github/svgedit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

server_opensave-related changes: 1) Be more lenient in filename possibilities for server_opensave (supporting Unicode except characters disallowed in Windows file names); 2) XHTML escape filename and SVG content when put into HTML hidden input element as opposed to unnecessary URL-encoding; 3) fix base64 encoding (with update to dependent utf8-encoding function)--old base64 code caused SVG to break with surrogate pairs (e.g., in title); 4) provide default UTF-8 encoding in XML declaration and add this XML declaration to the download attribute as well

Browse Source 
git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2662 eee81c28-f429-11dd-99c0-75d572ba1ddd
This commit is contained in:
Brett Zamir
2014-02-01 16:13:51 +00:00
parent 496ee1e875
commit 21c946fd99
4 changed files with 101 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
editor/extensions/filesave.php
View File

@@ -9,6 +9,15 @@
*
*/
function encodeRFC5987ValueChars ($str) {
// See http://tools.ietf.org/html/rfc5987#section-3.2.1
// For better readability within headers, add back the characters escaped by rawurlencode but still allowable
// Although RFC3986 reserves "!" (%21), RFC5987 does not
return preg_replace_callback('@%(2[1346B]|5E|60|7C)@', function ($matches) {
return chr('0x' . $matches[1]);
}, rawurlencode($str));
}
require('allowedMimeTypes.php');
$mime = !isset($_POST['mime']) || !in_array($_POST['mime'], $allowedMimeTypesBySuffix) ? 'image/svg+xml' : $_POST['mime'];
@@ -28,19 +37,24 @@ if (isset($_POST['filename']) && strlen($_POST['filename']) > 0) {
}
if ($suffix == '.svg') {
$contents = rawurldecode($_POST['output_svg']);
$contents = $_POST['output_svg'];
} else {
$contents = $_POST['output_img'];
$pos = (strpos($contents, 'base64,') + 7);
$contents = base64_decode(substr($contents, $pos));
}
header("Cache-Control: public");
header("Content-Description: File Transfer");
header("Content-Disposition: attachment; filename=" . $file);
header("Content-Type: " . $mime);
header("Content-Transfer-Encoding: binary");
echo $contents;
header("Cache-Control: public");
header("Content-Description: File Transfer");
// See http://tools.ietf.org/html/rfc6266#section-4.1
header("Content-Disposition: attachment; filename*=UTF-8''" . encodeRFC5987ValueChars(
// preg_replace('@[\\\\/:*?"<>|]@', '', $file) // If we wanted to strip Windows-disallowed characters server-side (but not a security issue, so we can strip client-side instead)
$file
));
header("Content-Type: " . $mime . 'charset=utf-8');
header("Content-Transfer-Encoding: binary");
echo $contents;
?>