From: <var...@us...> - 2014-10-06 08:49:35
|
Revision: 9188 http://sourceforge.net/p/phpwiki/code/9188 Author: vargenau Date: 2014-10-06 08:49:28 +0000 (Mon, 06 Oct 2014) Log Message: ----------- Remove commented code Modified Paths: -------------- trunk/lib/plugin/Ploticus.php Modified: trunk/lib/plugin/Ploticus.php =================================================================== --- trunk/lib/plugin/Ploticus.php 2014-10-03 16:06:26 UTC (rev 9187) +++ trunk/lib/plugin/Ploticus.php 2014-10-06 08:49:28 UTC (rev 9188) @@ -204,8 +204,6 @@ function getImage($dbi, $argarray, $request) { - //extract($this->getArgs($argstr, $request)); - //extract($argarray); $source =& $this->source; if (!empty($source)) { if ($this->withShellCommand($source)) { @@ -253,8 +251,6 @@ $code = $this->filterThroughCmd($source, PLOTICUS_EXE . " -stdin $args"); sleep(1); } - //if (empty($code)) - // return $this->error(fmt("Couldn't start commandline “%s”", $commandLine)); if (!file_exists($tempfile . ".$gif")) { $this->_errortext .= sprintf(_("%s error: outputfile “%s” not created"), "Ploticus", "$tempfile.$gif"); @@ -278,7 +274,7 @@ } return "$tempfile.$gif"; } else { - return $this->error(fmt("empty source")); + return $this->error(_("empty source")); } } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <var...@us...> - 2014-10-06 08:55:38
|
Revision: 9189 http://sourceforge.net/p/phpwiki/code/9189 Author: vargenau Date: 2014-10-06 08:55:30 +0000 (Mon, 06 Oct 2014) Log Message: ----------- Invert test Modified Paths: -------------- trunk/lib/plugin/Ploticus.php Modified: trunk/lib/plugin/Ploticus.php =================================================================== --- trunk/lib/plugin/Ploticus.php 2014-10-06 08:49:28 UTC (rev 9188) +++ trunk/lib/plugin/Ploticus.php 2014-10-06 08:55:30 UTC (rev 9189) @@ -205,77 +205,76 @@ function getImage($dbi, $argarray, $request) { $source =& $this->source; - if (!empty($source)) { - if ($this->withShellCommand($source)) { - $this->_errortext .= _("shell commands not allowed in Ploticus"); - return false; - } - if (is_array($argarray['data'])) { // support <!plugin-list !> pagelists - $src = "#proc getdata\ndata:"; - $i = 0; - foreach ($argarray['data'] as $data) { - // hash or array? - if (is_array($data)) - $src .= ("\t" . join(" ", $data) . "\n"); - else - $src .= ("\t" . '"' . $data . '" ' . $i++ . "\n"); - } - $src .= $source; - $source = $src; - } - $tempfile = $this->tempnam('Ploticus', 'plo'); - @unlink($tempfile); - $gif = $argarray['device']; - $args = "-$gif -o $tempfile.$gif"; - if (!empty($argarray['-csmap'])) { - $args .= " -csmap -mapfile $tempfile.map"; - $this->_mapfile = "$tempfile.map"; - } - if (!empty($argarray['-prefab'])) { - //check $_ENV['PLOTICUS_PREFABS'] and default directory - global $HTTP_ENV_VARS; - if (empty($HTTP_ENV_VARS['PLOTICUS_PREFABS'])) { - if (file_exists("/usr/share/ploticus")) - $HTTP_ENV_VARS['PLOTICUS_PREFABS'] = "/usr/share/ploticus"; - elseif (defined('PLOTICUS_PREFABS')) - $HTTP_ENV_VARS['PLOTICUS_PREFABS'] = constant('PLOTICUS_PREFABS'); - } - $args .= (" -prefab " . $argarray['-prefab']); - } - if (isWindows()) { - $fp = fopen("$tempfile.plo", "w"); - fwrite($fp, $source); - fclose($fp); - $code = $this->execute(PLOTICUS_EXE . " $tempfile.plo $args", $tempfile . ".$gif"); - } else { - $code = $this->filterThroughCmd($source, PLOTICUS_EXE . " -stdin $args"); - sleep(1); - } - if (!file_exists($tempfile . ".$gif")) { - $this->_errortext .= sprintf(_("%s error: outputfile “%s” not created"), - "Ploticus", "$tempfile.$gif"); - if (isWindows()) - $this->_errortext .= ("\ncmd-line: " . PLOTICUS_EXE . " $tempfile.plo $args"); + if (empty($source)) { + return $this->error(_("empty source")); + } + if ($this->withShellCommand($source)) { + $this->_errortext .= _("shell commands not allowed in Ploticus"); + return false; + } + if (is_array($argarray['data'])) { // support <!plugin-list !> pagelists + $src = "#proc getdata\ndata:"; + $i = 0; + foreach ($argarray['data'] as $data) { + // hash or array? + if (is_array($data)) + $src .= ("\t" . join(" ", $data) . "\n"); else - $this->_errortext .= ("\ncmd-line: cat script | " . PLOTICUS_EXE . " $args"); - @unlink("$tempfile.pl"); - @unlink("$tempfile"); - return false; + $src .= ("\t" . '"' . $data . '" ' . $i++ . "\n"); } - $ImageCreateFromFunc = "ImageCreateFrom$gif"; - if (function_exists($ImageCreateFromFunc)) { - $handle = $ImageCreateFromFunc("$tempfile.$gif"); - if ($handle) { - @unlink("$tempfile.$gif"); - @unlink("$tempfile.plo"); - @unlink("$tempfile"); - return $handle; - } + $src .= $source; + $source = $src; + } + $tempfile = $this->tempnam('Ploticus', 'plo'); + @unlink($tempfile); + $gif = $argarray['device']; + $args = "-$gif -o $tempfile.$gif"; + if (!empty($argarray['-csmap'])) { + $args .= " -csmap -mapfile $tempfile.map"; + $this->_mapfile = "$tempfile.map"; + } + if (!empty($argarray['-prefab'])) { + //check $_ENV['PLOTICUS_PREFABS'] and default directory + global $HTTP_ENV_VARS; + if (empty($HTTP_ENV_VARS['PLOTICUS_PREFABS'])) { + if (file_exists("/usr/share/ploticus")) + $HTTP_ENV_VARS['PLOTICUS_PREFABS'] = "/usr/share/ploticus"; + elseif (defined('PLOTICUS_PREFABS')) + $HTTP_ENV_VARS['PLOTICUS_PREFABS'] = constant('PLOTICUS_PREFABS'); } - return "$tempfile.$gif"; + $args .= (" -prefab " . $argarray['-prefab']); + } + if (isWindows()) { + $fp = fopen("$tempfile.plo", "w"); + fwrite($fp, $source); + fclose($fp); + $code = $this->execute(PLOTICUS_EXE . " $tempfile.plo $args", $tempfile . ".$gif"); } else { - return $this->error(_("empty source")); + $code = $this->filterThroughCmd($source, PLOTICUS_EXE . " -stdin $args"); + sleep(1); } + if (!file_exists($tempfile . ".$gif")) { + $this->_errortext .= sprintf(_("%s error: outputfile “%s” not created"), + "Ploticus", "$tempfile.$gif"); + if (isWindows()) + $this->_errortext .= ("\ncmd-line: " . PLOTICUS_EXE . " $tempfile.plo $args"); + else + $this->_errortext .= ("\ncmd-line: cat script | " . PLOTICUS_EXE . " $args"); + @unlink("$tempfile.pl"); + @unlink("$tempfile"); + return false; + } + $ImageCreateFromFunc = "ImageCreateFrom$gif"; + if (function_exists($ImageCreateFromFunc)) { + $handle = $ImageCreateFromFunc("$tempfile.$gif"); + if ($handle) { + @unlink("$tempfile.$gif"); + @unlink("$tempfile.plo"); + @unlink("$tempfile"); + return $handle; + } + } + return "$tempfile.$gif"; } // which argument must be set to 'png', for the fallback image when svg will fail on the client. This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <var...@us...> - 2014-10-07 13:23:17
|
Revision: 9213 http://sourceforge.net/p/phpwiki/code/9213 Author: vargenau Date: 2014-10-07 13:23:09 +0000 (Tue, 07 Oct 2014) Log Message: ----------- Fix CVE-2014-5519 Modified Paths: -------------- trunk/lib/plugin/Ploticus.php Modified: trunk/lib/plugin/Ploticus.php =================================================================== --- trunk/lib/plugin/Ploticus.php 2014-10-07 12:16:54 UTC (rev 9212) +++ trunk/lib/plugin/Ploticus.php 2014-10-07 13:23:09 UTC (rev 9213) @@ -209,9 +209,16 @@ protected function getImage($dbi, $argarray, $request) { + // Check device + $device = strtolower($argarray['device']); + if (!in_array($device, array('gif', 'png', 'jpeg', 'svg', 'svgz', 'eps', 'swf', 'ps', 'pdf', 'html'))) { + $this->_errortext = _("wrong device"); + return false; + } $source =& $this->source; if (empty($source)) { - return $this->error(_("empty source")); + $this->_errortext = _("empty source"); + return false; } if ($this->withShellCommand($source)) { $this->_errortext .= _("shell commands not allowed in Ploticus"); @@ -232,8 +239,7 @@ } $tempfile = $this->tempnam('Ploticus', 'plo'); @unlink($tempfile); - $gif = $argarray['device']; - $args = "-$gif -o $tempfile.$gif"; + $args = "-$device -o $tempfile.$device"; if (!empty($argarray['-csmap'])) { $args .= " -csmap -mapfile $tempfile.map"; $this->_mapfile = "$tempfile.map"; @@ -253,14 +259,14 @@ $fp = fopen("$tempfile.plo", "w"); fwrite($fp, $source); fclose($fp); - $code = $this->execute(PLOTICUS_EXE . " $tempfile.plo $args", $tempfile . ".$gif"); + $code = $this->execute(PLOTICUS_EXE . " $tempfile.plo $args", $tempfile . ".$device"); } else { $code = $this->filterThroughCmd($source, PLOTICUS_EXE . " -stdin $args"); sleep(1); } - if (!file_exists($tempfile . ".$gif")) { + if (!file_exists($tempfile . ".$device")) { $this->_errortext .= sprintf(_("%s error: outputfile “%s” not created"), - "Ploticus", "$tempfile.$gif"); + "Ploticus", "$tempfile.$device"); if (isWindows()) $this->_errortext .= ("\ncmd-line: " . PLOTICUS_EXE . " $tempfile.plo $args"); else @@ -269,17 +275,17 @@ @unlink("$tempfile"); return false; } - $ImageCreateFromFunc = "ImageCreateFrom$gif"; + $ImageCreateFromFunc = "ImageCreateFrom$device"; if (function_exists($ImageCreateFromFunc)) { - $handle = $ImageCreateFromFunc("$tempfile.$gif"); + $handle = $ImageCreateFromFunc("$tempfile.$device"); if ($handle) { - @unlink("$tempfile.$gif"); + @unlink("$tempfile.$device"); @unlink("$tempfile.plo"); @unlink("$tempfile"); return $handle; } } - return "$tempfile.$gif"; + return "$tempfile.$device"; } /** This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <var...@us...> - 2014-11-09 17:36:51
|
Revision: 9292 http://sourceforge.net/p/phpwiki/code/9292 Author: vargenau Date: 2014-11-09 17:36:49 +0000 (Sun, 09 Nov 2014) Log Message: ----------- filterThroughCmd is void Modified Paths: -------------- trunk/lib/plugin/Ploticus.php Modified: trunk/lib/plugin/Ploticus.php =================================================================== --- trunk/lib/plugin/Ploticus.php 2014-11-09 17:24:37 UTC (rev 9291) +++ trunk/lib/plugin/Ploticus.php 2014-11-09 17:36:49 UTC (rev 9292) @@ -31,7 +31,7 @@ * * Note: * - For windows you need either a gd library with GIF support or - * a ploticus with PNG support. This comes e.g. with the cygwin build. + * a Ploticus with PNG support. This comes e.g. with the Cygwin build. * - We support only images supported by GD so far (PNG most likely). * No EPS, PS, SWF, SVG or SVGZ support yet, due to limitations in WikiPluginCached. * This will be fixed soon. @@ -60,6 +60,11 @@ class WikiPlugin_Ploticus extends WikiPluginCached { + public $_args; + public $source; + public $_mapfile; + public $_errortext; + /** * Sets plugin type to MAP if -csmap (-map or -mapdemo or -csmapdemo not supported) * or HTML if the imagetype is not supported by GD (EPS, SVG, SVGZ) (not yet) @@ -259,9 +264,9 @@ $fp = fopen("$tempfile.plo", "w"); fwrite($fp, $source); fclose($fp); - $code = $this->execute(PLOTICUS_EXE . " $tempfile.plo $args", $tempfile . ".$device"); + $this->execute(PLOTICUS_EXE . " $tempfile.plo $args", $tempfile . ".$device"); } else { - $code = $this->filterThroughCmd($source, PLOTICUS_EXE . " -stdin $args"); + $this->filterThroughCmd($source, PLOTICUS_EXE . " -stdin $args"); sleep(1); } if (!file_exists($tempfile . ".$device")) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <var...@us...> - 2021-06-17 16:08:09
|
Revision: 10297 http://sourceforge.net/p/phpwiki/code/10297 Author: vargenau Date: 2021-06-17 16:08:11 +0000 (Thu, 17 Jun 2021) Log Message: ----------- tempnam has only one parameter Modified Paths: -------------- trunk/lib/plugin/Ploticus.php Modified: trunk/lib/plugin/Ploticus.php =================================================================== --- trunk/lib/plugin/Ploticus.php 2021-06-17 16:04:14 UTC (rev 10296) +++ trunk/lib/plugin/Ploticus.php 2021-06-17 16:08:11 UTC (rev 10297) @@ -242,7 +242,7 @@ $src .= $source; $source = $src; } - $tempfile = $this->tempnam('Ploticus', 'plo'); + $tempfile = $this->tempnam('Ploticus'); @unlink($tempfile); $args = "-$device -o $tempfile.$device"; if (!empty($argarray['-csmap'])) { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |