Skip to content
Permalink
Browse files

Sanitize filename on SHP import

Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information...
nijel committed Jul 22, 2016
1 parent 6f8eb09 commit 378c3820bf1a3c184640cd8bbe95a3b1f30ff747
@@ -119,19 +119,23 @@ public function doImport()
// Extract the .dbf file and point to it.
$extracted = PMA_zipExtract(
$import_file,
realpath($GLOBALS['cfg']['TempDir']),
array($dbf_file_name)
$dbf_file_name
);
if ($extracted) {
if ($extracted !== false) {
$dbf_file_path = realpath($GLOBALS['cfg']['TempDir'])
. (PMA_IS_WINDOWS ? '\\' : '/') . $dbf_file_name;
$temp_dbf_file = true;
// Replace the .dbf with .*, as required
// by the bsShapeFiles library.
$file_name = substr(
$dbf_file_path, 0, strlen($dbf_file_path) - 4
) . '.*';
$shp->FileName = $file_name;
. (PMA_IS_WINDOWS ? '\\' : '/') . PMA_sanitizeFilename($dbf_file_name, true);
$handle = fopen($dbf_file_path, 'wb');
if ($handle !== false) {
fwrite($handle, $extracted);
fclose($handle);
$temp_dbf_file = true;
// Replace the .dbf with .*, as required
// by the bsShapeFiles library.
$file_name = substr(
$dbf_file_path, 0, strlen($dbf_file_path) - 4
) . '.*';
$shp->FileName = $file_name;
}
}
}
} elseif (! empty($local_import_file)
@@ -137,19 +137,18 @@ function PMA_getNoOfFilesInZip($file)
/**
* Extracts a set of files from the given zip archive to a given destinations.
*
* @param string $zip_path path to the zip archive
* @param string $destination destination to extract files
* @param array $entries files in archive that should be extracted
* @param string $zip_path path to the zip archive
* @param string $entry file in the archive that should be extracted
*
* @return bool true on sucess, false otherwise
* @return string|bool data on sucess, false otherwise
*/
function PMA_zipExtract($zip_path, $destination, $entries)
function PMA_zipExtract($zip_path, $entry)
{
$zip = new ZipArchive;
if ($zip->open($zip_path) === true) {
$zip->extractTo($destination, $entries);
$result = $zip->getFromName($entry);
$zip->close();
return true;
return $result;
}
return false;
}
@@ -114,10 +114,16 @@ public function testGetNoOfFilesInZip()
public function testZipExtract()
{
$this->assertEquals(
false,
PMA_zipExtract(
'./test/test_data/test.zip', './test/test_data/', 'wrongName'
),
true
'./test/test_data/test.zip', 'wrongName'
)
);
$this->assertEquals(
"TEST FILE\n",
PMA_zipExtract(
'./test/test_data/test.zip', 'test.file'
)
);
}

0 comments on commit 378c382

Please sign in to comment.
You can’t perform that action at this time.