Add checks for accessibility of queried file names
This commit is contained in:
parent
1f766c7eca
commit
417db62419
75
index2.php
75
index2.php
|
@ -1,75 +0,0 @@
|
||||||
<?PHP
|
|
||||||
declare(strict_types = 1);
|
|
||||||
error_reporting(E_ALL);
|
|
||||||
ini_set('display_errors', "1");
|
|
||||||
|
|
||||||
require_once __DIR__ . "/functions/functions.php";
|
|
||||||
|
|
||||||
if (session_status() != PHP_SESSION_ACTIVE) {
|
|
||||||
session_start();
|
|
||||||
}
|
|
||||||
|
|
||||||
// This array contains all available languages
|
|
||||||
$allowed_langs = ['ar', 'de', 'en', 'hu', 'id', 'it', 'pl','pt'];
|
|
||||||
|
|
||||||
// Some languages are in translation. They will only be available for logged in users.
|
|
||||||
|
|
||||||
if (isset($_GET['navlang'])) {
|
|
||||||
$_SESSION['lang'] = $_GET['navlang'];
|
|
||||||
if (!in_array($_SESSION['lang'], $allowed_langs)) $_SESSION['lang'] = 'de';
|
|
||||||
}
|
|
||||||
else if (!isset($_SESSION['lang'])) {
|
|
||||||
$_SESSION['lang'] = lang_getfrombrowser($allowed_langs, 'en', "", false);
|
|
||||||
}
|
|
||||||
$lang = $_SESSION['lang'];
|
|
||||||
|
|
||||||
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
|
|
||||||
|
|
||||||
echo printHTMLHead();
|
|
||||||
|
|
||||||
echo '<div class="maincontent">';
|
|
||||||
echo '<table border="0" cellpadding="0" cellspacing="0" summary="" width="100%">';
|
|
||||||
echo '<tr>';
|
|
||||||
echo '<td width="50%">';
|
|
||||||
echo 'Please wait ... (transforming)<hr>';
|
|
||||||
require_once 'inc/zeichen.php';
|
|
||||||
$filename = $_GET['fnam'];
|
|
||||||
$csv_datei = 'csv/' . $filename;
|
|
||||||
|
|
||||||
mkdir("xml", 0755);
|
|
||||||
$fp = fopen ( $csv_datei, 'r' );
|
|
||||||
$y = 0;
|
|
||||||
while ($zeile = fgetcsv($fp, 100000, ';')) {
|
|
||||||
|
|
||||||
$y++;
|
|
||||||
$zieldatei = 'xml/' . $y . '.xml';
|
|
||||||
if (!$handle = fopen($zieldatei, 'w')) {
|
|
||||||
echo "Cannot open file ($zieldatei)";exit;
|
|
||||||
}
|
|
||||||
$somecontent = '<?xml version="1.0" encoding="ISO-8859-1"?>' . "\n"; // normal
|
|
||||||
$somecontent = $somecontent . '<record>' . "\n";
|
|
||||||
|
|
||||||
for ($x = 0; $x < count ($zeile); $x++) {
|
|
||||||
$inhalt[$y][$x] = $zeile[$x];
|
|
||||||
//if ($inhalt[$y][$x]=='') $inhalt[$y][$x]='ERSATZ';
|
|
||||||
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . transform($inhalt[$y][$x]) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //normaleinstellung
|
|
||||||
}
|
|
||||||
$somecontent = $somecontent . '</record>';
|
|
||||||
if (fwrite($handle, $somecontent) === FALSE) {
|
|
||||||
echo "Cannot write to file ($filename)";exit;
|
|
||||||
}
|
|
||||||
fclose($handle);
|
|
||||||
}
|
|
||||||
fclose($fp);
|
|
||||||
echo ($y - 1) . ' files created';
|
|
||||||
echo '<br><a href="zipit.php"><img src="img/go.gif"> Download as zip</a>';
|
|
||||||
echo '</td>';
|
|
||||||
echo '</tr>';
|
|
||||||
echo '</table>';
|
|
||||||
echo '</div>';
|
|
||||||
|
|
||||||
echo '
|
|
||||||
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
';
|
|
34
index4.php
34
index4.php
|
@ -24,13 +24,20 @@ else if (!isset($_SESSION['lang'])) {
|
||||||
$lang = $_SESSION['lang'];
|
$lang = $_SESSION['lang'];
|
||||||
|
|
||||||
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
|
require __DIR__ . "/translation-importer/$lang/csvxml-overview.php";
|
||||||
|
require __DIR__ . '/inc/zeichen.php';
|
||||||
|
|
||||||
require 'inc/zeichen.php';
|
if (empty($filename = trim($_GET['fnam'], " ,./"))) {
|
||||||
$filename = $_GET['fnam'];
|
echo "Error: Invalid file name";
|
||||||
$csv_datei = 'csv/' . $filename;
|
exit;
|
||||||
|
}
|
||||||
|
$csv_datei = __DIR__ . '/csv/' . $filename;
|
||||||
|
if (!file_exists($csv_datei)) {
|
||||||
|
echo "Error: The CSV file does not exist.";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
|
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
|
||||||
mkdir("xml", 0755);
|
mkdir(__DIR__ . "/xml", 0755);
|
||||||
|
|
||||||
$fp = fopen ($csv_datei, 'r');
|
$fp = fopen ($csv_datei, 'r');
|
||||||
$y = 0;
|
$y = 0;
|
||||||
|
@ -42,18 +49,20 @@ while ($zeile = fgetcsv($fp, 100000, ';')) {
|
||||||
echo "Cannot open file ($zieldatei)";exit;
|
echo "Cannot open file ($zieldatei)";exit;
|
||||||
}
|
}
|
||||||
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
|
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
|
||||||
$somecontent = $somecontent . '<record>' . "\n";
|
$somecontent .= '<record>' . "\n";
|
||||||
|
|
||||||
|
$lineCount = count($zeile);
|
||||||
|
for ($x = 0; $x < $lineCount; $x++) {
|
||||||
|
|
||||||
for ($x = 0; $x < count ( $zeile ); $x++)
|
|
||||||
{
|
|
||||||
$inhalt[$y][$x] = $zeile[$x];
|
$inhalt[$y][$x] = $zeile[$x];
|
||||||
$inhalt[$y][$x] = preg_replace('/[\x00-\x1F\x7F]/u', '', $inhalt[$y][$x]);
|
$inhalt[$y][$x] = preg_replace('/[\x00-\x1F\x7F]/u', '', $inhalt[$y][$x]);
|
||||||
$inhalt[$y][$x] = str_replace('>', ']', str_replace('<', '[', $inhalt[$y][$x]));
|
$inhalt[$y][$x] = str_replace('>', ']', str_replace('<', '[', $inhalt[$y][$x]));
|
||||||
if (empty($inhalt[$y][$x])) continue;
|
if (empty($inhalt[$y][$x])) continue;
|
||||||
//if ($y!=1) $inhalt[$y][$x] = '<![CDATA['.$inhalt[$y][$x].']]>';
|
//if ($y!=1) $inhalt[$y][$x] = '<![CDATA['.$inhalt[$y][$x].']]>';
|
||||||
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg }
|
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg }
|
||||||
|
|
||||||
}
|
}
|
||||||
$somecontent = $somecontent . '</record>';
|
$somecontent .= '</record>';
|
||||||
if (fwrite($handle, $somecontent) === FALSE) {
|
if (fwrite($handle, $somecontent) === FALSE) {
|
||||||
echo "Cannot write to file ($filename)";exit;
|
echo "Cannot write to file ($filename)";exit;
|
||||||
}
|
}
|
||||||
|
@ -66,13 +75,10 @@ echo printHTMLHead();
|
||||||
|
|
||||||
echo '
|
echo '
|
||||||
<div>
|
<div>
|
||||||
Please wait ... (transforming)
|
|
||||||
<hr />
|
|
||||||
|
|
||||||
' . ($y - 1) . ' files created
|
' . ($y - 1) . ' files created
|
||||||
<br/>
|
<hr/>
|
||||||
<a href="zipit.php"><img src="img/go.gif"> Download as zip</a>
|
<a href="zipit.php" class="buttonLike">Download as zip</a>
|
||||||
|
|
||||||
</div>';
|
</div>';
|
||||||
|
|
||||||
echo '
|
echo '
|
||||||
|
|
85
index6.php
85
index6.php
|
@ -1,48 +1,66 @@
|
||||||
<?PHP
|
<?PHP
|
||||||
echo '<link rel="stylesheet" type="text/css" href="css/main.css">';
|
declare(strict_types = 1);
|
||||||
echo '<div class="title">';
|
error_reporting(E_ALL);
|
||||||
echo 'museum-digital CSV to XML converter';
|
ini_set('display_errors', "1");
|
||||||
echo '</div>';
|
|
||||||
echo '<div class="maincontent">';
|
|
||||||
$semikoma = $_GET['semikoma'];
|
|
||||||
echo '<table border="0" cellpadding="0" cellspacing="0" summary="" width="100%">';
|
|
||||||
echo '<tr>';
|
|
||||||
echo '<td width="50%">';
|
|
||||||
echo 'Please wait ... (transforming)<hr>';
|
|
||||||
|
|
||||||
require 'inc/zeichen.php';
|
require_once __DIR__ . "/functions/functions.php";
|
||||||
$filename = $_GET['fnam'];
|
|
||||||
$csv_datei = 'csv/' . $filename;
|
|
||||||
|
|
||||||
if (!file_exists("xml")) {
|
if (session_status() != PHP_SESSION_ACTIVE) {
|
||||||
mkdir("xml", 0700);
|
session_start();
|
||||||
}
|
}
|
||||||
|
|
||||||
$fp = fopen ( $csv_datei, 'r' );
|
// This array contains all available languages
|
||||||
|
$allowed_langs = ['ar', 'de', 'en', 'hu', 'id', 'it', 'pl','pt'];
|
||||||
|
|
||||||
|
// Some languages are in translation. They will only be available for logged in users.
|
||||||
|
|
||||||
|
if (isset($_GET['navlang'])) {
|
||||||
|
$_SESSION['lang'] = $_GET['navlang'];
|
||||||
|
if (!in_array($_SESSION['lang'], $allowed_langs)) $_SESSION['lang'] = 'de';
|
||||||
|
}
|
||||||
|
else if (!isset($_SESSION['lang'])) {
|
||||||
|
$_SESSION['lang'] = lang_getfrombrowser($allowed_langs, 'en', "", false);
|
||||||
|
}
|
||||||
|
$lang = $_SESSION['lang'];
|
||||||
|
|
||||||
|
require __DIR__ . '/inc/zeichen.php';
|
||||||
|
|
||||||
|
if (empty($filename = trim($_GET['fnam'], " ,./"))) {
|
||||||
|
echo "Error: Invalid file name";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
$csv_datei = __DIR__ . '/csv/' . $filename;
|
||||||
|
if (!file_exists($csv_datei)) {
|
||||||
|
echo "Error: The CSV file does not exist.";
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (is_dir(__DIR__ . "/xml")) rrmdir(__DIR__ . '/xml');
|
||||||
|
mkdir(__DIR__ . "/xml", 0755);
|
||||||
|
|
||||||
|
$fp = fopen ($csv_datei, 'r');
|
||||||
$y = 0;
|
$y = 0;
|
||||||
while ( $zeile = fgetcsv ( $fp, 100000, ';' ) )
|
while ($zeile = fgetcsv($fp, 100000, ';')) {
|
||||||
{
|
|
||||||
$y++;
|
$y++;
|
||||||
//echo '<b>Zeile='.$y.' Anzahl in Zeile: '.count ( $zeile ).'</b><br>';
|
|
||||||
$zieldatei = 'xml/' . $y . '.xml';
|
$zieldatei = 'xml/' . $y . '.xml';
|
||||||
if (!$handle = fopen($zieldatei, 'w')) {
|
if (!$handle = fopen($zieldatei, 'w')) {
|
||||||
echo "Cannot open file ($zieldatei)";exit;
|
echo "Cannot open file ($zieldatei)";exit;
|
||||||
}
|
}
|
||||||
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
|
$somecontent = '<?xml version="1.0" encoding="UTF-8"?>' . "\n"; // für Ungarn ///////////////////////////////////
|
||||||
/*$somecontent='<?xml version="1.0" encoding="ISO-8859-1"?>'."\n"; // normal */
|
/*$somecontent='<?xml version="1.0" encoding="ISO-8859-1"?>'."\n"; // normal */
|
||||||
$somecontent = $somecontent . '<record>' . "\n";
|
$somecontent .= '<record>' . "\n";
|
||||||
|
|
||||||
for ($x = 0; $x < count ( $zeile ); $x++)
|
$lineCount = count($zeile);
|
||||||
{
|
|
||||||
|
for ($x = 0; $x < $lineCount; $x++) {
|
||||||
$inhalt[$y][$x] = $zeile[$x];
|
$inhalt[$y][$x] = $zeile[$x];
|
||||||
//echo '<b>'.$inhalt[1][$x].'</b> --> '.$zeile[$x].'<br>';
|
|
||||||
if ($inhalt[$y][$x] == '') $inhalt[$y][$x] = 'ERSATZ';
|
if ($inhalt[$y][$x] == '') $inhalt[$y][$x] = 'ERSATZ';
|
||||||
//$somecontent=$somecontent.'<'.tagify(transform($inhalt[1][$x])).'>'.utf8_decode(transform($inhalt[$y][$x])).'</'.tagify(transform($inhalt[1][$x])).'>'."\n"; // für utf8
|
|
||||||
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg //////////////////////////////////////////////////////////////
|
$somecontent = $somecontent . '<' . tagify(transform($inhalt[1][$x])) . '>' . (($inhalt[$y][$x])) . '</' . tagify(transform($inhalt[1][$x])) . '>' . "\n"; //für ungarn sonst weg //////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
//$somecontent=$somecontent.'<'.tagify(transform($inhalt[1][$x])).'>'.transform($inhalt[$y][$x]).'</'.tagify(transform($inhalt[1][$x])).'>'."\n"; //normaleinstellung
|
|
||||||
}
|
}
|
||||||
$somecontent = $somecontent . '</record>';
|
|
||||||
|
$somecontent .= '</record>';
|
||||||
//if ($y>1)
|
//if ($y>1)
|
||||||
//{
|
//{
|
||||||
if (fwrite($handle, $somecontent) === FALSE) {
|
if (fwrite($handle, $somecontent) === FALSE) {
|
||||||
|
@ -54,9 +72,12 @@ while ( $zeile = fgetcsv ( $fp, 100000, ';' ) )
|
||||||
}
|
}
|
||||||
fclose($fp);
|
fclose($fp);
|
||||||
|
|
||||||
echo ($y - 1) . ' files created';
|
|
||||||
echo '<br><a href="zipit.php"><img src="img/go.gif"> Download as zip</a>';
|
echo printHTMLHead();
|
||||||
echo '</td>';
|
|
||||||
echo '</tr>';
|
echo '
|
||||||
echo '</table>';
|
<div>
|
||||||
echo '</div>';
|
' . ($y - 1) . ' files created<br />
|
||||||
|
<hr/>
|
||||||
|
<a href="zipit.php" class="buttonLike">Download as ZIP</a>
|
||||||
|
</div>';
|
||||||
|
|
|
@ -23,10 +23,9 @@ echo printHTMLHead();
|
||||||
echo "
|
echo "
|
||||||
<div>
|
<div>
|
||||||
<p>The file has been uploaded: <b>" . basename( $_FILES['uploaded']['name']) . "</b>.</p>
|
<p>The file has been uploaded: <b>" . basename( $_FILES['uploaded']['name']) . "</b>.</p>
|
||||||
<hr>
|
<hr />
|
||||||
<h3>How to proceed?</h3>
|
<h3>How to proceed?</h3>
|
||||||
<ul class='actionList'>
|
<ul class='actionList'>
|
||||||
<li><a href='index2.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (iso8859)</a></li>
|
|
||||||
<li><a href='index4.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (utf-8)</a></li>
|
<li><a href='index4.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Create XML (utf-8)</a></li>
|
||||||
<li><a href='index3.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Check validity for museum-digital import</a></li>
|
<li><a href='index3.php?fnam=" . basename( $_FILES['uploaded']['name']) . "'>Check validity for museum-digital import</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user