Browse files

better cleaning of imageurl SC#54

  • Loading branch information...
1 parent 63a2da0 commit d8a09929efd41e7617ced65cc9392f6185dc05f3 skodak committed Jan 29, 2005
Showing with 21 additions and 37 deletions.
  1. +21 −37 lib/editor/popups/preview.php
View
58 lib/editor/popups/preview.php
@@ -1,12 +1,11 @@
<?php // $Id$ preview for insert image dialog
-
- include("../../../config.php");
- require("../../../files/mimetypes.php");
-
+
+ include('../../../config.php');
+
$id = required_param('id', PARAM_INT);
- $imageurl = required_param('imageurl', PARAM_URL);
+ $imageurl = required_param('imageurl', PARAM_RAW);
- if (! $course = get_record("course", "id", $id) ) {
+ if (! $course = get_record('course', 'id', $id) ) {
error("That's an invalid course id");
}
@@ -16,36 +15,21 @@
error("Only teachers can use this functionality");
}
- $imageurl = rawurldecode($imageurl); /// Full URL starts with $CFG->wwwroot/file.php
- $imagepath = str_replace("$CFG->wwwroot/file.php", '', $imageurl);
- $imagepath = str_replace("?file=", '', $imagepath); // if we're using second option of file path.
+ $imagetag = clean_text('<img src="'.htmlSpecialChars(stripslashes_safe($imageurl)).'" alt="" />');
- $size = null;
- if ($imagepath != $imageurl) { /// This is an internal image
- $size = getimagesize($CFG->dataroot.$imagepath);
- }
-
- $width = $size[0];
- $height = $size[1];
- settype($width, "integer");
- settype($height, "integer");
-
- if ($height >= 200) {
- $division = ($height / 190);
- $width = round($width / $division);
- $height = 190;
- }
- echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n";
- echo "\t\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
- echo "<html>\n";
- echo "<head>\n";
- echo "<title>Preview</title>\n";
- echo "<style type=\"text/css\">\n";
- echo " body { margin: 2px; }\n";
- echo "</style>\n";
- echo "</head>\n";
- echo "<body bgcolor=\"#ffffff\">\n";
- print "<img src=\"$imageurl\" width=\"$width\" height=\"$height\" alt=\"\">";
- echo "</body>\n</html>\n";
-
?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<title>Preview</title>
+<style type="text/css">
+ body { margin: 2px; }
+</style>
+</head>
+<body bgcolor="#ffffff">
+
+<? echo $imagetag ?>
+
+</body>
+</html>

0 comments on commit d8a0992

Please sign in to comment.