Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
Report any technical problems you discover and discuss solutions.
  • Page:
  • 1

TOPIC:

v3: XML validation for saved and uploaded files 9 years 3 months ago #3071

  • jayaich
  • jayaich's Avatar Topic Author
  • Offline
  • Premium Member
  • Premium Member
  • Posts: 82
  • Thank you received: 5
Hello,

Below is a patch to invoke the XML validator when an XML file is saved (from the XOT browser) or uploaded. It does not verify XML files uploaded in a zip file (i.e. as part of a project). Since it seems that XML files can have slightly different MIME types, we only ensure that the last part is '/xml'.

The patch includes a change from an earlier patch which invokes the antivirus/file extension/mime type checks for uploaded files. That is, this patch includes all the changes I have applied to the original v3.0 source file.
--- editor/elfinder/php/elFinder.class.php.orig 2015-07-29 23:17:23.000000000 +0100
+++ editor/elfinder/php/elFinder.class.php      2015-08-24 14:17:44.921577883 +0100
@@ -9,6 +9,9 @@
  * @author Troex Nevelin
  * @author Alexey Sukhotin
  **/
+
+require_once("../../../plugins.php");
+
 class elFinder {
 
        /**
@@ -929,6 +932,18 @@
                        }
 
                        $tmpname = $files['tmp_name'][$i];
+
+                       if (!apply_filters('editor_upload_file', array('name' => array($name), 'tmp_name' => array($tmpname)))) {
+                               $result['warning'] = $this->error(self::ERROR_UPLOAD_FILE, $name, self::ERROR_UPLOAD_TRANSFER, 'Virus checks');
+                               $this->uploadDebug = 'Upload error: file failed virus checks';
+                               break;
+                       }
+
+                       if (substr($files['type'][$i], -4) === '/xml' && !apply_filters('editor_save_data', file_get_contents($tmpname))) {
+                               $result['warning'] = $this->error(self::ERROR_UPLOAD_FILE, $name, self::ERROR_UPLOAD_TRANSFER, 'XML checks');
+                               $this->uploadDebug = 'Upload error: file failed XML checks';
+                               break;
+                       }
 
                        if (($fp = fopen($tmpname, 'rb')) == false) {
                                $result['warning'] = $this->error(self::ERROR_UPLOAD_FILE, $name, self::ERROR_UPLOAD_TRANSFER);
@@ -1025,6 +1040,10 @@
                        return array('error' => $this->error(self::ERROR_SAVE, '#'.$target, self::ERROR_FILE_NOT_FOUND));
                }
 
+               if(substr($file['mime'], -4) === '/xml' && !apply_filters('editor_save_data', $args['content'])) {
+                       return array('error' => $this->error(self::ERROR_SAVE, $volume->path($target), $volume->error(), "File failed XML check"));
+               }
+
                if (($file = $volume->putContents($target, $args['content'])) == false) {
                        return array('error' => $this->error(self::ERROR_SAVE, $volume->path($target), $volume->error()));
                }



John.

Please Inloggen or Create an account to join the conversation.

v3: XML validation for saved and uploaded files 8 years 11 months ago #3377

  • tom
  • tom's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 1286
  • Thank you received: 324
Just for your infomation, I've not (yet) put this in 3.1

Please Inloggen or Create an account to join the conversation.

v3: XML validation for saved and uploaded files 8 years 11 months ago #3379

  • jayaich
  • jayaich's Avatar Topic Author
  • Offline
  • Premium Member
  • Premium Member
  • Posts: 82
  • Thank you received: 5
No problem. I saw the recent announcement of the 3.1 release. We will take a look at 3.1 in the New Year.


Happy Christmas to you all,

John.

Please Inloggen or Create an account to join the conversation.

  • Page:
  • 1
Moderators: ronmjultenJohnSmith
Time to create page: 0.045 seconds
Copyright © 2024 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search