24eme/signaturepdf
24eme/signaturepdf
1
0
Fork 0
mirror of https://github.com/24eme/signaturepdf.git synced 2023-08-25 09:33:08 +02:00
Code Issues Releases Wiki Activity

Protect 'hash' get parameter

Browse Source
This commit is contained in:
Vincent LAURENT 2022-04-02 01:32:16 +02:00
parent 0e891e1307
commit 4a261db73e
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
app.php
View File

@ -34,11 +34,15 @@ $f3->route('GET /signature',
);
$f3->route('GET /signature/@hash',
function($f3, $param) {
$f3->set('hash', $param['hash']);
function($f3) {
$f3->set('hash', Web::instance()->slug($f3->get('PARAMS.hash')));
$f3->set('maxSize', min(array(convertPHPSizeToBytes(ini_get('post_max_size')), convertPHPSizeToBytes(ini_get('upload_max_filesize')))));
$f3->set('maxPage', ini_get('max_file_uploads') - 1);
if(!is_dir($f3->get('PDF_STORAGE_PATH').$f3->get('hash'))) {
$f3->error(404);
}
echo View::instance()->render('signature.html.php');
}
);
@ -188,7 +192,8 @@ $f3->route('POST /share',
$f3->route('GET /signature/@hash/pdf',
function($f3) {
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$f3->get('PARAMS.hash');
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash;
$files = scandir($sharingFolder);
$originalFile = $sharingFolder.'/original.pdf';
$finalFile = $sharingFolder.'/'.$f3->get('PARAMS.hash').'.pdf';
@ -217,13 +222,13 @@ $f3->route('GET /signature/@hash/pdf',
$f3->route('POST /signature/@hash/save',
function($f3) {
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$f3->get('PARAMS.hash').'/';
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
$sharingFolder = $f3->get('PDF_STORAGE_PATH').$hash.'/';
$f3->set('UPLOADS', $sharingFolder);
$tmpfile = tempnam($sharingFolder, date('YmdHis'));
unlink($tmpfile);
$svgFiles = "";
$files = Web::instance()->receive(function($file,$formFieldName){
if($formFieldName == "svg" && strpos(Web::instance()->mime($file['tmp_name'], true), 'image/svg+xml') !== 0) {
$f3->error(403);
@ -252,7 +257,8 @@ $f3->route('POST /signature/@hash/save',
$f3->route('GET /signature/@hash/nblayers',
function($f3) {
$files = scandir($f3->get('PDF_STORAGE_PATH').$f3->get('PARAMS.hash'));
$hash = Web::instance()->slug($f3->get('PARAMS.hash'));
$files = scandir($f3->get('PDF_STORAGE_PATH').$hash);
$nbLayers = 0;
foreach($files as $file) {
if(strpos($file, 'svg.pdf') !== false) {