Delete old insecure server-save PHP in favor of a new php-savefile extension which requires addition by user of a configuration page "savefile_config.php" in order to work (and where the user should do their own validation). Add this config file and "saved.svg" (the default name when no filename is supplied) to SVN ignore list.

git-svn-id: http://svg-edit.googlecode.com/svn/trunk@2658 eee81c28-f429-11dd-99c0-75d572ba1ddd
2014-01-31 12:58:16 +00:00
parent 515de36d65
commit 7fc5c51d66
5 changed files with 41 additions and 20 deletions
--- a/extras/server-save/README.txt
+++ b/extras/server-save/README.txt
@@ -1,8 +0,0 @@
-Usage:
-
-1) copy file svg-editor-save.php into the directory
-
-2) edit the end of the svgcanvas.js and change this.saveHandler method
-   into the method described in svg-editor-save.js
-
-3) now the drawings will be saved into the file named saved.svg
--- a/extras/server-save/svg-editor-save.js
+++ b/extras/server-save/svg-editor-save.js
@@ -1,4 +0,0 @@
-/*globals $*/
-this.saveHandler = function(svg) {'use strict';
-	$.post("svg-editor-save.php", {svg_data: svg});
-};
--- a/extras/server-save/svg-editor-save.php
+++ b/extras/server-save/svg-editor-save.php
@@ -1,8 +0,0 @@
-<?php
-	$svg = $_REQUEST['svg_data'];
-	$svg_data = urldecode($svg);
-	$file = 'saved.svg';
-	$fh = fopen($file, 'w') or die("Can't open file");
-	fwrite($fh, $svg_data);
-	fclose($fh);
-?>