 +49,20 @@ while ($zeile = fgetcsv($fp, 100000, ';')) {
echo "Cannot open file ($zieldatei)";exit; echo "Cannot open file ($zieldatei)";exit;
} }
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn /////////////////////////////////// $somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
$somecontent = $somecontent . '<record>' . "\n"; $somecontent .= '<record>' . "\n";
$lineCount = count($zeile);
for ($x = 0; $x < $lineCount; $x++) {
for ($x = 0; $x < count ( $zeile ); $x++)
{
$inhalt[$y][$x] = $zeile[$x]; $inhalt[$y][$x] = $zeile[$x];
$inhalt[$y][$x] = preg_replace('/[\x00-\x1F\x7F]/u', '', $inhalt[$y][$x]); $inhalt[$y][$x] = preg_replace('/[\x00-\x1F\x7F]/u', '', $inhalt[$y][$x]);
$inhalt[$y][$x] = str_replace('>', ']', str_replace('<', '[', $inhalt[$y][$x])); $inhalt[$y][$x] = str_replace('>', ']', str_replace('<', '[', $inhalt[$y][$x]));
if (empty($inhalt[$y][$x])) continue; if (empty($inhalt[$y][$x])) continue;
//if ($y!=1) $inhalt[$y][$x] = '<![CDATA['.$inhalt[$y][$x].']]>'; //if ($y!=1) $inhalt[$y][$x] = '<![CDATA['.$inhalt[$y][$x].']]>';
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg } $somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg }
} }
$somecontent = $somecontent . '</record>'; $somecontent .= '</record>';
if (fwrite($handle, $somecontent) === FALSE) { if (fwrite($handle, $somecontent) === FALSE) {
echo "Cannot write to file ($filename)";exit; echo "Cannot write to file ($filename)";exit;
} }
@ -66,13 +75,10 @@ echo printHTMLHead();
echo ' echo '
<div> <div>
Please wait ... (transforming)
<hr />
' . ($y - 1) . ' files created ' . ($y - 1) . ' files created
<br/> <hr/>
<a href="zipit.php"><img src="img/go.gif"> Download as zip</a> <a href="zipit.php" class="buttonLike">Download as zip</a>
</div>'; </div>';
echo ' echo '

View File

@ -1,48 +1,66 @@
<?PHP <?PHP
echo '<link rel="stylesheet" type="text/css" href="css/main.css">'; declare(strict_types = 1);
echo '<div class="title">'; error_reporting(E_ALL);
echo 'museum-digital CSV to XML converter'; ini_set('display_errors', "1");
echo '</div>';
echo '<div class="maincontent">';
$semikoma = $_GET['semikoma'];
echo '<table border="0" cellpadding="0" cellspacing="0" summary="" width="100%">';
echo '<tr>';
echo '<td width="50%">';
echo 'Please wait ... (transforming)<hr>';
require 'inc/zeichen.php'; require_once __DIR__ . "/functions/functions.php";
$filename = $_GET['fnam'];
$csv_datei = 'csv/' . $filename;
if (!file_exists("xml")) { if (session_status() != PHP_SESSION_ACTIVE) {
mkdir("xml", 0700); session_start();
} }
$fp = fopen ( $csv_datei, 'r' ); // This array contains all available languages
$allowed_langs = ['ar', 'de', 'en', 'hu', 'id', 'it', 'pl','pt'];
// Some languages are in translation. They will only be available for logged in users.
if (isset($_GET['navlang'])) {
$_SESSION['lang'] = $_GET['navlang'];
if (!in_array($_SESSION['lang'], $allowed_langs)) $_SESSION['lang'] = 'de';
}
else if (!isset($_SESSION['lang'])) {
$_SESSION['lang'] = lang_getfrombrowser($allowed_langs, 'en', "", false);
}
$lang = $_SESSION['lang'];
require __DIR__ . '/inc/zeichen.php';
if (empty($filename = trim($_GET['fnam'], " ,./"))) {
echo "Error: Invalid file name";
exit;
}
$csv_datei = __DIR__ . '/csv/' . $filename;
if (!file_exists($csv_datei)) {
echo "Error: The CSV file does not exist.";
exit;
}
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
mkdir(__DIR__ . "/xml", 0755);
$fp = fopen ($csv_datei, 'r');
$y = 0; $y = 0;
while ( $zeile = fgetcsv ( $fp, 100000, ';' ) ) while ($zeile = fgetcsv($fp, 100000, ';')) {
{
$y++; $y++;
//echo '<b>Zeile='.$y.' Anzahl in Zeile: '.count ( $zeile ).'</b><br>';
$zieldatei = 'xml/' . $y . '.xml'; $zieldatei = 'xml/' . $y . '.xml';
if (!$handle = fopen($zieldatei, 'w')) { if (!$handle = fopen($zieldatei, 'w')) {
echo "Cannot open file ($zieldatei)";exit; echo "Cannot open file ($zieldatei)";exit;
} }
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn /////////////////////////////////// $somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
/*$somecontent='<?xml version="1.0" encoding="ISO-8859-1"?>'."\n"; // normal */ /*$somecontent='<?xml version="1.0" encoding="ISO-8859-1"?>'."\n"; // normal */
$somecontent = $somecontent . '<record>' . "\n"; $somecontent .= '<record>' . "\n";
for ($x = 0; $x < count ( $zeile ); $x++) $lineCount = count($zeile);
{
for ($x = 0; $x < $lineCount; $x++) {
$inhalt[$y][$x] = $zeile[$x]; $inhalt[$y][$x] = $zeile[$x];
//echo '<b>'.$inhalt[1][$x].'</b> --> '.$zeile[$x].'<br>';
if ($inhalt[$y][$x] == '') $inhalt[$y][$x] = 'ERSATZ'; if ($inhalt[$y][$x] == '') $inhalt[$y][$x] = 'ERSATZ';
//$somecontent=$somecontent.'<'.tagify(transform($inhalt[1][$x])).'>'.utf8_decode(transform($inhalt[$y][$x])).'</'.tagify(transform($inhalt[1][$x])).'>'."\n"; // für utf8
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg ////////////////////////////////////////////////////////////// $somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg //////////////////////////////////////////////////////////////
//$somecontent=$somecontent.'<'.tagify(transform($inhalt[1][$x])).'>'.transform($inhalt[$y][$x]).'</'.tagify(transform($inhalt[1][$x])).'>'."\n"; //normaleinstellung
} }
$somecontent = $somecontent . '</record>';
$somecontent .= '</record>';
//if ($y>1) //if ($y>1)
//{ //{
if (fwrite($handle, $somecontent) === FALSE) { if (fwrite($handle, $somecontent) === FALSE) {
@ -54,9 +72,12 @@ while ( $zeile = fgetcsv ( $fp, 100000, ';' ) )
} }
fclose($fp); fclose($fp);
echo ($y - 1) . ' files created';
echo '<br><a href="zipit.php"><img src="img/go.gif"> Download as zip</a>'; echo printHTMLHead();
echo '</td>';
echo '</tr>'; echo '
echo '</table>'; <div>
echo '</div>'; ' . ($y - 1) . ' files created<br />
<hr/>
<a href="zipit.php" class="buttonLike">Download as ZIP</a>
</div>';

View File

@ -23,10 +23,9 @@ echo printHTMLHead();
echo " echo "
<div> <div>
<p>The file has been uploaded: <b>" . basename( $_FILES['uploaded']['name']) . "</b>.</p> <p>The file has been uploaded: <b>" . basename( $_FILES['uploaded']['name']) . "</b>.</p>
<hr> <hr />
<h3>How to proceed?</h3> <h3>How to proceed?</h3>
<ul class='actionList'> <ul class='actionList'>
<li><a href='index2.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (iso8859)</a></li>
<li><a href='index4.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (utf-8)</a></li> <li><a href='index4.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (utf-8)</a></li>
<li><a href='index3.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Check validity for museum-digital import</a></li> <li><a href='index3.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Check validity for museum-digital import</a></li>
</ul> </ul>