0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-22 16:31:53 +00:00

Bug with tempnam("/tmp", "");

Some hostings have a different temporary path than "/tmp".
This commit is contained in:
Chimpzee 2016-01-11 15:43:41 +01:00 committed by Edward Z. Yang
parent 7e49ff3dcd
commit 6e00b443cd
2 changed files with 6 additions and 1 deletions

1
NEWS
View File

@ -19,6 +19,7 @@ NEWS ( CHANGELOG and HISTORY ) HTMLPurifier
- Non all-numeric top-level names (e.g., foo.1f, 1f) are now - Non all-numeric top-level names (e.g., foo.1f, 1f) are now
allowed. allowed.
- Minor bounds error fix to squash a PHP 7 notice. - Minor bounds error fix to squash a PHP 7 notice.
- Support non-/tmp temporary directories for data:// validation
4.7.0, released 2015-08-04 4.7.0, released 2015-08-04
# opacity is now considered a "tricky" CSS property rather than a # opacity is now considered a "tricky" CSS property rather than a

View File

@ -81,7 +81,11 @@ class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
} }
// XXX probably want to refactor this into a general mechanism // XXX probably want to refactor this into a general mechanism
// for filtering arbitrary content types // for filtering arbitrary content types
if (function_exists('sys_get_temp_dir')) {
$file = tempnam(sys_get_temp_dir(), "");
} else {
$file = tempnam("/tmp", ""); $file = tempnam("/tmp", "");
}
file_put_contents($file, $raw_data); file_put_contents($file, $raw_data);
if (function_exists('exif_imagetype')) { if (function_exists('exif_imagetype')) {
$image_code = exif_imagetype($file); $image_code = exif_imagetype($file);